package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_BASE:=1.1.1
  12 PKG_BUGFIX:=b
  13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  14 PKG_RELEASE:=5
  15 PKG_USE_MIPS16:=0
  16 ENGINES_DIR=engines-1.1
  17
  18 PKG_BUILD_PARALLEL:=1
  19
  20 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  21 PKG_SOURCE_URL:= \
  22         http://ftp.fi.muni.cz/pub/openssl/source/ \
  23         http://ftp.linux.hr/pub/openssl/source/ \
  24         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  25         http://www.openssl.org/source/ \
  26         http://www.openssl.org/source/old/$(PKG_BASE)/
  27 PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
  28
  29 PKG_LICENSE:=OpenSSL
  30 PKG_LICENSE_FILES:=LICENSE
  31 PKG_MAINTAINER:=Eneas U de Queiroz <cote2004-github@yahoo.com>
  32 PKG_CPE_ID:=cpe:/a:openssl:openssl
  33 PKG_CONFIG_DEPENDS:= \
  34         CONFIG_OPENSSL_ENGINE \
  35         CONFIG_OPENSSL_ENGINE_BUILTIN \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  39         CONFIG_OPENSSL_NO_DEPRECATED \
  40         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  41         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  42         CONFIG_OPENSSL_WITH_ARIA \
  43         CONFIG_OPENSSL_WITH_ASM \
  44         CONFIG_OPENSSL_WITH_ASYNC \
  45         CONFIG_OPENSSL_WITH_BLAKE2 \
  46         CONFIG_OPENSSL_WITH_CAMELLIA \
  47         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  48         CONFIG_OPENSSL_WITH_CMS \
  49         CONFIG_OPENSSL_WITH_COMPRESSION \
  50         CONFIG_OPENSSL_WITH_DTLS \
  51         CONFIG_OPENSSL_WITH_EC \
  52         CONFIG_OPENSSL_WITH_EC2M \
  53         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  54         CONFIG_OPENSSL_WITH_GOST \
  55         CONFIG_OPENSSL_WITH_IDEA \
  56         CONFIG_OPENSSL_WITH_MDC2 \
  57         CONFIG_OPENSSL_WITH_NPN \
  58         CONFIG_OPENSSL_WITH_PSK \
  59         CONFIG_OPENSSL_WITH_RFC3779 \
  60         CONFIG_OPENSSL_WITH_SEED \
  61         CONFIG_OPENSSL_WITH_SM234 \
  62         CONFIG_OPENSSL_WITH_SRP \
  63         CONFIG_OPENSSL_WITH_SSE2 \
  64         CONFIG_OPENSSL_WITH_TLS13 \
  65         CONFIG_OPENSSL_WITH_WHIRLPOOL
  66
  67 include $(INCLUDE_DIR)/package.mk
  68
  69 ifneq ($(CONFIG_CCACHE),)
  70 HOSTCC=$(HOSTCC_NOCACHE)
  71 HOSTCXX=$(HOSTCXX_NOCACHE)
  72 endif
  73
  74 define Package/openssl/Default
  75   TITLE:=Open source SSL toolkit
  76   URL:=http://www.openssl.org/
  77   SECTION:=libs
  78   CATEGORY:=Libraries
  79 endef
  80
  81 define Package/libopenssl/config
  82 source "$(SOURCE)/Config.in"
  83 endef
  84
  85 define Package/openssl/Default/description
  86 The OpenSSL Project is a collaborative effort to develop a robust,
  87 commercial-grade, full-featured, and Open Source toolkit implementing the
  88 Transport Layer Security (TLS) protocol as well as a full-strength
  89 general-purpose cryptography library.
  90 endef
  91
  92 define Package/libopenssl
  93 $(call Package/openssl/Default)
  94   SUBMENU:=SSL
  95   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  96            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  97            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  98            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
  99   TITLE+= (libraries)
 100   ABI_VERSION:=1.1
 101   MENU:=1
 102 endef
 103
 104 define Package/libopenssl/description
 105 $(call Package/openssl/Default/description)
 106 This package contains the OpenSSL shared libraries, needed by other programs.
 107 endef
 108
 109 define Package/openssl-util
 110   $(call Package/openssl/Default)
 111   SECTION:=utils
 112   CATEGORY:=Utilities
 113   DEPENDS:=+libopenssl +libopenssl-conf
 114   TITLE+= (utility)
 115 endef
 116
 117 define Package/openssl-util/description
 118 $(call Package/openssl/Default/description)
