[Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL

public inbox for buildroot@busybox.net
 help / color / mirror / Atom feed

From: Ed Spiridonov <edo.rus@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL
Date: Tue, 12 May 2020 01:31:07 +0300	[thread overview]
Message-ID: <20200511223108.4184-1-edo.rus@gmail.com> (raw)

Since 2.4 version, OpenVPN can be built using mbeb TLS as it's
crypto backend, instead of OpenSSL.

About 2 Mb of uncompressed image size can be saved by replacing
OpenSSL with mbed TLS.

Signed-off-by: Ed Spiridonov <edo.rus@gmail.com>
---
 DEVELOPERS                 |  3 +++
 package/openvpn/Config.in  | 24 +++++++++++++++++++++++-
 package/openvpn/openvpn.mk | 17 +++++++++++++++--
 3 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/DEVELOPERS b/DEVELOPERS
index e427ab1..3437f31 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -719,6 +719,9 @@ F:	package/unscd/
 N:	Dushara Jayasinghe <nidujay@gmail.com>
 F:	package/prosody/
 
+N:	Ed Spiridonov <edo.rus@gmail.com>
+F:	package/openvpn/
+
 N:	Eloi Bail <eloi.bail@savoirfairelinux.com>
 F:	package/bayer2rgb-neon/
 F:	package/gstreamer1/gst1-plugins-bayer2rgb-neon/
diff --git a/package/openvpn/Config.in b/package/openvpn/Config.in
index 0a16755..254fe74 100644
--- a/package/openvpn/Config.in
+++ b/package/openvpn/Config.in
@@ -1,7 +1,6 @@
 config BR2_PACKAGE_OPENVPN
 	bool "openvpn"
 	depends on BR2_USE_MMU # fork()
-	select BR2_PACKAGE_OPENSSL
 	help
 	  OpenVPN is a full-featured SSL VPN solution which can
 	  accomodate a wide range of configurations, including road
@@ -14,6 +13,29 @@ config BR2_PACKAGE_OPENVPN
 
 if BR2_PACKAGE_OPENVPN
 
+choice
+	prompt "crypto backend"
+	default BR2_PACKAGE_OPENVPN_OPENSSL
+	help
+	  Select crypto backend (OpenSSL/LibreSSL or mbed TLS)
+
+config BR2_PACKAGE_OPENVPN_OPENSSL
+	bool "openssl"
+	select BR2_PACKAGE_OPENSSL
+	help
+	  OpenSSL/LibreSSL is a default crypto backend
+
+config BR2_PACKAGE_OPENVPN_MBEDTLS
+	bool "mbedtls"
+	select BR2_PACKAGE_MBEDTLS
+	help
+	  mbed TLS is a compact crypto backend
+
+	  https://community.openvpn.net/openvpn/wiki/Using-mbedtls
+
+endchoice
+
+
 config BR2_PACKAGE_OPENVPN_LZ4
 	bool "LZ4 compression"
 	default y
diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
index 4234675..20cebf0 100644
--- a/package/openvpn/openvpn.mk
+++ b/package/openvpn/openvpn.mk
@@ -7,18 +7,31 @@
 OPENVPN_VERSION = 2.4.9
 OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
 OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
-OPENVPN_DEPENDENCIES = host-pkgconf openssl
+OPENVPN_DEPENDENCIES = host-pkgconf
+ifeq ($(BR2_PACKAGE_OPENVPN_MBEDTLS),y)
+OPENVPN_DEPENDENCIES += mbedtls
+else
+OPENVPN_DEPENDENCIES += openssl
+endif
+
 OPENVPN_LICENSE = GPL-2.0
 OPENVPN_LICENSE_FILES = COPYRIGHT.GPL
 OPENVPN_CONF_OPTS = \
 	--enable-iproute2 \
-	--with-crypto-library=openssl \
 	$(if $(BR2_STATIC_LIBS),--disable-plugins)
 OPENVPN_CONF_ENV = IFCONFIG=/sbin/ifconfig \
 	NETSTAT=/bin/netstat \
 	ROUTE=/sbin/route \
 	IPROUTE=/sbin/ip
 
+ifeq ($(BR2_PACKAGE_OPENVPN_MBEDTLS),y)
+OPENVPN_CONF_OPTS += \
+	--with-crypto-library=mbedtls
+else
+OPENVPN_CONF_OPTS += \
+	--with-crypto-library=openssl
+endif
+
 ifeq ($(BR2_PACKAGE_OPENVPN_SMALL),y)
 OPENVPN_CONF_OPTS += \
 	--enable-small \
-- 
2.26.2

next             reply	other threads:[~2020-05-11 22:31 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-11 22:31 Ed Spiridonov [this message]
2020-05-15 17:30 ` [Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL Ed Spiridonov
2020-05-15 19:17   ` Heiko Thiery
2020-07-26 12:01     ` Ed Spiridonov
2020-05-15 20:10 ` Thomas Petazzoni
2020-05-15 20:39   ` Ed Spiridonov
2020-05-15 20:47     ` Thomas Petazzoni
     [not found]       ` <CACm0Nn0WyTPDnSyA+7bj10GddAstx0YkyUAuERcRSLSf0CyzRA@mail.gmail.com>
2020-05-15 21:18         ` Thomas Petazzoni
2020-05-18  1:45   ` Ed Spiridonov
2020-05-18  5:15     ` Thomas Petazzoni
2020-05-23 18:38       ` Ed Spiridonov
2020-07-10 18:39       ` Ed Spiridonov
2020-10-10  6:43         ` Ed Spiridonov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e427ab1 dfblob:3437f31 dfblob:0a16755 dfblob:254fe74
dfblob:4234675 dfblob:20cebf0 )
 OR (
bs:"[Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200511223108.4184-1-edo.rus@gmail.com \
    --to=edo.rus@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox