2 # Copyright (C) 2006-2016 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR
)/rules.mk
13 PKG_BUILD_FLAGS
:=no-mips16 gc-sections
17 PKG_BASE
:=$(subst $(space
),.
,$(wordlist
1,2,$(subst .
,$(space
),$(PKG_VERSION
))))
18 PKG_SOURCE
:=$(PKG_NAME
)-$(PKG_VERSION
).
tar.gz
20 http
://www.openssl.org
/source
/ \
21 http
://www.openssl.org
/source
/old
/$(PKG_BASE
)/ \
22 http
://ftp.fi.muni.cz
/pub
/openssl
/source
/ \
23 http
://ftp.fi.muni.cz
/pub
/openssl
/source
/old
/$(PKG_BASE
)/ \
24 ftp
://ftp.pca.dfn.de
/pub
/tools
/net
/openssl
/source
/ \
25 ftp
://ftp.pca.dfn.de
/pub
/tools
/net
/openssl
/source
/old
/$(PKG_BASE
)/
27 PKG_HASH
:=6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
29 PKG_LICENSE
:=Apache-2.0
30 PKG_LICENSE_FILES
:=LICENSE
31 PKG_MAINTAINER
:=Eneas U de Queiroz
<cotequeiroz@gmail.com
>
32 PKG_CPE_ID
:=cpe
:/a
:openssl
:openssl
33 PKG_CONFIG_DEPENDS
:= \
34 CONFIG_OPENSSL_ENGINE \
35 CONFIG_OPENSSL_ENGINE_BUILTIN \
36 CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
37 CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
38 CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
39 CONFIG_OPENSSL_NO_DEPRECATED \
40 CONFIG_OPENSSL_OPTIMIZE_SPEED \
41 CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
42 CONFIG_OPENSSL_SMALL_FOOTPRINT \
43 CONFIG_OPENSSL_WITH_ARIA \
44 CONFIG_OPENSSL_WITH_ASM \
45 CONFIG_OPENSSL_WITH_ASYNC \
46 CONFIG_OPENSSL_WITH_BLAKE2 \
47 CONFIG_OPENSSL_WITH_CAMELLIA \
48 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
49 CONFIG_OPENSSL_WITH_CMS \
50 CONFIG_OPENSSL_WITH_COMPRESSION \
51 CONFIG_OPENSSL_WITH_DTLS \
52 CONFIG_OPENSSL_WITH_EC2M \
53 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
54 CONFIG_OPENSSL_WITH_IDEA \
55 CONFIG_OPENSSL_WITH_MDC2 \
56 CONFIG_OPENSSL_WITH_NPN \
57 CONFIG_OPENSSL_WITH_PSK \
58 CONFIG_OPENSSL_WITH_RFC3779 \
59 CONFIG_OPENSSL_WITH_SEED \
60 CONFIG_OPENSSL_WITH_SM234 \
61 CONFIG_OPENSSL_WITH_SRP \
62 CONFIG_OPENSSL_WITH_SSE2 \
63 CONFIG_OPENSSL_WITH_TLS13 \
64 CONFIG_OPENSSL_WITH_WHIRLPOOL
66 include $(INCLUDE_DIR
)/package.mk
67 include $(INCLUDE_DIR
)/openssl-module.mk
69 ifneq ($(CONFIG_CCACHE
),)
70 HOSTCC
=$(HOSTCC_NOCACHE
)
71 HOSTCXX
=$(HOSTCXX_NOCACHE
)
74 define Package
/openssl
/Default
75 TITLE
:=Open source SSL toolkit
76 URL
:=http
://www.openssl.org
/
81 define Package
/libopenssl
/config
82 source
"$(SOURCE)/Config.in"
85 define Package
/openssl
/Default
/description
86 The OpenSSL Project is a collaborative effort to develop a robust
,
87 commercial-grade
, full-featured
, and Open Source toolkit implementing the
88 Transport Layer Security
(TLS
) protocol
as well
as a full-strength
89 general-purpose cryptography library.
92 define Package
/libopenssl
93 $(call Package
/openssl
/Default
)
95 DEPENDS
:=+OPENSSL_WITH_COMPRESSION
:zlib \
96 +OPENSSL_ENGINE_BUILTIN_AFALG
:kmod-crypto-user \
97 +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
:kmod-cryptodev \
98 +OPENSSL_ENGINE_BUILTIN_PADLOCK
:kmod-crypto-hw-padlock \
99 +(arm||armeb||mips||mipsel||powerpc||arc
):libatomic
101 ABI_VERSION
:=$(firstword $(subst .
