Makefile 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411
  1. #
  2. # Copyright (C) 2006-2016 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. include $(TOPDIR)/rules.mk
  8. PKG_NAME:=openssl
  9. PKG_BASE:=1.1.1
  10. PKG_BUGFIX:=t
  11. PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  12. PKG_RELEASE:=1
  13. PKG_USE_MIPS16:=0
  14. ENGINES_DIR=engines-1.1
  15. PKG_BUILD_PARALLEL:=1
  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  17. PKG_SOURCE_URL:= \
  18. http://ftp.fi.muni.cz/pub/openssl/source/ \
  19. http://ftp.linux.hr/pub/openssl/source/ \
  20. ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  21. ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
  22. PKG_HASH:=8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b
  23. PKG_LICENSE:=OpenSSL
  24. PKG_LICENSE_FILES:=LICENSE
  25. PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  26. PKG_CPE_ID:=cpe:/a:openssl:openssl
  27. PKG_CONFIG_DEPENDS:= \
  28. CONFIG_OPENSSL_ENGINE \
  29. CONFIG_OPENSSL_ENGINE_BUILTIN \
  30. CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  31. CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  32. CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  33. CONFIG_OPENSSL_NO_DEPRECATED \
  34. CONFIG_OPENSSL_OPTIMIZE_SPEED \
  35. CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  36. CONFIG_OPENSSL_WITH_ARIA \
  37. CONFIG_OPENSSL_WITH_ASM \
  38. CONFIG_OPENSSL_WITH_ASYNC \
  39. CONFIG_OPENSSL_WITH_BLAKE2 \
  40. CONFIG_OPENSSL_WITH_CAMELLIA \
  41. CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  42. CONFIG_OPENSSL_WITH_CMS \
  43. CONFIG_OPENSSL_WITH_COMPRESSION \
  44. CONFIG_OPENSSL_WITH_DTLS \
  45. CONFIG_OPENSSL_WITH_EC2M \
  46. CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  47. CONFIG_OPENSSL_WITH_GOST \
  48. CONFIG_OPENSSL_WITH_IDEA \
  49. CONFIG_OPENSSL_WITH_MDC2 \
  50. CONFIG_OPENSSL_WITH_NPN \
  51. CONFIG_OPENSSL_WITH_PSK \
  52. CONFIG_OPENSSL_WITH_RFC3779 \
  53. CONFIG_OPENSSL_WITH_SEED \
  54. CONFIG_OPENSSL_WITH_SM234 \
  55. CONFIG_OPENSSL_WITH_SRP \
  56. CONFIG_OPENSSL_WITH_SSE2 \
  57. CONFIG_OPENSSL_WITH_TLS13 \
  58. CONFIG_OPENSSL_WITH_WHIRLPOOL
  59. include $(INCLUDE_DIR)/package.mk
  60. ifneq ($(CONFIG_CCACHE),)
  61. HOSTCC=$(HOSTCC_NOCACHE)
  62. HOSTCXX=$(HOSTCXX_NOCACHE)
  63. endif
  64. define Package/openssl/Default
  65. TITLE:=Open source SSL toolkit
  66. URL:=http://www.openssl.org/
  67. SECTION:=libs
  68. CATEGORY:=Libraries
  69. endef
  70. define Package/libopenssl/config
  71. source "$(SOURCE)/Config.in"
  72. endef
  73. define Package/openssl/Default/description
  74. The OpenSSL Project is a collaborative effort to develop a robust,
  75. commercial-grade, full-featured, and Open Source toolkit implementing the
  76. Transport Layer Security (TLS) protocol as well as a full-strength
  77. general-purpose cryptography library.
  78. endef
  79. define Package/libopenssl
  80. $(call Package/openssl/Default)
  81. SUBMENU:=SSL
  82. DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  83. +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  84. +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  85. +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
  86. TITLE+= (libraries)
  87. ABI_VERSION:=1.1
  88. MENU:=1
  89. endef
  90. define Package/libopenssl/description
  91. $(call Package/openssl/Default/description)
  92. This package contains the OpenSSL shared libraries, needed by other programs.
  93. endef
  94. define Package/openssl-util
  95. $(call Package/openssl/Default)
  96. SECTION:=utils
  97. CATEGORY:=Utilities
  98. DEPENDS:=+libopenssl +libopenssl-conf
  99. TITLE+= (utility)
  100. endef
  101. define Package/openssl-util/description
  102. $(call Package/openssl/Default/description)
  103. This package contains the OpenSSL command-line utility.
  104. endef
  105. define Package/libopenssl-conf
  106. $(call Package/openssl/Default)
  107. SUBMENU:=SSL
  108. TITLE:=/etc/ssl/openssl.cnf config file
  109. DEPENDS:=libopenssl
  110. endef
  111. define Package/libopenssl-conf/conffiles
  112. /etc/ssl/openssl.cnf
  113. endef
  114. define Package/libopenssl-conf/description
  115. $(call Package/openssl/Default/description)
  116. This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
  117. endef
  118. define Package/libopenssl-afalg
  119. $(call Package/openssl/Default)
  120. SUBMENU:=SSL
  121. TITLE:=AFALG hardware acceleration engine
  122. DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \
  123. +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
  124. endef
  125. define Package/libopenssl-afalg/description
  126. This package adds an engine that enables hardware acceleration
  127. through the AF_ALG kernel interface.
