package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_BASE:=1.1.1
  12 PKG_BUGFIX:=b
  13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  14 PKG_RELEASE:=2
  15 PKG_USE_MIPS16:=0
  16 ENGINES_DIR=engines-1.1
  17
  18 PKG_BUILD_PARALLEL:=0
  19
  20 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  21 PKG_SOURCE_URL:= \
  22         http://ftp.fi.muni.cz/pub/openssl/source/ \
  23         http://ftp.linux.hr/pub/openssl/source/ \
  24         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  25         http://www.openssl.org/source/ \
  26         http://www.openssl.org/source/old/$(PKG_BASE)/
  27 PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
  28
  29 PKG_LICENSE:=OpenSSL
  30 PKG_LICENSE_FILES:=LICENSE
  31 PKG_CPE_ID:=cpe:/a:openssl:openssl
  32 PKG_CONFIG_DEPENDS:= \
  33         CONFIG_OPENSSL_ENGINE \
  34         CONFIG_OPENSSL_ENGINE_BUILTIN \
  35         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  38         CONFIG_OPENSSL_NO_DEPRECATED \
  39         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  40         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  41         CONFIG_OPENSSL_WITH_ARIA \
  42         CONFIG_OPENSSL_WITH_ASM \
  43         CONFIG_OPENSSL_WITH_ASYNC \
  44         CONFIG_OPENSSL_WITH_BLAKE2 \
  45         CONFIG_OPENSSL_WITH_CAMELLIA \
  46         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  47         CONFIG_OPENSSL_WITH_CMS \
  48         CONFIG_OPENSSL_WITH_COMPRESSION \
  49         CONFIG_OPENSSL_WITH_DTLS \
  50         CONFIG_OPENSSL_WITH_EC \
  51         CONFIG_OPENSSL_WITH_EC2M \
  52         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  53         CONFIG_OPENSSL_WITH_GOST \
  54         CONFIG_OPENSSL_WITH_IDEA \
  55         CONFIG_OPENSSL_WITH_MDC2 \
  56         CONFIG_OPENSSL_WITH_NPN \
  57         CONFIG_OPENSSL_WITH_PSK \
  58         CONFIG_OPENSSL_WITH_RFC3779 \
  59         CONFIG_OPENSSL_WITH_SEED \
  60         CONFIG_OPENSSL_WITH_SM234 \
  61         CONFIG_OPENSSL_WITH_SRP \
  62         CONFIG_OPENSSL_WITH_SSE2 \
  63         CONFIG_OPENSSL_WITH_TLS13 \
  64         CONFIG_OPENSSL_WITH_WHIRLPOOL
  65
  66 include $(INCLUDE_DIR)/package.mk
  67
  68 ifneq ($(CONFIG_CCACHE),)
  69 HOSTCC=$(HOSTCC_NOCACHE)
  70 HOSTCXX=$(HOSTCXX_NOCACHE)
  71 endif
  72
  73 define Package/openssl/Default
  74   TITLE:=Open source SSL toolkit
  75   URL:=http://www.openssl.org/
  76   SECTION:=libs
  77   CATEGORY:=Libraries
  78 endef
  79
  80 define Package/libopenssl/config
  81 source "$(SOURCE)/Config.in"
  82 endef
  83
  84 define Package/openssl/Default/description
  85 The OpenSSL Project is a collaborative effort to develop a robust,
  86 commercial-grade, full-featured, and Open Source toolkit implementing the
  87 Transport Layer Security (TLS) protocol as well as a full-strength
  88 general-purpose cryptography library.
  89 endef
  90
  91 define Package/libopenssl
  92 $(call Package/openssl/Default)
  93   SUBMENU:=SSL
  94   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  95            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  96            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  97            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
  98   TITLE+= (libraries)
  99   ABI_VERSION:=1.1
 100   MENU:=1
 101 endef
 102
 103 define Package/libopenssl/description
 104 $(call Package/openssl/Default/description)
 105 This package contains the OpenSSL shared libraries, needed by other programs.
 106 endef
 107
 108 define Package/openssl-util
 109   $(call Package/openssl/Default)
 110   SECTION:=utils
 111   CATEGORY:=Utilities
 112   DEPENDS:=+libopenssl +libopenssl-conf
 113   TITLE+= (utility)
 114 endef
 115
 116 define Package/openssl-util/description
 117 $(call Package/openssl/Default/description)
 118 This package contains the OpenSSL command-line utility.
 119 endef
 120
 121 define Package/libopenssl-conf
 122   $(call Package/openssl/Default)
 123   SUBMENU:=SSL
 124   TITLE:=/etc/ssl/openssl.cnf config file
 125   DEPENDS:=libopenssl
 126 endef
 127
 128 define Package/libopenssl-conf/conffiles
 129 /etc/ssl/openssl.cnf
 130 endef
 131
 132 define Package/libopenssl-conf/description
 133 $(call Package/openssl/Default/description)
 134 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 135 endef
 136
 137 define Package/libopenssl-afalg
 138   $(call Package/openssl/Default)
 139   SUBMENU:=SSL
 140   TITLE:=AFALG hardware acceleration engine
 141   DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 +kmod-crypto-user \
 142            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 143 endef
 144
 145 define Package/libopenssl-afalg/description
 146 This package adds an engine that enables hardware acceleration
 147 through the AF_ALG kernel interface.
