# # Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. # include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.0.2 PKG_BUGFIX:=q PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=2 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=0 PKG_BUILD_DEPENDS:=cryptodev-linux PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ http://ftp.fi.muni.cz/pub/openssl/source/ \ http://ftp.linux.hr/pub/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 ENGINES_DIR=engines PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:openssl:openssl PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_ENGINE \ CONFIG_OPENSSL_ENGINE_CRYPTO \ CONFIG_OPENSSL_ENGINE_DIGEST \ CONFIG_OPENSSL_NO_DEPRECATED \ CONFIG_OPENSSL_OPTIMIZE_SPEED \ CONFIG_OPENSSL_WITH_ASM \ CONFIG_OPENSSL_WITH_CAMELLIA \ CONFIG_OPENSSL_WITH_CMS \ CONFIG_OPENSSL_WITH_COMPRESSION \ CONFIG_OPENSSL_WITH_DTLS \ CONFIG_OPENSSL_WITH_EC \ CONFIG_OPENSSL_WITH_EC2M \ CONFIG_OPENSSL_WITH_ERROR_MESSAGES \ CONFIG_OPENSSL_WITH_GOST \ CONFIG_OPENSSL_WITH_IDEA \ CONFIG_OPENSSL_WITH_MDC2 \ CONFIG_OPENSSL_WITH_NPN \ CONFIG_OPENSSL_WITH_PSK \ CONFIG_OPENSSL_WITH_RFC3779 \ CONFIG_OPENSSL_WITH_SEED \ CONFIG_OPENSSL_WITH_SRP \ CONFIG_OPENSSL_WITH_SSE2 \ CONFIG_OPENSSL_WITH_WHIRLPOOL include $(INCLUDE_DIR)/package.mk ifneq ($(CONFIG_CCACHE),) HOSTCC=$(HOSTCC_NOCACHE) HOSTCXX=$(HOSTCXX_NOCACHE) endif define Package/openssl/Default TITLE:=Open source SSL toolkit URL:=http://www.openssl.org/ SECTION:=libs CATEGORY:=Libraries endef define Package/libopenssl/config source "$(SOURCE)/Config.in" endef define Package/openssl/Default/description The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Transport Layer Security (TLS) protocol as well as a full-strength general-purpose cryptography library. endef define Package/libopenssl $(call Package/openssl/Default) SUBMENU:=SSL DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib TITLE+= (libraries) ABI_VERSION:=1.0.0 MENU:=1 endef define Package/libopenssl/description $(call Package/openssl/Default/description) This package contains the OpenSSL shared libraries, needed by other programs. endef define Package/openssl-util $(call Package/openssl/Default) SECTION:=utils CATEGORY:=Utilities DEPENDS:=+libopenssl TITLE+= (utility) endef define Package/openssl-util/conffiles /etc/ssl/openssl.cnf endef define Package/openssl-util/description $(call Package/openssl/Default/description) This package contains the OpenSSL command-line utility. endef define Package/libopenssl-gost $(call Package/openssl/Default) SUBMENU:=SSL TITLE:=Russian GOST algorithms engine DEPENDS:=libopenssl +@OPENSSL_WITH_GOST endef define Package/libopenssl-gost/description This package adds an engine that enables Russian GOST algorithms. To use it, you need to configure the engine in /etc/ssl/openssl.cnf See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE The engine_id is "gost" endef define Package/libopenssl-padlock $(call Package/openssl/Default) SUBMENU:=SSL TITLE:=VIA Padlock hardware acceleration engine DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock endef define Package/libopenssl-padlock/description This package adds an engine that enables VIA Padlock hardware acceleration. To use it, you need to configure it in /etc/ssl/openssl.cnf. See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE The engine_id is "padlock" endef OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method ifndef CONFIG_OPENSSL_WITH_EC OPENSSL_OPTIONS += no-ec endif ifndef CONFIG_OPENSSL_WITH_EC2M OPENSSL_OPTIONS += no-ec2m endif ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES OPENSSL_OPTIONS += no-err endif ifndef CONFIG_OPENSSL_WITH_CAMELLIA OPENSSL_OPTIONS += no-camellia endif ifndef CONFIG_OPENSSL_WITH_IDEA OPENSSL_OPTIONS += no-idea endif ifndef CONFIG_OPENSSL_WITH_SEED