 119 This package contains the OpenSSL command-line utility.
 120 endef
 121
 122 define Package/libopenssl-conf
 123   $(call Package/openssl/Default)
 124   SUBMENU:=SSL
 125   TITLE:=/etc/ssl/openssl.cnf config file
 126   DEPENDS:=libopenssl
 127 endef
 128
 129 define Package/libopenssl-conf/conffiles
 130 /etc/ssl/openssl.cnf
 131 endef
 132
 133 define Package/libopenssl-conf/description
 134 $(call Package/openssl/Default/description)
 135 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 136 endef
 137
 138 define Package/libopenssl-afalg
 139   $(call Package/openssl/Default)
 140   SUBMENU:=SSL
 141   TITLE:=AFALG hardware acceleration engine
 142   DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 +kmod-crypto-user \
 143            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 144 endef
 145
 146 define Package/libopenssl-afalg/description
 147 This package adds an engine that enables hardware acceleration
 148 through the AF_ALG kernel interface.
 149 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 150 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 151 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 152 The engine_id is "afalg"
 153 endef
 154
 155 define Package/libopenssl-devcrypto
 156   $(call Package/openssl/Default)
 157   SUBMENU:=SSL
 158   TITLE:=/dev/crypto hardware acceleration engine
 159   DEPENDS:=libopenssl @OPENSSL_ENGINE +kmod-cryptodev +libopenssl-conf \
 160            @!OPENSSL_ENGINE_BUILTIN
 161 endef
 162
 163 define Package/libopenssl-devcrypto/description
 164 This package adds an engine that enables hardware acceleration
 165 through the /dev/crypto kernel interface.
 166 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 167 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 168 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 169 The engine_id is "devcrypto"
 170 endef
 171
 172 define Package/libopenssl-padlock
 173   $(call Package/openssl/Default)
 174   SUBMENU:=SSL
 175   TITLE:=VIA Padlock hardware acceleration engine
 176   DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock \
 177            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 178 endef
 179
 180 define Package/libopenssl-padlock/description
 181 This package adds an engine that enables VIA Padlock hardware acceleration.
 182 To use it, you need to configure it in /etc/ssl/openssl.cnf.
 183 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 184 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 185 The engine_id is "padlock"
 186 endef
 187
 188 OPENSSL_OPTIONS:= shared
 189
 190 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 191   OPENSSL_OPTIONS += no-blake2
 192 endif
 193
 194 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 195   OPENSSL_OPTIONS += no-chacha no-poly1305
 196 else
 197   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 198     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 199   endif
 200 endif
 201
 202 ifndef CONFIG_OPENSSL_WITH_ASYNC
 203   OPENSSL_OPTIONS += no-async
 204 endif
 205
 206 ifndef CONFIG_OPENSSL_WITH_EC
 207   OPENSSL_OPTIONS += no-ec
 208 endif
 209
 210 ifndef CONFIG_OPENSSL_WITH_EC2M
 211   OPENSSL_OPTIONS += no-ec2m
 212 endif
 213
 214 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 215   OPENSSL_OPTIONS += no-err
 216 endif
 217
 218 ifndef CONFIG_OPENSSL_WITH_TLS13
 219   OPENSSL_OPTIONS += no-tls1_3
 220 endif
 221
 222 ifndef CONFIG_OPENSSL_WITH_ARIA
 223   OPENSSL_OPTIONS += no-aria
 224 endif
 225
 226 ifndef CONFIG_OPENSSL_WITH_SM234
 227   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 228 endif
 229
 230 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 231   OPENSSL_OPTIONS += no-camellia
 232 endif
 233
 234 ifndef CONFIG_OPENSSL_WITH_IDEA
 235   OPENSSL_OPTIONS += no-idea
 236 endif
 237
 238 ifndef CONFIG_OPENSSL_WITH_SEED
 239   OPENSSL_OPTIONS += no-seed
 240 endif
 241
 242 ifndef CONFIG_OPENSSL_WITH_MDC2
 243   OPENSSL_OPTIONS += no-mdc2
 244 endif
 245
 246 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 247   OPENSSL_OPTIONS += no-whirlpool
 248 endif
 249
 250 ifndef CONFIG_OPENSSL_WITH_CMS
 251   OPENSSL_OPTIONS += no-cms
 252 endif
 253
 254 ifndef CONFIG_OPENSSL_WITH_RFC3779
 255   OPENSSL_OPTIONS += no-rfc3779
 256 endif
 257
 258 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 259   OPENSSL_OPTIONS += no-deprecated
 260 endif
 261
 262 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 263   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 264 else
 265   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 266 endif
 267
 268 ifdef CONFIG_OPENSSL_ENGINE
 269   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 270     OPENSSL_OPTIONS += disable-dynamic-engine
 271     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 272       OPENSSL_OPTIONS += no-afalgeng
 273     endif
 274     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 275       OPENSSL_OPTIONS += enable-devcryptoeng