 148 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 149 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 150 The engine_id is "afalg"
 151 endef
 152
 153 define Package/libopenssl-devcrypto
 154   $(call Package/openssl/Default)
 155   SUBMENU:=SSL
 156   TITLE:=/dev/crypto hardware acceleration engine
 157   DEPENDS:=libopenssl @OPENSSL_ENGINE +kmod-cryptodev +libopenssl-conf \
 158            @!OPENSSL_ENGINE_BUILTIN
 159 endef
 160
 161 define Package/libopenssl-devcrypto/description
 162 This package adds an engine that enables hardware acceleration
 163 through the /dev/crypto kernel interface.
 164 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 165 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 166 The engine_id is "devcrypto"
 167 endef
 168
 169 define Package/libopenssl-padlock
 170   $(call Package/openssl/Default)
 171   SUBMENU:=SSL
 172   TITLE:=VIA Padlock hardware acceleration engine
 173   DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock \
 174            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 175 endef
 176
 177 define Package/libopenssl-padlock/description
 178 This package adds an engine that enables VIA Padlock hardware acceleration.
 179 To use it, you need to configure it in /etc/ssl/openssl.cnf.
 180 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 181 The engine_id is "padlock"
 182 endef
 183
 184 OPENSSL_OPTIONS:= shared
 185
 186 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 187   OPENSSL_OPTIONS += no-blake2
 188 endif
 189
 190 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 191   OPENSSL_OPTIONS += no-chacha no-poly1305
 192 else
 193   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 194     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 195   endif
 196 endif
 197
 198 ifndef CONFIG_OPENSSL_WITH_ASYNC
 199   OPENSSL_OPTIONS += no-async
 200 endif
 201
 202 ifndef CONFIG_OPENSSL_WITH_EC
 203   OPENSSL_OPTIONS += no-ec
 204 endif
 205
 206 ifndef CONFIG_OPENSSL_WITH_EC2M
 207   OPENSSL_OPTIONS += no-ec2m
 208 endif
 209
 210 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 211   OPENSSL_OPTIONS += no-err
 212 endif
 213
 214 ifndef CONFIG_OPENSSL_WITH_TLS13
 215   OPENSSL_OPTIONS += no-tls1_3
 216 endif
 217
 218 ifndef CONFIG_OPENSSL_WITH_ARIA
 219   OPENSSL_OPTIONS += no-aria
 220 endif
 221
 222 ifndef CONFIG_OPENSSL_WITH_SM234
 223   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 224 endif
 225
 226 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 227   OPENSSL_OPTIONS += no-camellia
 228 endif
 229
 230 ifndef CONFIG_OPENSSL_WITH_IDEA
 231   OPENSSL_OPTIONS += no-idea
 232 endif
 233
 234 ifndef CONFIG_OPENSSL_WITH_SEED
 235   OPENSSL_OPTIONS += no-seed
 236 endif
 237
 238 ifndef CONFIG_OPENSSL_WITH_MDC2
 239   OPENSSL_OPTIONS += no-mdc2
 240 endif
 241
 242 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 243   OPENSSL_OPTIONS += no-whirlpool
 244 endif
 245
 246 ifndef CONFIG_OPENSSL_WITH_CMS
 247   OPENSSL_OPTIONS += no-cms
 248 endif
 249
 250 ifndef CONFIG_OPENSSL_WITH_RFC3779
 251   OPENSSL_OPTIONS += no-rfc3779
 252 endif
 253
 254 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 255   OPENSSL_OPTIONS += no-deprecated
 256 endif
 257
 258 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 259   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 260 else
 261   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 262 endif
 263
 264 ifdef CONFIG_OPENSSL_ENGINE
 265   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 266     OPENSSL_OPTIONS += disable-dynamic-engine
 267     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 268       OPENSSL_OPTIONS += no-afalgeng
 269     endif
 270     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 271       OPENSSL_OPTIONS += enable-devcryptoeng
 272     endif
 273     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 274       OPENSSL_OPTIONS += no-hw-padlock
 275     endif
 276   else
 277     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 278       OPENSSL_OPTIONS += enable-devcryptoeng
 279     endif
 280     ifndef CONFIG_PACKAGE_libopenssl-afalg
 281       OPENSSL_OPTIONS += no-afalgeng
 282     endif
 283     ifndef CONFIG_PACKAGE_libopenssl-padlock
 284       OPENSSL_OPTIONS += no-hw-padlock
 285     endif
 286   endif
 287 else
 288   OPENSSL_OPTIONS += no-engine
 289 endif
