projects / openwrt / openwrt.git / blob
? search:


66872d54366944923bd015d65d0a8a6e951cdef1
[openwrt/openwrt.git] / package / libs / openssl / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9
10 PKG_NAME:=openssl
11 PKG_VERSION:=3.0.8
12 PKG_RELEASE:=6
13 PKG_BUILD_FLAGS:=no-mips16 gc-sections
14
15 PKG_BUILD_PARALLEL:=1
16
17 PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION))))
18 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
19 PKG_SOURCE_URL:= \
20 http://www.openssl.org/source/ \
21 http://www.openssl.org/source/old/$(PKG_BASE)/ \
22 http://ftp.fi.muni.cz/pub/openssl/source/ \
23 http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
24 ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
25 ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
26
27 PKG_HASH:=6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
28
29 PKG_LICENSE:=Apache-2.0
30 PKG_LICENSE_FILES:=LICENSE
31 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
32 PKG_CPE_ID:=cpe:/a:openssl:openssl
33 PKG_CONFIG_DEPENDS:= \
34 CONFIG_OPENSSL_ENGINE \
35 CONFIG_OPENSSL_ENGINE_BUILTIN \
36 CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
37 CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
38 CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
39 CONFIG_OPENSSL_NO_DEPRECATED \
40 CONFIG_OPENSSL_OPTIMIZE_SPEED \
41 CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
42 CONFIG_OPENSSL_SMALL_FOOTPRINT \
43 CONFIG_OPENSSL_WITH_ARIA \
44 CONFIG_OPENSSL_WITH_ASM \
45 CONFIG_OPENSSL_WITH_ASYNC \
46 CONFIG_OPENSSL_WITH_BLAKE2 \
47 CONFIG_OPENSSL_WITH_CAMELLIA \
48 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
49 CONFIG_OPENSSL_WITH_CMS \
50 CONFIG_OPENSSL_WITH_COMPRESSION \
51 CONFIG_OPENSSL_WITH_DTLS \
52 CONFIG_OPENSSL_WITH_EC2M \
53 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
54 CONFIG_OPENSSL_WITH_IDEA \
55 CONFIG_OPENSSL_WITH_MDC2 \
56 CONFIG_OPENSSL_WITH_NPN \
57 CONFIG_OPENSSL_WITH_PSK \
58 CONFIG_OPENSSL_WITH_RFC3779 \
59 CONFIG_OPENSSL_WITH_SEED \
60 CONFIG_OPENSSL_WITH_SM234 \
61 CONFIG_OPENSSL_WITH_SRP \
62 CONFIG_OPENSSL_WITH_SSE2 \
63 CONFIG_OPENSSL_WITH_TLS13 \
64 CONFIG_OPENSSL_WITH_WHIRLPOOL
65
66 include $(INCLUDE_DIR)/package.mk
67 include $(INCLUDE_DIR)/openssl-engine.mk
68
69 ifneq ($(CONFIG_CCACHE),)
70 HOSTCC=$(HOSTCC_NOCACHE)
71 HOSTCXX=$(HOSTCXX_NOCACHE)
72 endif
73
74 define Package/openssl/Default
75 TITLE:=Open source SSL toolkit
76 URL:=http://www.openssl.org/
77 SECTION:=libs
78 CATEGORY:=Libraries
79 endef
80
81 define Package/libopenssl/config
82 source "$(SOURCE)/Config.in"
83 endef
84
85 define Package/openssl/Default/description
86 The OpenSSL Project is a collaborative effort to develop a robust,
87 commercial-grade, full-featured, and Open Source toolkit implementing the
88 Transport Layer Security (TLS) protocol as well as a full-strength
89 general-purpose cryptography library.
90 endef
91
92 define Package/libopenssl
93 $(call Package/openssl/Default)
94 SUBMENU:=SSL
95 DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
96 +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
97 +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
98 +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock \
99 +(arm||armeb||mips||mipsel||powerpc||arc):libatomic
100 TITLE+= (libraries)
101 ABI_VERSION:=$(firstword $(subst .,$(space),$(PKG_VERSION)))
102 MENU:=1
103 endef
104
105 define Package/libopenssl/description
106 $(call Package/openssl/Default/description)
107 This package contains the OpenSSL shared libraries, needed by other programs.
108 endef
109
110 define Package/openssl-util
111 $(call Package/openssl/Default)
112 SECTION:=utils
113 CATEGORY:=Utilities
114 DEPENDS:=+libopenssl +libopenssl-conf
115 TITLE+= (utility)
116 endef
117
118 define Package/openssl-util/description
119 $(call Package/openssl/Default/description)
120 This package contains the OpenSSL command-line utility.
121 endef
122
123 define Package/libopenssl-conf
124 $(call Package/openssl/Default)
125 SUBMENU:=SSL
126 TITLE:=/etc/ssl/openssl.cnf config file
127 DEPENDS:=libopenssl
128 endef
129
130 define Package/libopenssl-conf/conffiles
131 /etc/ssl/openssl.cnf
132 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/engines.cnf.d/devcrypto.cnf)
133 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/engines.cnf.d/padlock.cnf)
134 endef
135
136 define Package/libopenssl-conf/description
137 $(call Package/openssl/Default/description)
138 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
139 endef
140
141 ifneq ($(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK)$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),)
142 define Package/libopenssl-conf/postinst
143 #!/bin/sh
144 OPENSSL_UCI="$${IPKG_INSTROOT}/etc/config/openssl"
145
146 add_engine_config() {
147 if [ -z "$${IPKG_INSTROOT}" ] && uci -q get "openssl.$$1" >/dev/null; then
148 [ "$$(uci -q get "openssl.$$1.builtin")" = 1 ] && return
149 uci set "openssl.$$1.builtin=1" && uci commit openssl
150 return
151 fi
152 {
153 echo "engine '$$1'"
154 echo " option enabled '1'"
155 echo " option builtin '1'"
156 echo
157 } >>"$${OPENSSL_UCI}"
158 }
159
160 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),add_engine_config devcrypto)
161 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),add_engine_config padlock)
162 endef
163 endif
164
165 $(eval $(call Package/openssl/add-engine,afalg))
166 define Package/libopenssl-afalg
167 $(call Package/openssl/Default)
168 $(call Package/openssl/engine/Default)
169 TITLE:=AFALG hardware acceleration engine
170 DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
171 @!OPENSSL_ENGINE_BUILTIN
172 endef
173
174 define Package/libopenssl-afalg/description
175 This package adds an engine that enables hardware acceleration
176 through the AF_ALG kernel interface.
177 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
178 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
179 The engine_id is "afalg"
180 endef
181
182 $(eval $(call Package/openssl/add-engine,devcrypto))
183 define Package/libopenssl-devcrypto
184 $(call Package/openssl/Default)
185 $(call Package/openssl/engine/Default)
186 TITLE:=/dev/crypto hardware acceleration engine
187 DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
188 endef
189
190 define Package/libopenssl-devcrypto/description
191 This package adds an engine that enables hardware acceleration
192 through the /dev/crypto kernel interface.
193 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
194 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
195 The engine_id is "devcrypto"
196 endef
197
198 $(eval $(call Package/openssl/add-engine,padlock))
199 define Package/libopenssl-padlock
200 $(call Package/openssl/Default)
201 $(call Package/openssl/engine/Default)
202 TITLE:=VIA Padlock hardware acceleration engine
203 DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
204 @!OPENSSL_ENGINE_BUILTIN
205 endef
206
207 define Package/libopenssl-padlock/description
208 This package adds an engine that enables VIA Padlock hardware acceleration.
209 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
210 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
211 The engine_id is "padlock"
212 endef
213
214 OPENSSL_OPTIONS:= shared no-tests
215
216 ifndef CONFIG_OPENSSL_WITH_BLAKE2
217 OPENSSL_OPTIONS += no-blake2
218 endif
219
220 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
221 OPENSSL_OPTIONS += no-chacha no-poly1305
222 else
223 ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
224 OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
225 endif
226 endif
227
228 ifndef CONFIG_OPENSSL_WITH_ASYNC
229 OPENSSL_OPTIONS += no-async
230 endif
231
232 ifndef CONFIG_OPENSSL_WITH_EC2M
233 OPENSSL_OPTIONS += no-ec2m
234 endif
235
236 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
237 OPENSSL_OPTIONS += no-err
238 endif
239
240 ifndef CONFIG_OPENSSL_WITH_TLS13
241 OPENSSL_OPTIONS += no-tls1_3
242 endif
243
244 ifndef CONFIG_OPENSSL_WITH_ARIA
245 OPENSSL_OPTIONS += no-aria
246 endif
247
248 ifndef CONFIG_OPENSSL_WITH_SM234
249 OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
250 endif
251
252 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
253 OPENSSL_OPTIONS += no-camellia
254 endif
255
256 ifndef CONFIG_OPENSSL_WITH_IDEA
257 OPENSSL_OPTIONS += no-idea
258 endif
259
260 ifndef CONFIG_OPENSSL_WITH_SEED
261 OPENSSL_OPTIONS += no-seed
262 endif
263
264 ifndef CONFIG_OPENSSL_WITH_MDC2
265 OPENSSL_OPTIONS += no-mdc2
266 endif
267
268 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
269 OPENSSL_OPTIONS += no-whirlpool
270 endif
271
272 ifndef CONFIG_OPENSSL_WITH_CMS
273 OPENSSL_OPTIONS += no-cms
