From patchwork Mon May 11 11:28:40 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Erwan Gautron <erwan.gautron@bertin.fr>
X-Patchwork-Id: 1287626
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.138; helo=whitealder.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=none (p=none dis=none) header.from=bertin.fr
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=cnimgroup.onmicrosoft.com
 header.i=@cnimgroup.onmicrosoft.com header.a=rsa-sha256
 header.s=selector2-cnimgroup-onmicrosoft-com header.b=EfOsoyh9;
	dkim-atps=neutral
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 49LJcT36glz9sT8
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Mon, 11 May 2020 21:29:29 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 691FB87277;
	Mon, 11 May 2020 11:29:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id KQR6TkOe7igw; Mon, 11 May 2020 11:29:23 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by whitealder.osuosl.org (Postfix) with ESMTP id 195B5873B6;
	Mon, 11 May 2020 11:29:23 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by ash.osuosl.org (Postfix) with ESMTP id E7A451BF3F4
 for <buildroot@lists.busybox.net>; Mon, 11 May 2020 11:29:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by whitealder.osuosl.org (Postfix) with ESMTP id E3A91873B6
 for <buildroot@lists.busybox.net>; Mon, 11 May 2020 11:29:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VtrWnyoFVhn4 for <buildroot@lists.busybox.net>;
 Mon, 11 May 2020 11:29:20 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from FRA01-MR2-obe.outbound.protection.outlook.com
 (mail-eopbgr90079.outbound.protection.outlook.com [40.107.9.79])
 by whitealder.osuosl.org (Postfix) with ESMTPS id 594BD87277
 for <buildroot@buildroot.org>; Mon, 11 May 2020 11:29:20 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ogLaOCYyzVN4QTjC+bMkuxvtK6J5oTZww45LF5nK25lOUBUNNEVFxn4LEowNaTKPTe1l05DfVYpYvNaODqDRDazBDeph2QEtUU4Hx8SxnURgPx11ggGRoAIgjuB8UGFImajX/9lWkQ23/GtwVfTConkkC25cc144AHS+cwkaUiI9t99hGBSiOZ8lGPwB1Ii4CEP3fqt2EkVyRGiVXvG53cPVLyrRT0+MU5HeoT0yBQ/GDAph5hnIOAd+zxS6mAMZS/6qIEW1HY/TwCy1L3JmnOVGWl3fEOtKPohdnMCd5cqcq8eby5Bq/MHAMMQdjq/hj01k+E54Qtb10GjzkxCKqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=efmvgQEVPD29pthsZtPwprTRN1ymPg2pqaPrrebbNFE=;
 b=jQaxZ4Ms54IwZF9YRV+/SwdYu+4GMsZGtInOUwGYoGyy8HfnorU6YKokJMDFMTxyN9xXvDEpXjSH+LEnlSiy8LKc+pFLcIBs7S3etlZlgRYU3x5ST/ahE5CprZxQhomyxiWr6uN+AvDZ7IhPnEnZZK2mAd/ABV2V+Rb5idUAsjJcocpv7IKLbwvj8Ev7wFeQQSyGUZZyI0X5Nlpc+FHVoGCJNEQamWpmTbyVgx8w+SIiaYgPgo3b6gb6DKxMO/NxVM2otg4YxR0AGeqsWLVSqScjYOlQ8H6ZzcgHfWevzq46fb46FbD87clTyhHU3UQckkegjkK/l0Dmt4Lc5NxeKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=bertin.fr; dmarc=pass action=none header.from=bertin.fr;
 dkim=pass header.d=bertin.fr; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cnimgroup.onmicrosoft.com; s=selector2-cnimgroup-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=efmvgQEVPD29pthsZtPwprTRN1ymPg2pqaPrrebbNFE=;
 b=EfOsoyh9mGoiglTn7+uwjI/7pkSlSCedCdArqgvKEkdwZ6QH8UKODhbaZQBmds0TLAfx8SezPzWtyJa/SgZMylD31K3cuP69LemRH/VlzcQAsOCTAa3APpV9zUerudGj/ugwjf9A2Qqw3GhpiS3ve5hd6tpsdW060zrhnAbuP3I=
Authentication-Results: buildroot.org; dkim=none (message not signed)
 header.d=none;buildroot.org; dmarc=none action=none header.from=bertin.fr;
Received: from PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM (52.133.71.22) by
 PR0P264MB0043.FRAP264.PROD.OUTLOOK.COM (52.133.67.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2979.34; Mon, 11 May 2020 11:29:17 +0000
Received: from PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM
 ([fe80::c4fb:874:b5fa:aae9]) by PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM
 ([fe80::c4fb:874:b5fa:aae9%7]) with mapi id 15.20.2979.033; Mon, 11 May 2020
 11:29:17 +0000
From: Erwan GAUTRON <erwan.gautron@bertin.fr>
To: buildroot@buildroot.org
Date: Mon, 11 May 2020 13:28:40 +0200
Message-Id: <20200511112840.634268-2-erwan.gautron@bertin.fr>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200511112840.634268-1-erwan.gautron@bertin.fr>
References: <20200511112840.634268-1-erwan.gautron@bertin.fr>
X-ClientProxiedBy: PR3P191CA0027.EURP191.PROD.OUTLOOK.COM
 (2603:10a6:102:54::32) To PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM
 (2603:10a6:100:e::22)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from erwan-r.home (2a01:cb00:8f6:d800:4b69:7a7d:2caf:64d2) by
 PR3P191CA0027.EURP191.PROD.OUTLOOK.COM (2603:10a6:102:54::32) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2979.27 via Frontend Transport; Mon, 11 May 2020 11:29:16 +0000
X-Mailer: git-send-email 2.25.1
X-Originating-IP: [2a01:cb00:8f6:d800:4b69:7a7d:2caf:64d2]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: cd6bbbef-b3cc-4f6c-6f7c-08d7f59e8a45
X-MS-TrafficTypeDiagnostic: PR0P264MB0043:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
 <PR0P264MB004300B60DCEBDE1CE88C709F3A10@PR0P264MB0043.FRAP264.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:2449;
X-Forefront-PRVS: 04004D94E2
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 Vrr9n3+E6lOJ9k1CB0niHXkKJ5VjP1InGC6/MeJ/r058zRvVUy3T0FgrdVq0/mxB3KKwddKnWGsCsXCuFFC0NQe7Jwj74WJjTeqfpwMCHFzroc/WcUgV4QlY++D5YzR32sG1kYdbdxiNA4LkQB07vgZk3EUZztMc1UC1bMDNdaYnWJvZMKYmObXALqt7o7qQyJRFbc70FAaZugFGj9iXX8DuwBA908GXkzagUzVcZVN+1X2hyEhX3aaUKkYvRXvTiFIz7VpE4RB2iK2L10PkVLQ3A7M7uBD4nNB9wh91JB8WAd1bazU3VpYCTSCIOW9WxyefGj3LXn53sXdXHXXp47PPnQhx8yPG2l+cA7nagtgzNaHXO7een/JkxWNKc2o2ZTHLIpzLrBvMHgNna7N5dWu26pwln2xM5V5dRjvxRe/A5e1pyAThhRrj8qSk+hhTRWrl3tZ/HotvcDhNW1S395QqdF+AjPPMd6dCUQXW4iTTjM/6KIc+dAbaSFE6RAeG1pNW8fJOJRKIgMJPohctSw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:PR0P264MB0009.FRAP264.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFTY:;
 SFS:(366004)(346002)(396003)(136003)(39850400004)(376002)(33430700001)(8936002)(6666004)(2616005)(6512007)(8676002)(1076003)(2906002)(16526019)(186003)(52116002)(6916009)(478600001)(4326008)(66556008)(86362001)(66476007)(36756003)(6486002)(54906003)(33440700001)(316002)(5660300002)(6506007)(8886007)(66946007)(107886003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 x9FRIziAn+cRS20g/RB+T5lmHFUxdZXTyIcOtUmmgubJyCE/ZhWxahc6SGF7W9KJC6Qt/MPXnv7w/dSZ0R4dtD42iiWqKawbPIl6dTcowj0fzXx67JtYIet/A7MToRuBVBSYlg/qHnBIz8GMW+SWt0lNT2DuanDD0ffDHhbWzOh5MQIXB5CTD2Ifz90kqJJXjlcgSbje5Psr49xvTpPHg/uglZ1RCoJDgdaQ1qBSMzhTjqj9UYQjRk4mc6WrrXJ/kBj8zUJtbt3Hs08ERKJ8wXNioAm9tzVgE4lt0SiCwR4EU4592QktMpTD07t0k5JZ/6DOpyJIv7ibD8TeDHs5AgtWJLMqWIxlaNLIiG3dlfwASLFWIuZpuDuNy/NUZ0FJvWaGJrmK8IwqqbAG7E79BF5W4HSIdsmvvTMZvqzKZXogr4KPxo2dPHKH3N0J60Mb6p+CsUvfsR3JyhXmK3puCviMVDxrNdewqEIuGDaLUlVOxYETkBFmo0ZFHh7MZAeUTkVufBRig3q1Onj9urazBzBkgLeN1FTh10/dmUcWxGEWG+Tjqwu9EgRMDFmYAIbN
X-OriginatorOrg: bertin.fr
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 cd6bbbef-b3cc-4f6c-6f7c-08d7f59e8a45
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2020 11:29:17.0888 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 82fabbca-be5f-4097-bac2-2eb7f60a4316
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 IQ7fFETYLrssomeXHfOXWIXjoG544izZeFOFeKbjU5QJjnJIQuYPkViHerGq/VJWVw/dQ1P/xJxND9oEvjxBQQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR0P264MB0043
Subject: [Buildroot] [PATCH 1/1] package/libopenssl: add option to enable
 some features
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>, "GAUTRON,
 Erwan" <erwan.gautron@bertin.fr>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

