2 # Copyright (C) 2006-2016 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR
)/rules.mk
13 PKG_VERSION
:=$(PKG_BASE
)$(PKG_BUGFIX
)
16 ENGINES_DIR
=engines-1.1
19 PKG_BUILD_DEPENDS
:=cryptodev-linux
21 PKG_SOURCE
:=$(PKG_NAME
)-$(PKG_VERSION
).
tar.gz
23 http
://ftp.fi.muni.cz
/pub
/openssl
/source
/ \
24 http
://ftp.linux.hr
/pub
/openssl
/source
/ \
25 ftp
://ftp.pca.dfn.de
/pub
/tools
/net
/openssl
/source
/ \
26 http
://www.openssl.org
/source
/ \
27 http
://www.openssl.org
/source
/old
/$(PKG_BASE
)/
28 PKG_HASH
:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
31 PKG_LICENSE_FILES
:=LICENSE
32 PKG_CPE_ID
:=cpe
:/a
:openssl
:openssl
33 PKG_CONFIG_DEPENDS
:= \
34 CONFIG_OPENSSL_ENGINE \
35 CONFIG_OPENSSL_ENGINE_CRYPTO \
36 CONFIG_OPENSSL_NO_DEPRECATED \
37 CONFIG_OPENSSL_OPTIMIZE_SPEED \
38 CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
39 CONFIG_OPENSSL_WITH_ARIA \
40 CONFIG_OPENSSL_WITH_ASM \
41 CONFIG_OPENSSL_WITH_ASYNC \
42 CONFIG_OPENSSL_WITH_BLAKE2 \
43 CONFIG_OPENSSL_WITH_CAMELLIA \
44 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
45 CONFIG_OPENSSL_WITH_CMS \
46 CONFIG_OPENSSL_WITH_COMPRESSION \
47 CONFIG_OPENSSL_WITH_DTLS \
48 CONFIG_OPENSSL_WITH_EC \
49 CONFIG_OPENSSL_WITH_EC2M \
50 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
51 CONFIG_OPENSSL_WITH_GOST \
52 CONFIG_OPENSSL_WITH_IDEA \
53 CONFIG_OPENSSL_WITH_MDC2 \
54 CONFIG_OPENSSL_WITH_NPN \
55 CONFIG_OPENSSL_WITH_PSK \
56 CONFIG_OPENSSL_WITH_RFC3779 \
57 CONFIG_OPENSSL_WITH_SEED \
58 CONFIG_OPENSSL_WITH_SM234 \
59 CONFIG_OPENSSL_WITH_SRP \
60 CONFIG_OPENSSL_WITH_SSE2 \
61 CONFIG_OPENSSL_WITH_TLS13 \
62 CONFIG_OPENSSL_WITH_WHIRLPOOL
64 include $(INCLUDE_DIR
)/package.mk
66 ifneq ($(CONFIG_CCACHE
),)
67 HOSTCC
=$(HOSTCC_NOCACHE
)
68 HOSTCXX
=$(HOSTCXX_NOCACHE
)
71 define Package
/openssl
/Default
72 TITLE
:=Open source SSL toolkit
73 URL
:=http
://www.openssl.org
/
78 define Package
/libopenssl
/config
79 source
"$(SOURCE)/Config.in"
82 define Package
/openssl
/Default
/description
83 The OpenSSL Project is a collaborative effort to develop a robust
,
84 commercial-grade
, full-featured
, and Open Source toolkit implementing the
85 Transport Layer Security
(TLS
) protocol
as well
as a full-strength
86 general-purpose cryptography library.
89 define Package
/libopenssl
90 $(call Package
/openssl
/Default
)
92 DEPENDS
:=+OPENSSL_WITH_COMPRESSION
:zlib
98 define Package
/libopenssl
/description
99 $(call Package
/openssl
/Default
/description
)
100 This package contains the OpenSSL shared libraries
, needed by other programs.
103 define Package
/openssl-util
104 $(call Package
/openssl
/Default
)
107 DEPENDS
:=+libopenssl
+libopenssl-conf
111 define Package
/openssl-util
/description
112 $(call Package
/openssl
/Default
/description
)
113 This package contains the OpenSSL command-line utility.
116 define Package
/libopenssl-conf
117 $(call Package
/openssl
/Default
)
119 TITLE
:=/etc
/ssl
/openssl.cnf config file
123 define Package
/libopenssl-conf
/conffiles
127 define Package
/libopenssl-conf
/description
128 $(call Package
/openssl
/Default
/description
)
129 This package installs the OpenSSL configuration file
/etc
/ssl
/openssl.cnf.
