[OE-core] [PATCH 2/2] openssl: don't disable the AFALG engine based on host kernel

[Ross Burton]

Whether the AFALG engine (use of hardware crypto via AF_ALG) is enable or
disable depends on whether the host kernel is 4.1 or above, which has no bearing
on whether the target system supports it.

Remove the complicated logic and simply enable/disable as requested.

Signed-off-by: Ross Burton <ross.burton at intel.com>
---
 .../openssl/openssl/afalg.patch                    | 31 ++++++++++++++++++++++
 meta/recipes-connectivity/openssl/openssl_1.1.1.bb |  1 +
 2 files changed, 32 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/afalg.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 00000000000..7c4b084f3df
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton at intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                $disabled{afalgeng} = "too-old-kernel";
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            $disabled{afalgeng} = "cross-compiling";
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         $disabled{afalgeng}  = "not-linux";
+     }
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
index 8d5d4b146e7..5d19910941e 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1.bb
@@ -18,6 +18,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0002-fix-CVE-2018-0734.patch \
            file://0003-fix-CVE-2018-0735.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
-- 
2.11.0