 290
 291 ifndef CONFIG_OPENSSL_WITH_GOST
 292   OPENSSL_OPTIONS += no-gost
 293 endif
 294
 295 ifndef CONFIG_OPENSSL_WITH_DTLS
 296   OPENSSL_OPTIONS += no-dtls
 297 endif
 298
 299 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 300   OPENSSL_OPTIONS += zlib-dynamic
 301 else
 302   OPENSSL_OPTIONS += no-comp
 303 endif
 304
 305 ifndef CONFIG_OPENSSL_WITH_NPN
 306   OPENSSL_OPTIONS += no-nextprotoneg
 307 endif
 308
 309 ifndef CONFIG_OPENSSL_WITH_PSK
 310   OPENSSL_OPTIONS += no-psk
 311 endif
 312
 313 ifndef CONFIG_OPENSSL_WITH_SRP
 314   OPENSSL_OPTIONS += no-srp
 315 endif
 316
 317 ifndef CONFIG_OPENSSL_WITH_ASM
 318   OPENSSL_OPTIONS += no-asm
 319 endif
 320
 321 ifdef CONFIG_i386
 322   ifndef CONFIG_OPENSSL_WITH_SSE2
 323     OPENSSL_OPTIONS += no-sse2
 324   endif
 325 endif
 326
 327 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 328
 329 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 330
 331 define Build/Configure
 332         (cd $(PKG_BUILD_DIR); \
 333                 ./Configure $(OPENSSL_TARGET) \
 334                         --prefix=/usr \
 335                         --libdir=lib \
 336                         --openssldir=/etc/ssl \
 337                         $(TARGET_CPPFLAGS) \
 338                         $(TARGET_LDFLAGS) \
 339                         $(OPENSSL_OPTIONS) && \
 340                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 341         )
 342 endef
 343
 344 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 345 TARGET_LDFLAGS += -Wl,--gc-sections
 346
 347 define Build/Compile
 348         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 349                 CROSS_COMPILE="$(TARGET_CROSS)" \
 350                 CC="$(TARGET_CC)" \
 351                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 352                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 353                 $(OPENSSL_MAKEFLAGS) \
 354                 all
 355         $(MAKE) -C $(PKG_BUILD_DIR) \
 356                 CROSS_COMPILE="$(TARGET_CROSS)" \
 357                 CC="$(TARGET_CC)" \
 358                 DESTDIR="$(PKG_INSTALL_DIR)" \
 359                 $(OPENSSL_MAKEFLAGS) \
 360                 install_sw install_ssldirs
 361 endef
 362
 363 define Build/InstallDev
 364         $(INSTALL_DIR) $(1)/usr/include
 365         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 366         $(INSTALL_DIR) $(1)/usr/lib/
 367         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 368         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 369         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 370         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 371 endef
 372
 373 define Package/libopenssl/install
 374         $(INSTALL_DIR) $(1)/etc/ssl/certs
 375         $(INSTALL_DIR) $(1)/etc/ssl/private
 376         chmod 0700 $(1)/etc/ssl/private
 377         $(INSTALL_DIR) $(1)/usr/lib
 378         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 379         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 380         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 381 endef
 382
 383 define Package/libopenssl-conf/install
 384         $(INSTALL_DIR) $(1)/etc/ssl
 385         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 386 endef
 387
 388 define Package/openssl-util/install
 389         $(INSTALL_DIR) $(1)/usr/bin
 390         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 391 endef
 392
 393 define Package/libopenssl-afalg/install
 394         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 395         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
 396 endef
 397
 398 define Package/libopenssl-devcrypto/install
 399         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 400         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
 401 endef
 402
 403 define Package/libopenssl-padlock/install
 404         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 405         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
 406 endef
 407
 408 $(eval $(call BuildPackage,libopenssl))
 409 $(eval $(call BuildPackage,libopenssl-conf))
 410 $(eval $(call BuildPackage,libopenssl-afalg))
 411 $(eval $(call BuildPackage,libopenssl-devcrypto))
 412 $(eval $(call BuildPackage,libopenssl-padlock))
 413 $(eval $(call BuildPackage,openssl-util))