,$(space
),$(PKG_VERSION
)))
105 define Package
/libopenssl
/description
106 $(call Package
/openssl
/Default
/description
)
107 This package contains the OpenSSL shared libraries
, needed by other programs.
110 define Package
/openssl-util
111 $(call Package
/openssl
/Default
)
114 DEPENDS
:=+libopenssl
+libopenssl-conf
118 define Package
/openssl-util
/description
119 $(call Package
/openssl
/Default
/description
)
120 This package contains the OpenSSL command-line utility.
123 define Package
/libopenssl-conf
124 $(call Package
/openssl
/Default
)
126 TITLE
:=/etc
/ssl
/openssl.cnf config file
130 define Package
/libopenssl-conf
/conffiles
132 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
),/etc
/ssl
/modules.cnf.d
/devcrypto.cnf
)
133 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
),/etc
/ssl
/modules.cnf.d
/padlock.cnf
)
136 define Package
/libopenssl-conf
/description
137 $(call Package
/openssl
/Default
/description
)
138 This package installs the OpenSSL configuration file
/etc
/ssl
/openssl.cnf.
141 ifneq ($(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
)$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
),)
142 define Package
/libopenssl-conf
/postinst
144 OPENSSL_UCI
="$${IPKG_INSTROOT}/etc/config/openssl"
146 add_engine_config
() {
147 if
[ -z
"$${IPKG_INSTROOT}" ] && uci
-q
get "openssl.$$1" >/dev
/null
; then
148 [ "$$(uci -q get "openssl.
$$1.builtin
")" = 1 ] && return
149 uci set
"openssl.$$1.builtin=1" && uci commit openssl
154 echo
" option enabled '1'"
155 echo
" option builtin '1'"
157 } >>"$${OPENSSL_UCI}"
160 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
),add_engine_config devcrypto
)
161 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
),add_engine_config padlock
)
165 $(eval
$(call Package
/openssl
/add-provider
,legacy
))
166 define Package
/libopenssl-legacy
167 $(call Package
/openssl
/Default
)
168 $(call Package
/openssl
/module
/Default
)
169 TITLE
:=OpenSSL legacy provider
172 define Package
/libopenssl-legacy
/description
173 The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that
174 have been deemed legacy. Such algorithms have commonly fallen out of use
, have
175 been deemed insecure by the cryptography community
, or something similar. See
176 https
://www.openssl.org
/docs
/man3.0
/man7
/OSSL_PROVIDER-legacy.html
179 $(eval
$(call Package
/openssl
/add-engine
,afalg
))
180 define Package
/libopenssl-afalg
181 $(call Package
/openssl
/Default
)
182 $(call Package
/openssl
/engine
/Default
)
183 TITLE
:=AFALG hardware acceleration engine
184 DEPENDS
+= @KERNEL_AIO
+PACKAGE_libopenssl-afalg
:kmod-crypto-user \
185 @
!OPENSSL_ENGINE_BUILTIN
188 define Package
/libopenssl-afalg
/description
189 This package adds an engine that enables hardware acceleration
190 through the AF_ALG kernel interface.
191 See https
://www.openssl.org
/docs
/man3.0
/man5
/config.html
#Engine-Configuration
192 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
193 The engine_id is
"afalg"
196 $(eval
$(call Package
/openssl
/add-engine
,devcrypto
))
197 define Package
/libopenssl-devcrypto
198 $(call Package
/openssl
/Default
)
199 $(call Package
/openssl
/engine
/Default
)
200 TITLE
:=/dev
/crypto hardware acceleration engine
201 DEPENDS
+= +PACKAGE_libopenssl-devcrypto
:kmod-cryptodev @
!OPENSSL_ENGINE_BUILTIN
204 define Package
/libopenssl-devcrypto
/description
205 This package adds an engine that enables hardware acceleration
206 through the
/dev
/crypto kernel interface.