132 define Package
/libopenssl-afalg
133 $(call Package
/openssl
/Default
)
135 TITLE
:=AFALG hardware acceleration engine
136 DEPENDS
:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @
!LINUX_3_18
+kmod-crypto-user \
140 define Package
/libopenssl-afalg
/description
141 This package adds an engine that enables hardware acceleration
142 through the AF_ALG kernel interface.
143 To use it
, you need to configure the engine in
/etc
/ssl
/openssl.cnf
144 See https
://www.openssl.org
/docs
/man1.1
.1/man5
/config.html
#Engine-Configuration-Module
145 The engine_id is
"afalg"
148 define Package
/libopenssl-padlock
149 $(call Package
/openssl
/Default
)
151 TITLE
:=VIA Padlock hardware acceleration engine
152 DEPENDS
:=libopenssl @OPENSSL_ENGINE @TARGET_x86
+kmod-crypto-hw-padlock \
156 define Package
/libopenssl-padlock
/description
157 This package adds an engine that enables VIA Padlock hardware acceleration.
158 To use it
, you need to configure it in
/etc
/ssl
/openssl.cnf.
159 See https
://www.openssl.org
/docs
/man1.1
.1/man5
/config.html
#Engine-Configuration-Module
160 The engine_id is
"padlock"
163 OPENSSL_OPTIONS
:= shared
165 ifndef CONFIG_OPENSSL_WITH_BLAKE2
166 OPENSSL_OPTIONS
+= no-blake2
169 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
170 OPENSSL_OPTIONS
+= no-chacha no-poly1305
172 ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
173 OPENSSL_OPTIONS
+= -DOPENSSL_PREFER_CHACHA_OVER_GCM
177 ifndef CONFIG_OPENSSL_WITH_ASYNC
178 OPENSSL_OPTIONS
+= no-async
181 ifndef CONFIG_OPENSSL_WITH_EC
182 OPENSSL_OPTIONS
+= no-ec
185 ifndef CONFIG_OPENSSL_WITH_EC2M
186 OPENSSL_OPTIONS
+= no-ec2m
189 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
190 OPENSSL_OPTIONS
+= no-err
193 ifndef CONFIG_OPENSSL_WITH_TLS13
194 OPENSSL_OPTIONS
+= no-tls1_3
197 ifndef CONFIG_OPENSSL_WITH_ARIA
198 OPENSSL_OPTIONS
+= no-aria
201 ifndef CONFIG_OPENSSL_WITH_SM234
202 OPENSSL_OPTIONS
+= no-sm2 no-sm3 no-sm4
205 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
206 OPENSSL_OPTIONS
+= no-camellia
209 ifndef CONFIG_OPENSSL_WITH_IDEA
210 OPENSSL_OPTIONS
+= no-idea
213 ifndef CONFIG_OPENSSL_WITH_SEED
214 OPENSSL_OPTIONS
+= no-seed
217 ifndef CONFIG_OPENSSL_WITH_MDC2
218 OPENSSL_OPTIONS
+= no-mdc2
221 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
222 OPENSSL_OPTIONS
+= no-whirlpool
225 ifndef CONFIG_OPENSSL_WITH_CMS
226 OPENSSL_OPTIONS
+= no-cms
229 ifndef CONFIG_OPENSSL_WITH_RFC3779
230 OPENSSL_OPTIONS
+= no-rfc3779
233 ifdef CONFIG_OPENSSL_NO_DEPRECATED
234 OPENSSL_OPTIONS
+= no-deprecated
237 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED
),y
)
238 TARGET_CFLAGS
:= $(filter-out -O
%,$(TARGET_CFLAGS
)) -O3
240 OPENSSL_OPTIONS
+= -DOPENSSL_SMALL_FOOTPRINT
243 ifdef CONFIG_OPENSSL_ENGINE
244 ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
245 OPENSSL_OPTIONS
+= enable-devcryptoeng
247 ifndef CONFIG_PACKAGE_libopenssl-afalg
248 OPENSSL_OPTIONS
+= no-afalgeng
250 ifndef CONFIG_PACKAGE_libopenssl-padlock
251 OPENSSL_OPTIONS
+= no-hw-padlock
254 OPENSSL_OPTIONS
+= no-engine
257 ifndef CONFIG_OPENSSL_WITH_GOST
258 OPENSSL_OPTIONS
+= no-gost
261 ifndef CONFIG_OPENSSL_WITH_DTLS
262 OPENSSL_OPTIONS
+= no-dtls
265 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
266 OPENSSL_OPTIONS
+= zlib-dynamic
268 OPENSSL_OPTIONS
+= no-comp
271 ifndef CONFIG_OPENSSL_WITH_NPN
272 OPENSSL_OPTIONS
+= no-nextprotoneg
275 ifndef CONFIG_OPENSSL_WITH_PSK
276 OPENSSL_OPTIONS
+= no-psk
279 ifndef CONFIG_OPENSSL_WITH_SRP
280 OPENSSL_OPTIONS
+= no-srp
283 ifndef CONFIG_OPENSSL_WITH_ASM
284 OPENSSL_OPTIONS
+= no-asm
288 ifndef CONFIG_OPENSSL_WITH_SSE2
289 OPENSSL_OPTIONS
+= no-sse2
293 OPENSSL_TARGET
:=linux-
$(call qstrip
,$(CONFIG_ARCH
))-openwrt
295 STAMP_CONFIGURED
:= $(STAMP_CONFIGURED
)_
$(shell echo
$(OPENSSL_OPTIONS
) | mkhash md5
)
297 define Build
/Configure
298 (cd
$(PKG_BUILD_DIR
); \
299 .