From: "GAUTRON, Erwan" <erwan.gautron@bertin.fr>

Openssl implements lot of algorithms that are not required in
some emdedded devices and cyphers known as weak.
Secure embedded systems shall disable unused algorithms (and weak algo)
in order to be certified.
This patch allows to select weak algorithms and mecanims to enable
such as md5
To ensure backward compatibility, all items are selected by default

Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
---
 package/libopenssl/Config.in     | 151 +++++++++++++++++++++++++++++++
 package/libopenssl/libopenssl.mk |  25 +++++
 2 files changed, 176 insertions(+)

diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in
index 881518d1cb..7c84be3bb4 100644
--- a/package/libopenssl/Config.in
+++ b/package/libopenssl/Config.in
@@ -44,4 +44,155 @@ config BR2_PACKAGE_LIBOPENSSL_ENGINES
 	help
 	  Install additional encryption engine libraries.
 
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA
+	bool "enable openssl CHACHA "
+	default y
+	help
+	  Enable CHACHA cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5
+	bool "enable openssl RC5"
+	default y
+	help
+	  Enable RC5 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2
+	bool "enable openssl RC2"
+	default y
+	help
+	  Enable RC2 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4
+	bool "enable openssl RC4"
+	default y
+	help
+	  Enable RC4 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2
+	bool "enable openssl MD2"
+	default y
+	help
+	  Enable MD2 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4
+	bool "enable openssl MD4"
+	default y
+	help
+	  Enable MD4 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD5
+	bool "enable openssl MD5"
+	default y
+	help
+	  Enable MD5 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2
+	bool "enable openssl MDC2"
+	default y
+	help
+	  Enable MDC2 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2
+	bool "enable openssl BLAKE2"
+	default y
+	help
+	  Enable BLAKE2 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA
+	bool "enable openssl IDEA"
+	default y
+	help
+	  Enable IDEA cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED
+	bool "enable openssl SEED"
+	default y
+	help
+	  Enable SEED cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_DES
+	bool "enable openssl DES"
+	default y
+	help
+	  Enable DES cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160
+	bool "enable openssl RMD160"
+	default y
+	help
+	  Enable RMD160 cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL
+	bool "enable openssl WHIRLPOOL"
+	default y
+	help
+	  Enable WHIRLPOOL cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH
+	bool "enable openssl BLOWFISH"
+	default y
+	help
+	  Enable BLOWFISH cipher in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL
+	bool "enable openssl SSL"
+	default y
+	help
+	  Enable SSL mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2
+	bool "enable openssl SSL2"
+	default y
+	help
+	  Enable SSL2 mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3
+	bool "enable openssl SSL3"
+	default y
+	help
+	  Enable SSL3 mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL
+	bool "enable openssl WEAK_SSL"
+	default y
+	help
+	  Enable WEAK_SSL mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK
+	bool "enable openssl mode PSK"
+	default y
+	help
+	  Enable PSK mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST
+	bool "enable openssl mode CAST"
+	default y
+	help
+	  Enable CAST mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_UNSECURE
+	bool "enable unit test, debug, backtrace"
+	default y
+	help
+	  Enable unit-test crypto-mdebug-backtrace crypto-mdebug autoerrinit mode in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE
+	bool "enable openssl dynamic engine"
+	default y
+	help
+	  Enable dynamic engine in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_IPV6
+	bool "enable openssl IPV6"
+	default y
+	help
+	  Enable IPV6 in libopenssl.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP
+	bool "enable openssl compression"
+	default y
+	help
+	  Enable compression in libopenssl.
+
+
 endif # BR2_PACKAGE_LIBOPENSSL
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index a300458f85..ba87cce7b7 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -86,6 +86,31 @@ define LIBOPENSSL_CONFIGURE_CMDS
 			no-tests \
 			no-fuzz-libfuzzer \
 			no-fuzz-afl \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA),,no-chacha) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5),,no-rc5) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2),,no-rc2) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4),,no-rc4) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2),,no-md2) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4),,no-md4) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD5),,no-md5) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2),,no-mdc2) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2),,no-blake2) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA),,no-idea) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED),,no-seed) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_DES),,no-des) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160),,no-rmd160) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL),,no-whirlpool) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH),,no-bf) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL),,no-ssl) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2),,no-ssl2) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3),,no-ssl3) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL),,no-weak-ssl-ciphers) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK),,no-psk) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST),,no-cast) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug-backtrace no-crypto-mdebug no-autoerrinit) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_IPV6),,-DOPENSSL_USE_IPV6=0) \
+			$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \
 			$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
 	)
 	$(SED) "s#-march=[-a-z0-9] ##" -e "s#-mcpu=[-a-z0-9] ##g" $(@D)/Makefile