Hello!
I am using this crypto accelerator: https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
There is a section that need should be modified: /etc/ssl/openssl.cnf
It should use like this:
[default]
openssl_conf=openssl_def
[openssl_def]
# this is the main library configuration section
engines=engine_section
[engine_section]
# this is the engine configuration section, where the engines are listed
devcrypto=devcrypto_section
[devcrypto_section]
# this is the section where the devcrypto engine commands are used
CIPHERS=ALL
DIGESTS=NONE
Now, in the devcrypto_section
it says DIGEST
is NONE
.
I tried it, to set DIGEST
to ALL
and it works.
So, if I add to digests, it looks like this:
root@hawk:~# openssl engine -t -c
(dynamic) Dynamic engine loading support
[ unavailable ]
(devcrypto) /dev/crypto engine
[DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB, AES-256-ECB, MD5, SHA1, SHA256]
[ available ]
You can see in the end, shows MD5
, SHA1
and SHA256
.
It I set in openssl.cnf digest to none, it will not use the digests.
So, why is this link (https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators) not enabled for digests?
Should I enable it or not?