274 endif
275
276 ifndef CONFIG_OPENSSL_WITH_RFC3779
277 OPENSSL_OPTIONS += no-rfc3779
278 endif
279
280 ifdef CONFIG_OPENSSL_NO_DEPRECATED
281 OPENSSL_OPTIONS += no-deprecated
282 endif
283
284 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
285 TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
286 endif
287
288 ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
289 OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
290 endif
291
292 ifdef CONFIG_OPENSSL_ENGINE
293 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
294 OPENSSL_OPTIONS += disable-dynamic-engine
295 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
296 OPENSSL_OPTIONS += no-afalgeng
297 endif
298 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
299 OPENSSL_OPTIONS += enable-devcryptoeng
300 endif
301 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
302 OPENSSL_OPTIONS += no-padlockeng
303 endif
304 else
305 ifdef CONFIG_PACKAGE_libopenssl-devcrypto
306 OPENSSL_OPTIONS += enable-devcryptoeng
307 endif
308 ifndef CONFIG_PACKAGE_libopenssl-afalg
309 OPENSSL_OPTIONS += no-afalgeng
310 endif
311 ifndef CONFIG_PACKAGE_libopenssl-padlock
312 OPENSSL_OPTIONS += no-padlockeng
313 endif
314 endif
315 else
316 OPENSSL_OPTIONS += no-engine
317 endif
318
319 ifndef CONFIG_OPENSSL_WITH_DTLS
320 OPENSSL_OPTIONS += no-dtls
321 endif
322
323 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
324 OPENSSL_OPTIONS += zlib-dynamic
325 else
326 OPENSSL_OPTIONS += no-comp
327 endif
328
329 ifndef CONFIG_OPENSSL_WITH_NPN
330 OPENSSL_OPTIONS += no-nextprotoneg
331 endif
332
333 ifndef CONFIG_OPENSSL_WITH_PSK
334 OPENSSL_OPTIONS += no-psk
335 endif
336
337 ifndef CONFIG_OPENSSL_WITH_SRP
338 OPENSSL_OPTIONS += no-srp
339 endif
340
341 ifndef CONFIG_OPENSSL_WITH_ASM
342 OPENSSL_OPTIONS += no-asm
343 endif
344
345 ifdef CONFIG_i386
346 ifndef CONFIG_OPENSSL_WITH_SSE2
347 OPENSSL_OPTIONS += no-sse2
348 endif
349 endif
350
351 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
352
353 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
354
355 define Build/Configure
356 (cd $(PKG_BUILD_DIR); \
357 ./Configure $(OPENSSL_TARGET) \
358 --prefix=/usr \
359 --libdir=lib \
360 --openssldir=/etc/ssl \
361 --cross-compile-prefix="$(TARGET_CROSS)" \
362 $(TARGET_CPPFLAGS) \
363 $(TARGET_LDFLAGS) \
364 $(OPENSSL_OPTIONS) && \
365 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
366 )
367 endef
368
369 TARGET_CFLAGS += $(FPIC)
370
371 define Build/Compile
372 +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
373 CC="$(TARGET_CC)" \
374 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
375 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
376 $(OPENSSL_MAKEFLAGS) \
377 all
378 $(MAKE) -C $(PKG_BUILD_DIR) \
379 CC="$(TARGET_CC)" \
380 DESTDIR="$(PKG_INSTALL_DIR)" \
381 $(OPENSSL_MAKEFLAGS) \
382 install_sw install_ssldirs
383 endef
384
385 define Build/InstallDev
386 $(INSTALL_DIR) $(1)/usr/include
387 $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
388 $(INSTALL_DIR) $(1)/usr/lib/
389 $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
390 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
391 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
392 [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
393 endef
394
395 define Package/libopenssl/install
396 $(INSTALL_DIR) $(1)/etc/ssl/certs
397 $(INSTALL_DIR) $(1)/etc/ssl/private
398 chmod 0700 $(1)/etc/ssl/private
399 $(INSTALL_DIR) $(1)/usr/lib
400 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
401 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
402 $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
403 endef
404
405 define Package/libopenssl-conf/install
406 $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config $(1)/etc/init.d
407 $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
408 $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
409 $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
410 touch $(1)/etc/config/openssl
411 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
412 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
413 echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
414 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
415 $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
416 echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
417 endef
418
419 define Package/openssl-util/install
420 $(INSTALL_DIR) $(1)/usr/bin
421 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
422 endef
423
424 $(eval $(call BuildPackage,libopenssl))
425 $(eval $(call BuildPackage,libopenssl-conf))
426 $(eval $(call BuildPackage,libopenssl-afalg))
427 $(eval $(call BuildPackage,libopenssl-devcrypto))
428 $(eval $(call BuildPackage,libopenssl-padlock))
429 $(eval $(call BuildPackage,openssl-util))
OpenWrt Source Repository