  128. To use it, you need to configure the engine in /etc/ssl/openssl.cnf
  129. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
  130. and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
  131. The engine_id is "afalg"
  132. endef
  133. define Package/libopenssl-devcrypto
  134. $(call Package/openssl/Default)
  135. SUBMENU:=SSL
  136. TITLE:=/dev/crypto hardware acceleration engine
  137. DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \
  138. @!OPENSSL_ENGINE_BUILTIN
  139. endef
  140. define Package/libopenssl-devcrypto/description
  141. This package adds an engine that enables hardware acceleration
  142. through the /dev/crypto kernel interface.
  143. To use it, you need to configure the engine in /etc/ssl/openssl.cnf
  144. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
  145. and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
  146. The engine_id is "devcrypto"
  147. endef
  148. define Package/libopenssl-padlock
  149. $(call Package/openssl/Default)
  150. SUBMENU:=SSL
  151. TITLE:=VIA Padlock hardware acceleration engine
  152. DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
  153. +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
  154. endef
  155. define Package/libopenssl-padlock/description
  156. This package adds an engine that enables VIA Padlock hardware acceleration.
  157. To use it, you need to configure it in /etc/ssl/openssl.cnf.
  158. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
  159. and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
  160. The engine_id is "padlock"
  161. endef
  162. OPENSSL_OPTIONS:= shared
  163. ifndef CONFIG_OPENSSL_WITH_BLAKE2
  164. OPENSSL_OPTIONS += no-blake2
  165. endif
  166. ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
  167. OPENSSL_OPTIONS += no-chacha no-poly1305
  168. else
  169. ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
  170. OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
  171. endif
  172. endif
  173. ifndef CONFIG_OPENSSL_WITH_ASYNC
  174. OPENSSL_OPTIONS += no-async
  175. endif
  176. ifndef CONFIG_OPENSSL_WITH_EC2M
  177. OPENSSL_OPTIONS += no-ec2m
  178. endif
  179. ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
  180. OPENSSL_OPTIONS += no-err
  181. endif
  182. ifndef CONFIG_OPENSSL_WITH_TLS13
  183. OPENSSL_OPTIONS += no-tls1_3
  184. endif
  185. ifndef CONFIG_OPENSSL_WITH_ARIA
  186. OPENSSL_OPTIONS += no-aria
  187. endif
  188. ifndef CONFIG_OPENSSL_WITH_SM234
  189. OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
  190. endif
  191. ifndef CONFIG_OPENSSL_WITH_CAMELLIA
  192. OPENSSL_OPTIONS += no-camellia
  193. endif
  194. ifndef CONFIG_OPENSSL_WITH_IDEA
  195. OPENSSL_OPTIONS += no-idea
  196. endif
  197. ifndef CONFIG_OPENSSL_WITH_SEED
  198. OPENSSL_OPTIONS += no-seed
  199. endif
  200. ifndef CONFIG_OPENSSL_WITH_MDC2
  201. OPENSSL_OPTIONS += no-mdc2
  202. endif
  203. ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
  204. OPENSSL_OPTIONS += no-whirlpool
  205. endif
  206. ifndef CONFIG_OPENSSL_WITH_CMS
  207. OPENSSL_OPTIONS += no-cms
  208. endif
  209. ifndef CONFIG_OPENSSL_WITH_RFC3779
  210. OPENSSL_OPTIONS += no-rfc3779
  211. endif
  212. ifdef CONFIG_OPENSSL_NO_DEPRECATED
  213. OPENSSL_OPTIONS += no-deprecated
  214. endif
  215. ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
  216. TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
  217. else
  218. OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
  219. endif
  220. ifdef CONFIG_OPENSSL_ENGINE
  221. ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
  222. OPENSSL_OPTIONS += disable-dynamic-engine
  223. ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
  224. OPENSSL_OPTIONS += no-afalgeng
  225. endif
  226. ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
  227. OPENSSL_OPTIONS += enable-devcryptoeng
  228. endif
  229. ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
  230. OPENSSL_OPTIONS += no-hw-padlock
  231. endif
  232. else
  233. ifdef CONFIG_PACKAGE_libopenssl-devcrypto
  234. OPENSSL_OPTIONS += enable-devcryptoeng
  235. endif
  236. ifndef CONFIG_PACKAGE_libopenssl-afalg
