package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_BASE:=1.1.1
  12 PKG_BUGFIX:=k
  13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  14 PKG_RELEASE:=1
  15 PKG_USE_MIPS16:=0
  16 ENGINES_DIR=engines-1.1
  17
  18 PKG_BUILD_PARALLEL:=1
  19
  20 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  21 PKG_SOURCE_URL:= \
  22         http://www.openssl.org/source/ \
  23         http://www.openssl.org/source/old/$(PKG_BASE)/ \
  24         http://ftp.fi.muni.cz/pub/openssl/source/ \
  25         http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
  26         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  27         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
  28
  29 PKG_HASH:=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
  30
  31 PKG_LICENSE:=OpenSSL
  32 PKG_LICENSE_FILES:=LICENSE
  33 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  34 PKG_CPE_ID:=cpe:/a:openssl:openssl
  35 PKG_CONFIG_DEPENDS:= \
  36         CONFIG_OPENSSL_ENGINE \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  39         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  40         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  41         CONFIG_OPENSSL_NO_DEPRECATED \
  42         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  43         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  44         CONFIG_OPENSSL_WITH_ARIA \
  45         CONFIG_OPENSSL_WITH_ASM \
  46         CONFIG_OPENSSL_WITH_ASYNC \
  47         CONFIG_OPENSSL_WITH_BLAKE2 \
  48         CONFIG_OPENSSL_WITH_CAMELLIA \
  49         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  50         CONFIG_OPENSSL_WITH_CMS \
  51         CONFIG_OPENSSL_WITH_COMPRESSION \
  52         CONFIG_OPENSSL_WITH_DTLS \
  53         CONFIG_OPENSSL_WITH_EC2M \
  54         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  55         CONFIG_OPENSSL_WITH_GOST \
  56         CONFIG_OPENSSL_WITH_IDEA \
  57         CONFIG_OPENSSL_WITH_MDC2 \
  58         CONFIG_OPENSSL_WITH_NPN \
  59         CONFIG_OPENSSL_WITH_PSK \
  60         CONFIG_OPENSSL_WITH_RFC3779 \
  61         CONFIG_OPENSSL_WITH_SEED \
  62         CONFIG_OPENSSL_WITH_SM234 \
  63         CONFIG_OPENSSL_WITH_SRP \
  64         CONFIG_OPENSSL_WITH_SSE2 \
  65         CONFIG_OPENSSL_WITH_TLS13 \
  66         CONFIG_OPENSSL_WITH_WHIRLPOOL
  67
  68 include $(INCLUDE_DIR)/package.mk
  69
  70 ifneq ($(CONFIG_CCACHE),)
  71 HOSTCC=$(HOSTCC_NOCACHE)
  72 HOSTCXX=$(HOSTCXX_NOCACHE)
  73 endif
  74
  75 define Package/openssl/Default
  76   TITLE:=Open source SSL toolkit
  77   URL:=http://www.openssl.org/
  78   SECTION:=libs
  79   CATEGORY:=Libraries
  80 endef
  81
  82 define Package/libopenssl/config
  83 source "$(SOURCE)/Config.in"
  84 endef
  85
  86 define Package/openssl/Default/description
  87 The OpenSSL Project is a collaborative effort to develop a robust,
  88 commercial-grade, full-featured, and Open Source toolkit implementing the
  89 Transport Layer Security (TLS) protocol as well as a full-strength
  90 general-purpose cryptography library.
  91 endef
  92
  93 define Package/libopenssl
  94 $(call Package/openssl/Default)
  95   SUBMENU:=SSL
  96   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  97            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  98            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  99            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
 100   TITLE+= (libraries)
 101   ABI_VERSION:=1.1
 102   MENU:=1
 103 endef
 104
 105 define Package/libopenssl/description
 106 $(call Package/openssl/Default/description)
 107 This package contains the OpenSSL shared libraries, needed by other programs.
 108 endef
 109
 110 define Package/openssl-util
 111   $(call Package/openssl/Default)
 112   SECTION:=utils
 113   CATEGORY:=Utilities
 114   DEPENDS:=+libopenssl +libopenssl-conf
 115   TITLE+= (utility)
 116 endef
 117
 118 define Package/openssl-util/description
 119 $(call Package/openssl/Default/description)
 120 This package contains the OpenSSL command-line utility.
 121 endef
 122
 123 define Package/libopenssl-conf
 124   $(call Package/openssl/Default)
 125   SUBMENU:=SSL
 126   TITLE:=/etc/ssl/openssl.cnf config file
 127   DEPENDS:=libopenssl
 128 endef
 129
 130 define Package/libopenssl-conf/conffiles
 131 /etc/ssl/openssl.cnf
 132 endef
 133
 134 define Package/libopenssl-conf/description
 135 $(call Package/openssl/Default/description)
 136 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 137 endef
 138
 139 define Package/libopenssl-afalg
 140   $(call Package/openssl/Default)
 141   SUBMENU:=SSL
 142   TITLE:=AFALG hardware acceleration engine
 143   DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \
 144            +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 145 endef
 146
 147 define Package/libopenssl-afalg/description
 148 This package adds an engine that enables hardware acceleration
 149 through the AF_ALG kernel interface.
