aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl/Config.in
diff options
context:
space:
mode:
Diffstat (limited to 'package/libs/openssl/Config.in')
-rw-r--r--package/libs/openssl/Config.in65
1 files changed, 61 insertions, 4 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index fe73229915..53b91ddb94 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -53,7 +53,9 @@ config OPENSSL_WITH_DEPRECATED
default y
prompt "Include deprecated APIs (See help for a list of packages that need this)"
help
- Squid currently requires this.
+ Since openssl 1.1.x is still new to openwrt, some packages
+ requiring this option do not list it as a requirement yet:
+ * freeswitch-stable, freeswitch, python, python3, squid.
config OPENSSL_NO_DEPRECATED
bool
@@ -68,6 +70,21 @@ config OPENSSL_WITH_ERROR_MESSAGES
comment "Protocol Support"
+config OPENSSL_WITH_TLS13
+ bool
+ default y
+ prompt "Enable support for TLS 1.3"
+ select OPENSSL_WITH_EC
+ help
+ TLS 1.3 is the newest version of the TLS specification.
+ It aims:
+ * to increase the overall security of the protocol,
+ removing outdated algorithms, and encrypting more of the
+ protocol;
+ * to increase performance by reducing the number of round-trips
+ when performing a full handshake.
+ It increases package size by ~4KB.
+
config OPENSSL_WITH_DTLS
bool
prompt "Enable DTLS support"
@@ -120,6 +137,16 @@ config OPENSSL_WITH_EC2M
This option enables the more efficient, yet less common, binary
field elliptic curves.
+config OPENSSL_WITH_CHACHA_POLY1305
+ bool
+ default y
+ prompt "Enable ChaCha20-Poly1305 ciphersuite support"
+ help
+ ChaCha20-Poly1305 is an AEAD ciphersuite with 256-bit keys,
+ combining ChaCha stream cipher with Poly1305 MAC.
+ It is 3x faster than AES, when not using a CPU with AES-specific
+ instructions, as is the case of most embedded devices.
+
config OPENSSL_WITH_PSK
bool
default y
@@ -129,6 +156,12 @@ config OPENSSL_WITH_PSK
comment "Less commonly used build options"
+config OPENSSL_WITH_ARIA
+ bool
+ prompt "Enable ARIA support"
+ help
+ ARIA is a block cipher developed in South Korea, based on AES.
+
config OPENSSL_WITH_CAMELLIA
bool
prompt "Enable Camellia cipher support"
@@ -149,6 +182,23 @@ config OPENSSL_WITH_SEED
SEED is a block cipher with 128-bit keys broadly used in
South Korea, but seldom found elsewhere.
+config OPENSSL_WITH_SM234
+ bool
+ prompt "Enable SM2/3/4 algorithms support"
+ help
+ These algorithms are a set of "Commercial Cryptography"
+ algorithms approved for use in China.
+ * SM2 is an EC algorithm equivalent to ECDSA P-256
+ * SM3 is a hash function equivalent to SHA-256
+ * SM4 is a 128-block cipher equivalent to AES-128
+
+config OPENSSL_WITH_BLAKE2
+ bool
+ prompt "Enable BLAKE2 digest support"
+ help
+ BLAKE2 is a cryptographic hash function based on the ChaCha
+ stream cipher.
+
config OPENSSL_WITH_MDC2
bool
prompt "Enable MDC2 digest support"
@@ -199,10 +249,14 @@ config OPENSSL_ENGINE_CRYPTO
API modules) for /dev/crypto to show up and use hardware
acceleration; otherwise it falls back to software.
-config OPENSSL_ENGINE_DIGEST
+config OPENSSL_WITH_ASYNC
bool
- depends on OPENSSL_ENGINE_CRYPTO
- prompt "/dev/crypto digest (md5/sha1) acceleration support"
+ prompt "Enable asynchronous jobs support"
+ depends on OPENSSL_ENGINE && USE_GLIBC
+ help
+ Enables async-aware applications to be able to use OpenSSL to
+ initiate crypto operations asynchronously. In order to work
+ this will require the presence of an async capable engine.
config OPENSSL_WITH_GOST
bool
@@ -211,6 +265,9 @@ config OPENSSL_WITH_GOST
help
This option prepares the library to accept engine support
for Russian GOST crypto algorithms.
+ The gost engine is not included in standard openwrt feeds.
+ To build such engine yourself, see:
+ https://github.com/gost-engine/engine
endif