 276     endif
 277     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 278       OPENSSL_OPTIONS += no-hw-padlock
 279     endif
 280   else
 281     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 282       OPENSSL_OPTIONS += enable-devcryptoeng
 283     endif
 284     ifndef CONFIG_PACKAGE_libopenssl-afalg
 285       OPENSSL_OPTIONS += no-afalgeng
 286     endif
 287     ifndef CONFIG_PACKAGE_libopenssl-padlock
 288       OPENSSL_OPTIONS += no-hw-padlock
 289     endif
 290   endif
 291 else
 292   OPENSSL_OPTIONS += no-engine
 293 endif
 294
 295 ifndef CONFIG_OPENSSL_WITH_GOST
 296   OPENSSL_OPTIONS += no-gost
 297 endif
 298
 299 ifndef CONFIG_OPENSSL_WITH_DTLS
 300   OPENSSL_OPTIONS += no-dtls
 301 endif
 302
 303 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 304   OPENSSL_OPTIONS += zlib-dynamic
 305 else
 306   OPENSSL_OPTIONS += no-comp
 307 endif
 308
 309 ifndef CONFIG_OPENSSL_WITH_NPN
 310   OPENSSL_OPTIONS += no-nextprotoneg
 311 endif
 312
 313 ifndef CONFIG_OPENSSL_WITH_PSK
 314   OPENSSL_OPTIONS += no-psk
 315 endif
 316
 317 ifndef CONFIG_OPENSSL_WITH_SRP
 318   OPENSSL_OPTIONS += no-srp
 319 endif
 320
 321 ifndef CONFIG_OPENSSL_WITH_ASM
 322   OPENSSL_OPTIONS += no-asm
 323 endif
 324
 325 ifdef CONFIG_i386
 326   ifndef CONFIG_OPENSSL_WITH_SSE2
 327     OPENSSL_OPTIONS += no-sse2
 328   endif
 329 endif
 330
 331 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 332
 333 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 334
 335 define Build/Configure
 336         (cd $(PKG_BUILD_DIR); \
 337                 ./Configure $(OPENSSL_TARGET) \
 338                         --prefix=/usr \
 339                         --libdir=lib \
 340                         --openssldir=/etc/ssl \
 341                         $(TARGET_CPPFLAGS) \
 342                         $(TARGET_LDFLAGS) \
 343                         $(OPENSSL_OPTIONS) && \
 344                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 345         )
 346 endef
 347
 348 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 349 TARGET_LDFLAGS += -Wl,--gc-sections
 350
 351 define Build/Compile
 352         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 353                 CROSS_COMPILE="$(TARGET_CROSS)" \
 354                 CC="$(TARGET_CC)" \
 355                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 356                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 357                 $(OPENSSL_MAKEFLAGS) \
 358                 all
 359         $(MAKE) -C $(PKG_BUILD_DIR) \
 360                 CROSS_COMPILE="$(TARGET_CROSS)" \
 361                 CC="$(TARGET_CC)" \
 362                 DESTDIR="$(PKG_INSTALL_DIR)" \
 363                 $(OPENSSL_MAKEFLAGS) \
 364                 install_sw install_ssldirs
 365 endef
 366
 367 define Build/InstallDev
 368         $(INSTALL_DIR) $(1)/usr/include
 369         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 370         $(INSTALL_DIR) $(1)/usr/lib/
 371         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 372         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 373         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 374         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 375 endef
 376
 377 define Package/libopenssl/install
 378         $(INSTALL_DIR) $(1)/etc/ssl/certs
 379         $(INSTALL_DIR) $(1)/etc/ssl/private
 380         chmod 0700 $(1)/etc/ssl/private
 381         $(INSTALL_DIR) $(1)/usr/lib
 382         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 383         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 384         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 385 endef
 386
 387 define Package/libopenssl-conf/install
 388         $(INSTALL_DIR) $(1)/etc/ssl
 389         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 390 endef
 391
 392 define Package/openssl-util/install
 393         $(INSTALL_DIR) $(1)/usr/bin
 394         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 395 endef
 396
 397 define Package/libopenssl-afalg/install
 398         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 399         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
 400 endef
 401
 402 define Package/libopenssl-devcrypto/install
 403         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 404         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
 405 endef
 406
 407 define Package/libopenssl-padlock/install
 408         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 409         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
 410 endef
 411
 412 $(eval $(call BuildPackage,libopenssl))
 413 $(eval $(call BuildPackage,libopenssl-conf))
 414 $(eval $(call BuildPackage,libopenssl-afalg))
 415 $(eval $(call BuildPackage,libopenssl-devcrypto))
 416 $(eval $(call BuildPackage,libopenssl-padlock))
 417 $(eval $(call BuildPackage,openssl-util))