[Buildroot] [Bug 13181] New: libopenssl package enables Cryptodev engine even if BR2_PACKAGE_LIBOPENSSL_ENGINES is disabled
bugzilla at busybox.net
bugzilla at busybox.net
Mon Sep 7 13:30:33 UTC 2020
https://bugs.busybox.net/show_bug.cgi?id=13181
Bug ID: 13181
Summary: libopenssl package enables Cryptodev engine even if
BR2_PACKAGE_LIBOPENSSL_ENGINES is disabled
Product: buildroot
Version: 2020.02
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at buildroot.uclibc.org
Reporter: bradley.gamble at ncipher.com
CC: buildroot at uclibc.org
Target Milestone: ---
OpenSSL builds a number of seperate engines that provide cryptographic API and
hardware offload support. This is currently configured from Buildroot via the
BR2_PACKAGE_LIBOPENSSL_ENGINES option.
Previously disabling this option would remove these engines from the completed
filesystem, disabling their use. However, recent versions of OpenSSL build the
devcrypto engine in to libcrypto as default, rather than as a dynamic library.
This can lead to Cryptodev being used even if it was not intended.
The libopenssl.mk file currently checks if BR2_PACKAGE_HAS_CRYPTODEV is set and
will enable the Cryptodev engine via the "enable-devcryptoeng" configure flag
if true. This is a manual override as all the other engines can be specified in
a similar manner (ie enable-afalgeng) but Buildroot seems to imply that
enabling the Cryptodev Package should also force OpenSSL to use it (which is
incorrect).
OpenSSL's Cryptodev engine should either be overridden by the additional
engines option (disabling it if BR2_PACKAGE_LIBOPENSSL_ENGINES is not set) or
should be a manual override due to it's ability to be built statically in to
libcrypto.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the buildroot
mailing list