OPENSSL_OPTIONS += no-seed endif ifndef CONFIG_OPENSSL_WITH_MDC2 OPENSSL_OPTIONS += no-mdc2 endif ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL OPENSSL_OPTIONS += no-whirlpool endif ifndef CONFIG_OPENSSL_WITH_CMS OPENSSL_OPTIONS += no-cms endif ifdef CONFIG_OPENSSL_WITH_RFC3779 OPENSSL_OPTIONS += enable-rfc3779 endif ifdef CONFIG_OPENSSL_NO_DEPRECATED OPENSSL_OPTIONS += no-deprecated endif ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3 else OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT endif ifdef CONFIG_OPENSSL_ENGINE ifdef CONFIG_OPENSSL_ENGINE_CRYPTO OPENSSL_OPTIONS += -DHAVE_CRYPTODEV ifdef CONFIG_OPENSSL_ENGINE_DIGEST OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS endif endif ifndef CONFIG_PACKAGE_libopenssl-padlock OPENSSL_OPTIONS += no-hw-padlock endif else OPENSSL_OPTIONS += no-engine endif ifndef CONFIG_OPENSSL_WITH_GOST OPENSSL_OPTIONS += no-gost endif # Even with no-dtls and no-dtls1 options, the library keeps the DTLS code, # but openssl util gets built without it ifndef CONFIG_OPENSSL_WITH_DTLS OPENSSL_OPTIONS += no-dtls no-dtls1 endif ifdef CONFIG_OPENSSL_WITH_COMPRESSION OPENSSL_OPTIONS += zlib-dynamic else OPENSSL_OPTIONS += no-comp endif ifndef CONFIG_OPENSSL_WITH_NPN OPENSSL_OPTIONS += no-nextprotoneg endif ifndef CONFIG_OPENSSL_WITH_PSK OPENSSL_OPTIONS += no-psk endif ifndef CONFIG_OPENSSL_WITH_SRP OPENSSL_OPTIONS += no-srp endif ifndef CONFIG_OPENSSL_WITH_ASM OPENSSL_OPTIONS += no-asm endif ifdef CONFIG_i386 ifndef CONFIG_OPENSSL_WITH_SSE2 OPENSSL_OPTIONS += no-sse2 endif endif OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5) define Build/Configure [ -f $(STAMP_CONFIGURED) ] || { \ rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \ find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \ } (cd $(PKG_BUILD_DIR); \ ./Configure $(OPENSSL_TARGET) \ --prefix=/usr \ --libdir=lib \ --openssldir=/etc/ssl \ $(TARGET_CPPFLAGS) \ $(TARGET_LDFLAGS) \ $(OPENSSL_OPTIONS) \ ) +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ CROSS_COMPILE="$(TARGET_CROSS)" \ MAKEDEPPROG="$(TARGET_CROSS)gcc" \ OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ depend endef TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections define Build/Compile +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \ AR="$(TARGET_CROSS)ar r" \ RANLIB="$(TARGET_CROSS)ranlib" \ OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ all +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \ AR="$(TARGET_CROSS)ar r" \ RANLIB="$(TARGET_CROSS)ranlib" \ OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ build-shared # Work around openssl build bug to link libssl.so with libcrypto.so. -rm $(PKG_BUILD_DIR)/libssl.so.*.*.* +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ do_linux-shared $(MAKE) -C $(PKG_BUILD_DIR) \ CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \ $(OPENSSL_MAKEFLAGS) \ install endef define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/ $(INSTALL_DIR) $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/ [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true endef define Package/libopenssl/install $(INSTALL_DIR) $(1)/etc/ssl/certs $(INSTALL_DIR) $(1)/etc/ssl/private chmod 0700 $(1)/etc/ssl/private $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)) endef define Package/openssl-util/install $(INSTALL_DIR) $(1)/etc/ssl $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ endef define Package/libopenssl-padlock/install $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR) endef define Package/libopenssl-gost/install $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR) endef $(eval $(call BuildPackage,libopenssl)) $(eval $(call BuildPackage,libopenssl-gost)) $(eval $(call BuildPackage,libopenssl-padlock)) $(eval $(call BuildPackage,openssl-util))