  237. OPENSSL_OPTIONS += no-afalgeng
  238. endif
  239. ifndef CONFIG_PACKAGE_libopenssl-padlock
  240. OPENSSL_OPTIONS += no-hw-padlock
  241. endif
  242. endif
  243. else
  244. OPENSSL_OPTIONS += no-engine
  245. endif
  246. ifndef CONFIG_OPENSSL_WITH_GOST
  247. OPENSSL_OPTIONS += no-gost
  248. endif
  249. ifndef CONFIG_OPENSSL_WITH_DTLS
  250. OPENSSL_OPTIONS += no-dtls
  251. endif
  252. ifdef CONFIG_OPENSSL_WITH_COMPRESSION
  253. OPENSSL_OPTIONS += zlib-dynamic
  254. else
  255. OPENSSL_OPTIONS += no-comp
  256. endif
  257. ifndef CONFIG_OPENSSL_WITH_NPN
  258. OPENSSL_OPTIONS += no-nextprotoneg
  259. endif
  260. ifndef CONFIG_OPENSSL_WITH_PSK
  261. OPENSSL_OPTIONS += no-psk
  262. endif
  263. ifndef CONFIG_OPENSSL_WITH_SRP
  264. OPENSSL_OPTIONS += no-srp
  265. endif
  266. ifndef CONFIG_OPENSSL_WITH_ASM
  267. OPENSSL_OPTIONS += no-asm
  268. endif
  269. ifdef CONFIG_i386
  270. ifndef CONFIG_OPENSSL_WITH_SSE2
  271. OPENSSL_OPTIONS += no-sse2
  272. endif
  273. endif
  274. OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-librecmc
  275. STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
  276. define Build/Configure
  277. (cd $(PKG_BUILD_DIR); \
  278. ./Configure $(OPENSSL_TARGET) \
  279. --prefix=/usr \
  280. --libdir=lib \
  281. --openssldir=/etc/ssl \
  282. --cross-compile-prefix="$(TARGET_CROSS)" \
  283. $(TARGET_CPPFLAGS) \
  284. $(TARGET_LDFLAGS) \
  285. $(OPENSSL_OPTIONS) && \
  286. { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
  287. )
  288. endef
  289. TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
  290. TARGET_LDFLAGS += -Wl,--gc-sections
  291. define Build/Compile
  292. +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
  293. CC="$(TARGET_CC)" \
  294. SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
  295. LIBRECMC_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
  296. $(OPENSSL_MAKEFLAGS) \
  297. all
  298. $(MAKE) -C $(PKG_BUILD_DIR) \
  299. CC="$(TARGET_CC)" \
  300. DESTDIR="$(PKG_INSTALL_DIR)" \
  301. $(OPENSSL_MAKEFLAGS) \
  302. install_sw install_ssldirs
  303. endef
  304. define Build/InstallDev
  305. $(INSTALL_DIR) $(1)/usr/include
  306. $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
  307. $(INSTALL_DIR) $(1)/usr/lib/
  308. $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
  309. $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
  310. $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
  311. [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
  312. endef
  313. define Package/libopenssl/install
  314. $(INSTALL_DIR) $(1)/etc/ssl/certs
  315. $(INSTALL_DIR) $(1)/etc/ssl/private
  316. chmod 0700 $(1)/etc/ssl/private
  317. $(INSTALL_DIR) $(1)/usr/lib
  318. $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
  319. $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
  320. $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
  321. endef
  322. define Package/libopenssl-conf/install
  323. $(INSTALL_DIR) $(1)/etc/ssl
  324. $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
  325. endef
  326. define Package/openssl-util/install
  327. $(INSTALL_DIR) $(1)/usr/bin
  328. $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
  329. endef
  330. define Package/libopenssl-afalg/install
  331. $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
  332. $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
  333. endef
  334. define Package/libopenssl-devcrypto/install
  335. $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
  336. $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
  337. endef
  338. define Package/libopenssl-padlock/install
  339. $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
  340. $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
  341. endef
  342. $(eval $(call BuildPackage,libopenssl))
  343. $(eval $(call BuildPackage,libopenssl-conf))
  344. $(eval $(call BuildPackage,libopenssl-afalg))
  345. $(eval $(call BuildPackage,libopenssl-devcrypto))
  346. $(eval $(call BuildPackage,libopenssl-padlock))
  347. $(eval $(call BuildPackage,openssl-util))