 150 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 151 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 152 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 153 The engine_id is "afalg"
 154 endef
 155
 156 define Package/libopenssl-devcrypto
 157   $(call Package/openssl/Default)
 158   SUBMENU:=SSL
 159   TITLE:=/dev/crypto hardware acceleration engine
 160   DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \
 161            @!OPENSSL_ENGINE_BUILTIN
 162 endef
 163
 164 define Package/libopenssl-devcrypto/description
 165 This package adds an engine that enables hardware acceleration
 166 through the /dev/crypto kernel interface.
 167 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 168 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 169 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 170 The engine_id is "devcrypto"
 171 endef
 172
 173 define Package/libopenssl-padlock
 174   $(call Package/openssl/Default)
 175   SUBMENU:=SSL
 176   TITLE:=VIA Padlock hardware acceleration engine
 177   DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
 178            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 179 endef
 180
 181 define Package/libopenssl-padlock/description
 182 This package adds an engine that enables VIA Padlock hardware acceleration.
 183 To use it, you need to configure it in /etc/ssl/openssl.cnf.
 184 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 185 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 186 The engine_id is "padlock"
 187 endef
 188
 189 OPENSSL_OPTIONS:= shared
 190
 191 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 192   OPENSSL_OPTIONS += no-blake2
 193 endif
 194
 195 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 196   OPENSSL_OPTIONS += no-chacha no-poly1305
 197 else
 198   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 199     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 200   endif
 201 endif
 202
 203 ifndef CONFIG_OPENSSL_WITH_ASYNC
 204   OPENSSL_OPTIONS += no-async
 205 endif
 206
 207 ifndef CONFIG_OPENSSL_WITH_EC2M
 208   OPENSSL_OPTIONS += no-ec2m
 209 endif
 210
 211 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 212   OPENSSL_OPTIONS += no-err
 213 endif
 214
 215 ifndef CONFIG_OPENSSL_WITH_TLS13
 216   OPENSSL_OPTIONS += no-tls1_3
 217 endif
 218
 219 ifndef CONFIG_OPENSSL_WITH_ARIA
 220   OPENSSL_OPTIONS += no-aria
 221 endif
 222
 223 ifndef CONFIG_OPENSSL_WITH_SM234
 224   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 225 endif
 226
 227 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 228   OPENSSL_OPTIONS += no-camellia
 229 endif
 230
 231 ifndef CONFIG_OPENSSL_WITH_IDEA
 232   OPENSSL_OPTIONS += no-idea
 233 endif
 234
 235 ifndef CONFIG_OPENSSL_WITH_SEED
 236   OPENSSL_OPTIONS += no-seed
 237 endif
 238
 239 ifndef CONFIG_OPENSSL_WITH_MDC2
 240   OPENSSL_OPTIONS += no-mdc2
 241 endif
 242
 243 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 244   OPENSSL_OPTIONS += no-whirlpool
 245 endif
 246
 247 ifndef CONFIG_OPENSSL_WITH_CMS
 248   OPENSSL_OPTIONS += no-cms
 249 endif
 250
 251 ifndef CONFIG_OPENSSL_WITH_RFC3779
 252   OPENSSL_OPTIONS += no-rfc3779
 253 endif
 254
 255 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 256   OPENSSL_OPTIONS += no-deprecated
 257 endif
 258
 259 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 260   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 261 else
 262   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 263 endif
 264
 265 ifdef CONFIG_OPENSSL_ENGINE
 266   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 267     OPENSSL_OPTIONS += disable-dynamic-engine
 268     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 269       OPENSSL_OPTIONS += no-afalgeng
 270     endif
 271     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 272       OPENSSL_OPTIONS += enable-devcryptoeng
 273     endif
 274     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 275       OPENSSL_OPTIONS += no-hw-padlock
 276     endif
 277   else
 278     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 279       OPENSSL_OPTIONS += enable-devcryptoeng
 280     endif
 281     ifndef CONFIG_PACKAGE_libopenssl-afalg
 282       OPENSSL_OPTIONS += no-afalgeng
 283     endif
 284     ifndef CONFIG_PACKAGE_libopenssl-padlock
 285       OPENSSL_OPTIONS += no-hw-padlock
 286     endif
 287   endif
 288 else