207 See https
://www.openssl.org
/docs
/man3.0
/man5
/config.html
#Engine-Configuration
208 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
209 The engine_id is
"devcrypto"
212 $(eval
$(call Package
/openssl
/add-engine
,padlock
))
213 define Package
/libopenssl-padlock
214 $(call Package
/openssl
/Default
)
215 $(call Package
/openssl
/engine
/Default
)
216 TITLE
:=VIA Padlock hardware acceleration engine
217 DEPENDS
+= @TARGET_x86
+PACKAGE_libopenssl-padlock
:kmod-crypto-hw-padlock \
218 @
!OPENSSL_ENGINE_BUILTIN
221 define Package
/libopenssl-padlock
/description
222 This package adds an engine that enables VIA Padlock hardware acceleration.
223 See https
://www.openssl.org
/docs
/man3.0
/man5
/config.html
#Engine-Configuration
224 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
225 The engine_id is
"padlock"
228 OPENSSL_OPTIONS
:= shared no-tests
230 ifndef CONFIG_OPENSSL_WITH_BLAKE2
231 OPENSSL_OPTIONS
+= no-blake2
234 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
235 OPENSSL_OPTIONS
+= no-chacha no-poly1305
237 ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
238 OPENSSL_OPTIONS
+= -DOPENSSL_PREFER_CHACHA_OVER_GCM
242 ifndef CONFIG_OPENSSL_WITH_ASYNC
243 OPENSSL_OPTIONS
+= no-async
246 ifndef CONFIG_OPENSSL_WITH_EC2M
247 OPENSSL_OPTIONS
+= no-ec2m
250 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
251 OPENSSL_OPTIONS
+= no-err
254 ifndef CONFIG_OPENSSL_WITH_TLS13
255 OPENSSL_OPTIONS
+= no-tls1_3
258 ifndef CONFIG_OPENSSL_WITH_ARIA
259 OPENSSL_OPTIONS
+= no-aria
262 ifndef CONFIG_OPENSSL_WITH_SM234
263 OPENSSL_OPTIONS
+= no-sm2 no-sm3 no-sm4
266 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
267 OPENSSL_OPTIONS
+= no-camellia
270 ifndef CONFIG_OPENSSL_WITH_IDEA
271 OPENSSL_OPTIONS
+= no-idea
274 ifndef CONFIG_OPENSSL_WITH_SEED
275 OPENSSL_OPTIONS
+= no-seed
278 ifndef CONFIG_OPENSSL_WITH_MDC2
279 OPENSSL_OPTIONS
+= no-mdc2
282 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
283 OPENSSL_OPTIONS
+= no-whirlpool
286 ifndef CONFIG_OPENSSL_WITH_CMS
287 OPENSSL_OPTIONS
+= no-cms
290 ifndef CONFIG_OPENSSL_WITH_RFC3779
291 OPENSSL_OPTIONS
+= no-rfc3779
294 ifdef CONFIG_OPENSSL_NO_DEPRECATED
295 OPENSSL_OPTIONS
+= no-deprecated
298 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED
),y
)
299 TARGET_CFLAGS
:= $(filter-out -O
%,$(TARGET_CFLAGS
)) -O3
302 ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT
),y
)
303 OPENSSL_OPTIONS
+= -DOPENSSL_SMALL_FOOTPRINT
306 ifdef CONFIG_OPENSSL_ENGINE
307 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
308 OPENSSL_OPTIONS
+= disable-dynamic-engine
309 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
310 OPENSSL_OPTIONS
+= no-afalgeng
312 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
313 OPENSSL_OPTIONS
+= enable-devcryptoeng
315 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
316 OPENSSL_OPTIONS
+= no-padlockeng
319 ifdef CONFIG_PACKAGE_libopenssl-devcrypto
320 OPENSSL_OPTIONS
+= enable-devcryptoeng
322 ifndef CONFIG_PACKAGE_libopenssl-afalg
323 OPENSSL_OPTIONS
+= no-afalgeng
325 ifndef CONFIG_PACKAGE_libopenssl-padlock
326 OPENSSL_OPTIONS
+= no-padlockeng
330 OPENSSL_OPTIONS
+= no-engine
333 ifndef CONFIG_OPENSSL_WITH_DTLS
334 OPENSSL_OPTIONS
+= no-dtls
337 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
338 OPENSSL_OPTIONS
+= zlib-dynamic
340 OPENSSL_OPTIONS
+= no-comp
343 ifndef CONFIG_OPENSSL_WITH_NPN
344 OPENSSL_OPTIONS
+= no-nextprotoneg
347 ifndef CONFIG_OPENSSL_WITH_PSK
348 OPENSSL_OPTIONS
+= no-psk
351 ifndef CONFIG_OPENSSL_WITH_SRP
352 OPENSSL_OPTIONS
+= no-srp
355 ifndef CONFIG_OPENSSL_WITH_ASM
356 OPENSSL_OPTIONS
+= no-asm
360 ifndef CONFIG_OPENSSL_WITH_SSE2
361 OPENSSL_OPTIONS
+= no-sse2
365 OPENSSL_TARGET
:=linux-
$(call qstrip
,$(CONFIG_ARCH
))-openwrt
367 STAMP_CONFIGURED
:= $(STAMP_CONFIGURED
)_
$(shell echo
$(OPENSSL_OPTIONS
) |
$(MKHASH
) md5
)
369 define Build
/Configure
370 (cd
$(PKG_BUILD_DIR
); \
371 .