/Configure
$(OPENSSL_TARGET
) \
302 --openssldir
=/etc
/ssl \
305 $(OPENSSL_OPTIONS
) && \
306 { [ -f
$(STAMP_CONFIGURED
) ] || make
clean; } \
310 TARGET_CFLAGS
+= $(FPIC
) -ffunction-sections
-fdata-sections
311 TARGET_LDFLAGS
+= -Wl
,--gc-sections
314 +$(MAKE
) $(PKG_JOBS
) -C
$(PKG_BUILD_DIR
) \
315 CROSS_COMPILE
="$(TARGET_CROSS)" \
317 SOURCE_DATE_EPOCH
=$(SOURCE_DATE_EPOCH
) \
318 OPENWRT_OPTIMIZATION_FLAGS
="$(TARGET_CFLAGS)" \
319 $(OPENSSL_MAKEFLAGS
) \
321 $(MAKE
) -C
$(PKG_BUILD_DIR
) \
322 CROSS_COMPILE
="$(TARGET_CROSS)" \
324 DESTDIR
="$(PKG_INSTALL_DIR)" \
325 $(OPENSSL_MAKEFLAGS
) \
326 install_sw install_ssldirs
329 define Build
/InstallDev
330 $(INSTALL_DIR
) $(1)/usr
/include
331 $(CP
) $(PKG_INSTALL_DIR
)/usr
/include/openssl
$(1)/usr
/include/
332 $(INSTALL_DIR
) $(1)/usr
/lib
/
333 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/lib
{crypto
,ssl
}.
{a
,so
*} $(1)/usr
/lib
/
334 $(INSTALL_DIR
) $(1)/usr
/lib
/pkgconfig
335 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc $(1)/usr
/lib
/pkgconfig
/
336 [ -n
"$(TARGET_LDFLAGS)" ] && $(SED
) 's#$(TARGET_LDFLAGS)##g' $(1)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc || true
339 define Package
/libopenssl
/install
340 $(INSTALL_DIR
) $(1)/etc
/ssl
/certs
341 $(INSTALL_DIR
) $(1)/etc
/ssl
/private
342 chmod
0700 $(1)/etc
/ssl
/private
343 $(INSTALL_DIR
) $(1)/usr
/lib
344 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libcrypto.so.
* $(1)/usr
/lib
/
345 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libssl.so.
* $(1)/usr
/lib
/
346 $(if
$(CONFIG_OPENSSL_ENGINE
),$(INSTALL_DIR
) $(1)/usr
/lib
/$(ENGINES_DIR
))
349 define Package
/libopenssl-conf
/install
350 $(INSTALL_DIR
) $(1)/etc
/ssl
351 $(CP
) $(PKG_INSTALL_DIR
)/etc
/ssl
/openssl.cnf
$(1)/etc
/ssl
/
354 define Package
/openssl-util
/install
355 $(INSTALL_DIR
) $(1)/usr
/bin
356 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/bin
/openssl
$(1)/usr
/bin
/
359 define Package
/libopenssl-afalg
/install
360 $(INSTALL_DIR
) $(1)/usr
/lib
/$(ENGINES_DIR
)
361 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/lib
/$(ENGINES_DIR
)/afalg.so
$(1)/usr
/lib
/$(ENGINES_DIR
)
364 define Package
/libopenssl-padlock
/install
365 $(INSTALL_DIR
) $(1)/usr
/lib
/$(ENGINES_DIR
)
366 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/lib
/$(ENGINES_DIR
)/*padlock.so
$(1)/usr
/lib
/$(ENGINES_DIR
)
369 $(eval
$(call BuildPackage
,libopenssl
))
370 $(eval
$(call BuildPackage
,libopenssl-conf
))
371 $(eval
$(call BuildPackage
,libopenssl-afalg
))
372 $(eval
$(call BuildPackage
,libopenssl-padlock
))
373 $(eval
$(call BuildPackage
,openssl-util
))