 289   OPENSSL_OPTIONS += no-engine
 290 endif
 291
 292 ifndef CONFIG_OPENSSL_WITH_GOST
 293   OPENSSL_OPTIONS += no-gost
 294 endif
 295
 296 ifndef CONFIG_OPENSSL_WITH_DTLS
 297   OPENSSL_OPTIONS += no-dtls
 298 endif
 299
 300 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 301   OPENSSL_OPTIONS += zlib-dynamic
 302 else
 303   OPENSSL_OPTIONS += no-comp
 304 endif
 305
 306 ifndef CONFIG_OPENSSL_WITH_NPN
 307   OPENSSL_OPTIONS += no-nextprotoneg
 308 endif
 309
 310 ifndef CONFIG_OPENSSL_WITH_PSK
 311   OPENSSL_OPTIONS += no-psk
 312 endif
 313
 314 ifndef CONFIG_OPENSSL_WITH_SRP
 315   OPENSSL_OPTIONS += no-srp
 316 endif
 317
 318 ifndef CONFIG_OPENSSL_WITH_ASM
 319   OPENSSL_OPTIONS += no-asm
 320 endif
 321
 322 ifdef CONFIG_i386
 323   ifndef CONFIG_OPENSSL_WITH_SSE2
 324     OPENSSL_OPTIONS += no-sse2
 325   endif
 326 endif
 327
 328 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 329
 330 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 331
 332 define Build/Configure
 333         (cd $(PKG_BUILD_DIR); \
 334                 ./Configure $(OPENSSL_TARGET) \
 335                         --prefix=/usr \
 336                         --libdir=lib \
 337                         --openssldir=/etc/ssl \
 338                         $(TARGET_CPPFLAGS) \
 339                         $(TARGET_LDFLAGS) \
 340                         $(OPENSSL_OPTIONS) && \
 341                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 342         )
 343 endef
 344
 345 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 346 TARGET_LDFLAGS += -Wl,--gc-sections
 347
 348 define Build/Compile
 349         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 350                 CROSS_COMPILE="$(TARGET_CROSS)" \
 351                 CC="$(TARGET_CC)" \
 352                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 353                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 354                 $(OPENSSL_MAKEFLAGS) \
 355                 all
 356         $(MAKE) -C $(PKG_BUILD_DIR) \
 357                 CROSS_COMPILE="$(TARGET_CROSS)" \
 358                 CC="$(TARGET_CC)" \
 359                 DESTDIR="$(PKG_INSTALL_DIR)" \
 360                 $(OPENSSL_MAKEFLAGS) \
 361                 install_sw install_ssldirs
 362 endef
 363
 364 define Build/InstallDev
 365         $(INSTALL_DIR) $(1)/usr/include
 366         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 367         $(INSTALL_DIR) $(1)/usr/lib/
 368         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 369         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 370         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 371         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 372 endef
 373
 374 define Package/libopenssl/install
 375         $(INSTALL_DIR) $(1)/etc/ssl/certs
 376         $(INSTALL_DIR) $(1)/etc/ssl/private
 377         chmod 0700 $(1)/etc/ssl/private
 378         $(INSTALL_DIR) $(1)/usr/lib
 379         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 380         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 381         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 382 endef
 383
 384 define Package/libopenssl-conf/install
 385         $(INSTALL_DIR) $(1)/etc/ssl
 386         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 387 endef
 388
 389 define Package/openssl-util/install
 390         $(INSTALL_DIR) $(1)/usr/bin
 391         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 392 endef
 393
 394 define Package/libopenssl-afalg/install
 395         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 396         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
 397 endef
 398
 399 define Package/libopenssl-devcrypto/install
 400         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 401         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
 402 endef
 403
 404 define Package/libopenssl-padlock/install
 405         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 406         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
 407 endef
 408
 409 $(eval $(call BuildPackage,libopenssl))
 410 $(eval $(call BuildPackage,libopenssl-conf))
 411 $(eval $(call BuildPackage,libopenssl-afalg))
 412 $(eval $(call BuildPackage,libopenssl-devcrypto))
 413 $(eval $(call BuildPackage,libopenssl-padlock))
 414 $(eval $(call BuildPackage,openssl-util))