/Configure
$(OPENSSL_TARGET
) \
374 --openssldir
=/etc
/ssl \
375 --cross-compile-prefix
="$(TARGET_CROSS)" \
378 $(OPENSSL_OPTIONS
) && \
379 { [ -f
$(STAMP_CONFIGURED
) ] || make
clean; } \
383 TARGET_CFLAGS
+= $(FPIC
)
386 +$(MAKE
) $(PKG_JOBS
) -C
$(PKG_BUILD_DIR
) \
388 SOURCE_DATE_EPOCH
=$(SOURCE_DATE_EPOCH
) \
389 OPENWRT_OPTIMIZATION_FLAGS
="$(TARGET_CFLAGS)" \
390 $(OPENSSL_MAKEFLAGS
) \
392 $(MAKE
) -C
$(PKG_BUILD_DIR
) \
394 DESTDIR
="$(PKG_INSTALL_DIR)" \
395 $(OPENSSL_MAKEFLAGS
) \
396 install_sw install_ssldirs
399 define Build
/InstallDev
400 $(INSTALL_DIR
) $(1)/usr
/include
401 $(CP
) $(PKG_INSTALL_DIR
)/usr
/include/openssl
$(1)/usr
/include/
402 $(INSTALL_DIR
) $(1)/usr
/lib
/
403 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/lib
{crypto
,ssl
}.
{a
,so
*} $(1)/usr
/lib
/
404 $(INSTALL_DIR
) $(1)/usr
/lib
/pkgconfig
405 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc $(1)/usr
/lib
/pkgconfig
/
406 [ -n
"$(TARGET_LDFLAGS)" ] && $(SED
) 's#$(TARGET_LDFLAGS)##g' $(1)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc || true
409 define Package
/libopenssl
/install
410 $(INSTALL_DIR
) $(1)/etc
/ssl
/certs
411 $(INSTALL_DIR
) $(1)/etc
/ssl
/private
412 chmod
0700 $(1)/etc
/ssl
/private
413 $(INSTALL_DIR
) $(1)/usr
/lib
414 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libcrypto.so.
* $(1)/usr
/lib
/
415 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libssl.so.
* $(1)/usr
/lib
/
416 $(if
$(CONFIG_OPENSSL_ENGINE
),$(INSTALL_DIR
) $(1)/usr
/lib
/$(ENGINES_DIR
))
419 define Package
/libopenssl-conf
/install
420 $(INSTALL_DIR
) $(1)/etc
/ssl
/modules.cnf.d
$(1)/etc
/config
$(1)/etc
/init.d
421 $(CP
) $(PKG_INSTALL_DIR
)/etc
/ssl
/openssl.cnf
$(1)/etc
/ssl
/
422 $(INSTALL_BIN
) .
/files
/openssl.init
$(1)/etc
/init.d
/openssl
423 $(SED
) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc
/init.d
/openssl
424 touch
$(1)/etc
/config
/openssl
425 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
),
426 $(CP
) .
/files
/devcrypto.cnf
$(1)/etc
/ssl
/modules.cnf.d
/
427 echo
-e
"config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc
/config
/openssl
)
428 $(if
$(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
),
429 $(CP
) .
/files
/padlock.cnf
$(1)/etc
/ssl
/modules.cnf.d
/
430 echo
-e
"\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc
/config
/openssl
)
433 define Package
/openssl-util
/install
434 $(INSTALL_DIR
) $(1)/usr
/bin
435 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/bin
/openssl
$(1)/usr
/bin
/
438 $(eval
$(call BuildPackage
,libopenssl
))
439 $(eval
$(call BuildPackage
,libopenssl-conf
))
440 $(eval
$(call BuildPackage
,libopenssl-afalg
))
441 $(eval
$(call BuildPackage
,libopenssl-devcrypto
))
442 $(eval
$(call BuildPackage
,libopenssl-legacy
))
443 $(eval
$(call BuildPackage
,libopenssl-padlock
))
444 $(eval
$(call BuildPackage
,openssl-util
))