PKG_NAME:=openssl
PKG_BASE:=1.1.1
-PKG_BUGFIX:=a
+PKG_BUGFIX:=l
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
-PKG_BUILD_PARALLEL:=0
-PKG_BUILD_DEPENDS:=cryptodev-linux
+PKG_BUILD_PARALLEL:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
+ http://www.openssl.org/source/ \
+ http://www.openssl.org/source/old/$(PKG_BASE)/ \
http://ftp.fi.muni.cz/pub/openssl/source/ \
- http://ftp.linux.hr/pub/openssl/source/ \
+ http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
- http://www.openssl.org/source/ \
- http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
+ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
+
+PKG_HASH:=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
PKG_CPE_ID:=cpe:/a:openssl:openssl
PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_ENGINE \
- CONFIG_OPENSSL_ENGINE_CRYPTO \
+ CONFIG_OPENSSL_ENGINE_BUILTIN \
+ CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
+ CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
+ CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
CONFIG_OPENSSL_NO_DEPRECATED \
CONFIG_OPENSSL_OPTIMIZE_SPEED \
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
CONFIG_OPENSSL_WITH_CMS \
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_DTLS \
- CONFIG_OPENSSL_WITH_EC \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
- CONFIG_OPENSSL_WITH_GOST \
CONFIG_OPENSSL_WITH_IDEA \
CONFIG_OPENSSL_WITH_MDC2 \
CONFIG_OPENSSL_WITH_NPN \
define Package/libopenssl
$(call Package/openssl/Default)
SUBMENU:=SSL
- DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
+ DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
+ +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
+ +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
+ +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
TITLE+= (libraries)
ABI_VERSION:=1.1
MENU:=1
$(call Package/openssl/Default)
SECTION:=utils
CATEGORY:=Utilities
- DEPENDS:=+libopenssl
+ DEPENDS:=+libopenssl +libopenssl-conf
TITLE+= (utility)
endef
-define Package/openssl-util/conffiles
+define Package/openssl-util/description
+$(call Package/openssl/Default/description)
+This package contains the OpenSSL command-line utility.
+endef
+
+define Package/libopenssl-conf
+ $(call Package/openssl/Default)
+ SUBMENU:=SSL
+ TITLE:=/etc/ssl/openssl.cnf config file
+ DEPENDS:=libopenssl
+endef
+
+define Package/libopenssl-conf/conffiles
/etc/ssl/openssl.cnf
endef
-define Package/openssl-util/description
+define Package/libopenssl-conf/description
$(call Package/openssl/Default/description)
-This package contains the OpenSSL command-line utility.
+This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
endef
define Package/libopenssl-afalg
$(call Package/openssl/Default)
SUBMENU:=SSL
TITLE:=AFALG hardware acceleration engine
- DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 +kmod-crypto-user
+ DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \
+ +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
endef
define Package/libopenssl-afalg/description
through the AF_ALG kernel interface.
To use it, you need to configure the engine in /etc/ssl/openssl.cnf
See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
The engine_id is "afalg"
endef
+define Package/libopenssl-devcrypto
+ $(call Package/openssl/Default)
+ SUBMENU:=SSL
+ TITLE:=/dev/crypto hardware acceleration engine
+ DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \
+ @!OPENSSL_ENGINE_BUILTIN
+endef
+
+define Package/libopenssl-devcrypto/description
+This package adds an engine that enables hardware acceleration
+through the /dev/crypto kernel interface.
+To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
+The engine_id is "devcrypto"
+endef
+
define Package/libopenssl-padlock
$(call Package/openssl/Default)
SUBMENU:=SSL
TITLE:=VIA Padlock hardware acceleration engine
- DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
+ DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
+ +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
endef
define Package/libopenssl-padlock/description
This package adds an engine that enables VIA Padlock hardware acceleration.
To use it, you need to configure it in /etc/ssl/openssl.cnf.
See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
The engine_id is "padlock"
endef
OPENSSL_OPTIONS += no-async
endif
-ifndef CONFIG_OPENSSL_WITH_EC
- OPENSSL_OPTIONS += no-ec
-endif
-
ifndef CONFIG_OPENSSL_WITH_EC2M
OPENSSL_OPTIONS += no-ec2m
endif
endif
ifdef CONFIG_OPENSSL_ENGINE
- ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
- OPENSSL_OPTIONS += enable-devcryptoeng
- endif
- ifndef CONFIG_PACKAGE_libopenssl-afalg
- OPENSSL_OPTIONS += no-afalgeng
- endif
- ifndef CONFIG_PACKAGE_libopenssl-padlock
- OPENSSL_OPTIONS += no-hw-padlock
+ ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
+ OPENSSL_OPTIONS += disable-dynamic-engine
+ ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
+ OPENSSL_OPTIONS += no-afalgeng
+ endif
+ ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
+ OPENSSL_OPTIONS += enable-devcryptoeng
+ endif
+ ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
+ OPENSSL_OPTIONS += no-hw-padlock
+ endif
+ else
+ ifdef CONFIG_PACKAGE_libopenssl-devcrypto
+ OPENSSL_OPTIONS += enable-devcryptoeng
+ endif
+ ifndef CONFIG_PACKAGE_libopenssl-afalg
+ OPENSSL_OPTIONS += no-afalgeng
+ endif
+ ifndef CONFIG_PACKAGE_libopenssl-padlock
+ OPENSSL_OPTIONS += no-hw-padlock
+ endif
endif
else
OPENSSL_OPTIONS += no-engine
endif
-ifndef CONFIG_OPENSSL_WITH_GOST
- OPENSSL_OPTIONS += no-gost
-endif
-
ifndef CONFIG_OPENSSL_WITH_DTLS
OPENSSL_OPTIONS += no-dtls
endif
OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
-STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
+STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
define Build/Configure
- [ -f $(STAMP_CONFIGURED) ] || { \
- rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
- find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
- }
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
+ --cross-compile-prefix="$(TARGET_CROSS)" \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) \
- $(OPENSSL_OPTIONS) \
+ $(OPENSSL_OPTIONS) && \
+ { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
)
endef
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
- CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
all
$(MAKE) -C $(PKG_BUILD_DIR) \
- CROSS_COMPILE="$(TARGET_CROSS)" \
CC="$(TARGET_CC)" \
DESTDIR="$(PKG_INSTALL_DIR)" \
$(OPENSSL_MAKEFLAGS) \
$(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
endef
-define Package/openssl-util/install
+define Package/libopenssl-conf/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
+endef
+
+define Package/openssl-util/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
endef
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
endef
+define Package/libopenssl-devcrypto/install
+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
define Package/libopenssl-padlock/install
$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
endef
$(eval $(call BuildPackage,libopenssl))
+$(eval $(call BuildPackage,libopenssl-conf))
$(eval $(call BuildPackage,libopenssl-afalg))
+$(eval $(call BuildPackage,libopenssl-devcrypto))
$(eval $(call BuildPackage,libopenssl-padlock))
$(eval $(call BuildPackage,openssl-util))