X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=blobdiff_plain;f=package%2Flibs%2Fopenssl%2FMakefile;h=a9dd16f3e7933a27a380077c62fe6be11290faee;hp=26833a30b7e2385cf37c7bfe62dd050ec8c14e75;hb=d971ae51a51cb1b145b6fbbf7d1327a99be257b1;hpb=8333ce196369c4668d6fa9e4f126a5a77655dcda diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 26833a30b7..a9dd16f3e7 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2012 OpenWrt.org +# Copyright (C) 2006-2016 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,29 +8,73 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl -PKG_VERSION:=1.0.1g -PKG_RELEASE:=1 +PKG_BASE:=1.1.1 +PKG_BUGFIX:=b +PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 +ENGINES_DIR=engines-1.1 -PKG_BUILD_PARALLEL:=1 +PKG_BUILD_PARALLEL:=0 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.openssl.org/source/ \ - ftp://ftp.funet.fi/pub/crypt/mirrors/ftp.openssl.org/source \ - ftp://ftp.sunet.se/pub/security/tools/net/openssl/source/ -PKG_MD5SUM:=de62b43dfcd858e66a74bee1c834e959 +PKG_SOURCE_URL:= \ + http://ftp.fi.muni.cz/pub/openssl/source/ \ + http://ftp.linux.hr/pub/openssl/source/ \ + ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ + http://www.openssl.org/source/ \ + http://www.openssl.org/source/old/$(PKG_BASE)/ +PKG_HASH:=5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b -PKG_LICENSE:=SSLEAY OPENSSL +PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE -PKG_BUILD_DEPENDS:=ocf-crypto-headers -PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE_CRYPTO CONFIG_OPENSSL_ENGINE_DIGEST \ - CONFIG_OPENSSL_WITH_EC CONFIG_OPENSSL_WITH_EC2M +PKG_CPE_ID:=cpe:/a:openssl:openssl +PKG_CONFIG_DEPENDS:= \ + CONFIG_OPENSSL_ENGINE \ + CONFIG_OPENSSL_ENGINE_BUILTIN \ + CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \ + CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \ + CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \ + CONFIG_OPENSSL_NO_DEPRECATED \ + CONFIG_OPENSSL_OPTIMIZE_SPEED \ + CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \ + CONFIG_OPENSSL_WITH_ARIA \ + CONFIG_OPENSSL_WITH_ASM \ + CONFIG_OPENSSL_WITH_ASYNC \ + CONFIG_OPENSSL_WITH_BLAKE2 \ + CONFIG_OPENSSL_WITH_CAMELLIA \ + CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \ + CONFIG_OPENSSL_WITH_CMS \ + CONFIG_OPENSSL_WITH_COMPRESSION \ + CONFIG_OPENSSL_WITH_DTLS \ + CONFIG_OPENSSL_WITH_EC \ + CONFIG_OPENSSL_WITH_EC2M \ + CONFIG_OPENSSL_WITH_ERROR_MESSAGES \ + CONFIG_OPENSSL_WITH_GOST \ + CONFIG_OPENSSL_WITH_IDEA \ + CONFIG_OPENSSL_WITH_MDC2 \ + CONFIG_OPENSSL_WITH_NPN \ + CONFIG_OPENSSL_WITH_PSK \ + CONFIG_OPENSSL_WITH_RFC3779 \ + CONFIG_OPENSSL_WITH_SEED \ + CONFIG_OPENSSL_WITH_SM234 \ + CONFIG_OPENSSL_WITH_SRP \ + CONFIG_OPENSSL_WITH_SSE2 \ + CONFIG_OPENSSL_WITH_TLS13 \ + CONFIG_OPENSSL_WITH_WHIRLPOOL include $(INCLUDE_DIR)/package.mk +ifneq ($(CONFIG_CCACHE),) +HOSTCC=$(HOSTCC_NOCACHE) +HOSTCXX=$(HOSTCXX_NOCACHE) +endif + define Package/openssl/Default TITLE:=Open source SSL toolkit URL:=http://www.openssl.org/ + SECTION:=libs + CATEGORY:=Libraries endef define Package/libopenssl/config @@ -39,18 +83,20 @@ endef define Package/openssl/Default/description The OpenSSL Project is a collaborative effort to develop a robust, -commercial-grade, full-featured, and Open Source toolkit implementing the Secure -Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well -as a full-strength general purpose cryptography library. +commercial-grade, full-featured, and Open Source toolkit implementing the +Transport Layer Security (TLS) protocol as well as a full-strength +general-purpose cryptography library. endef define Package/libopenssl $(call Package/openssl/Default) - SECTION:=libs SUBMENU:=SSL - CATEGORY:=Libraries - DEPENDS:=+zlib + DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \ + +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \ + +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \ + +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock TITLE+= (libraries) + ABI_VERSION:=1.1 MENU:=1 endef @@ -63,31 +109,94 @@ define Package/openssl-util $(call Package/openssl/Default) SECTION:=utils CATEGORY:=Utilities - DEPENDS:=+libopenssl + DEPENDS:=+libopenssl +libopenssl-conf TITLE+= (utility) endef -define Package/openssl-util/conffiles +define Package/openssl-util/description +$(call Package/openssl/Default/description) +This package contains the OpenSSL command-line utility. +endef + +define Package/libopenssl-conf + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=/etc/ssl/openssl.cnf config file + DEPENDS:=libopenssl +endef + +define Package/libopenssl-conf/conffiles /etc/ssl/openssl.cnf endef -define Package/openssl-util/description +define Package/libopenssl-conf/description $(call Package/openssl/Default/description) -This package contains the OpenSSL command-line utility. +This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf. endef +define Package/libopenssl-afalg + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=AFALG hardware acceleration engine + DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 +kmod-crypto-user \ + +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN +endef -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-smime \ - no-aes192 no-camellia no-ans1 no-krb5 -OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2 +define Package/libopenssl-afalg/description +This package adds an engine that enables hardware acceleration +through the AF_ALG kernel interface. +To use it, you need to configure the engine in /etc/ssl/openssl.cnf +See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +The engine_id is "afalg" +endef -ifdef CONFIG_OPENSSL_ENGINE_CRYPTO - OPENSSL_OPTIONS += -DHAVE_CRYPTODEV - ifdef CONFIG_OPENSSL_ENGINE_DIGEST - OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS - endif +define Package/libopenssl-devcrypto + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=/dev/crypto hardware acceleration engine + DEPENDS:=libopenssl @OPENSSL_ENGINE +kmod-cryptodev +libopenssl-conf \ + @!OPENSSL_ENGINE_BUILTIN +endef + +define Package/libopenssl-devcrypto/description +This package adds an engine that enables hardware acceleration +through the /dev/crypto kernel interface. +To use it, you need to configure the engine in /etc/ssl/openssl.cnf +See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +The engine_id is "devcrypto" +endef + +define Package/libopenssl-padlock + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=VIA Padlock hardware acceleration engine + DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock \ + +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN +endef + +define Package/libopenssl-padlock/description +This package adds an engine that enables VIA Padlock hardware acceleration. +To use it, you need to configure it in /etc/ssl/openssl.cnf. +See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +The engine_id is "padlock" +endef + +OPENSSL_OPTIONS:= shared + +ifndef CONFIG_OPENSSL_WITH_BLAKE2 + OPENSSL_OPTIONS += no-blake2 +endif + +ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305 + OPENSSL_OPTIONS += no-chacha no-poly1305 else - OPENSSL_OPTIONS += no-engines + ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM + OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM + endif +endif + +ifndef CONFIG_OPENSSL_WITH_ASYNC + OPENSSL_OPTIONS += no-async endif ifndef CONFIG_OPENSSL_WITH_EC @@ -98,77 +207,157 @@ ifndef CONFIG_OPENSSL_WITH_EC2M OPENSSL_OPTIONS += no-ec2m endif -ifeq ($(CONFIG_x86_64),y) - OPENSSL_TARGET:=linux-x86_64 - OPENSSL_MAKEFLAGS += LIBDIR=lib +ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES + OPENSSL_OPTIONS += no-err +endif + +ifndef CONFIG_OPENSSL_WITH_TLS13 + OPENSSL_OPTIONS += no-tls1_3 +endif + +ifndef CONFIG_OPENSSL_WITH_ARIA + OPENSSL_OPTIONS += no-aria +endif + +ifndef CONFIG_OPENSSL_WITH_SM234 + OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4 +endif + +ifndef CONFIG_OPENSSL_WITH_CAMELLIA + OPENSSL_OPTIONS += no-camellia +endif + +ifndef CONFIG_OPENSSL_WITH_IDEA + OPENSSL_OPTIONS += no-idea +endif + +ifndef CONFIG_OPENSSL_WITH_SEED + OPENSSL_OPTIONS += no-seed +endif + +ifndef CONFIG_OPENSSL_WITH_MDC2 + OPENSSL_OPTIONS += no-mdc2 +endif + +ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL + OPENSSL_OPTIONS += no-whirlpool +endif + +ifndef CONFIG_OPENSSL_WITH_CMS + OPENSSL_OPTIONS += no-cms +endif + +ifndef CONFIG_OPENSSL_WITH_RFC3779 + OPENSSL_OPTIONS += no-rfc3779 +endif + +ifdef CONFIG_OPENSSL_NO_DEPRECATED + OPENSSL_OPTIONS += no-deprecated +endif + +ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) + TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3 else - OPENSSL_OPTIONS+=no-sse2 - ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y) - OPENSSL_TARGET:=linux-mips-openwrt + OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT +endif + +ifdef CONFIG_OPENSSL_ENGINE + ifdef CONFIG_OPENSSL_ENGINE_BUILTIN + OPENSSL_OPTIONS += disable-dynamic-engine + ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG + OPENSSL_OPTIONS += no-afalgeng + endif + ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO + OPENSSL_OPTIONS += enable-devcryptoeng + endif + ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK + OPENSSL_OPTIONS += no-hw-padlock + endif else - OPENSSL_TARGET:=linux-generic-openwrt - OPENSSL_OPTIONS+=no-perlasm + ifdef CONFIG_PACKAGE_libopenssl-devcrypto + OPENSSL_OPTIONS += enable-devcryptoeng + endif + ifndef CONFIG_PACKAGE_libopenssl-afalg + OPENSSL_OPTIONS += no-afalgeng + endif + ifndef CONFIG_PACKAGE_libopenssl-padlock + OPENSSL_OPTIONS += no-hw-padlock + endif + endif +else + OPENSSL_OPTIONS += no-engine +endif + +ifndef CONFIG_OPENSSL_WITH_GOST + OPENSSL_OPTIONS += no-gost +endif + +ifndef CONFIG_OPENSSL_WITH_DTLS + OPENSSL_OPTIONS += no-dtls +endif + +ifdef CONFIG_OPENSSL_WITH_COMPRESSION + OPENSSL_OPTIONS += zlib-dynamic +else + OPENSSL_OPTIONS += no-comp +endif + +ifndef CONFIG_OPENSSL_WITH_NPN + OPENSSL_OPTIONS += no-nextprotoneg +endif + +ifndef CONFIG_OPENSSL_WITH_PSK + OPENSSL_OPTIONS += no-psk +endif + +ifndef CONFIG_OPENSSL_WITH_SRP + OPENSSL_OPTIONS += no-srp +endif + +ifndef CONFIG_OPENSSL_WITH_ASM + OPENSSL_OPTIONS += no-asm +endif + +ifdef CONFIG_i386 + ifndef CONFIG_OPENSSL_WITH_SSE2 + OPENSSL_OPTIONS += no-sse2 endif endif -STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(subst $(space),_,$(OPENSSL_OPTIONS)) +OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt + +STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5) define Build/Configure - [ -f $(STAMP_CONFIGURED) ] || { \ - rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \ - find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \ - } (cd $(PKG_BUILD_DIR); \ ./Configure $(OPENSSL_TARGET) \ --prefix=/usr \ + --libdir=lib \ --openssldir=/etc/ssl \ $(TARGET_CPPFLAGS) \ - $(TARGET_LDFLAGS) -ldl \ - -DOPENSSL_SMALL_FOOTPRINT \ - $(OPENSSL_NO_CIPHERS) \ - $(OPENSSL_OPTIONS) \ + $(TARGET_LDFLAGS) \ + $(OPENSSL_OPTIONS) && \ + { [ -f $(STAMP_CONFIGURED) ] || make clean; } \ ) - # XXX: OpenSSL "make depend" will look for installed headers before its own, - # so remove installed stuff first - -$(SUBMAKE) -j1 clean-staging - +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ - MAKEDEPPROG="$(TARGET_CROSS)gcc" \ - OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ - $(OPENSSL_MAKEFLAGS) \ - depend endef -TARGET_CFLAGS += $(FPIC) +TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections define Build/Compile +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ - ASFLAGS="$(TARGET_ASFLAGS) -c" \ - AR="$(TARGET_CROSS)ar r" \ - RANLIB="$(TARGET_CROSS)ranlib" \ + SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ $(OPENSSL_MAKEFLAGS) \ all - +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ - CC="$(TARGET_CC)" \ - ASFLAGS="$(TARGET_ASFLAGS) -c" \ - AR="$(TARGET_CROSS)ar r" \ - RANLIB="$(TARGET_CROSS)ranlib" \ - OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ - $(OPENSSL_MAKEFLAGS) \ - build-shared - # Work around openssl build bug to link libssl.so with libcrypto.so. - -rm $(PKG_BUILD_DIR)/libssl.so.*.*.* - +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ - CC="$(TARGET_CC)" \ - OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \ - $(OPENSSL_MAKEFLAGS) \ - do_linux-shared $(MAKE) -C $(PKG_BUILD_DIR) \ + CROSS_COMPILE="$(TARGET_CROSS)" \ CC="$(TARGET_CC)" \ - INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \ + DESTDIR="$(PKG_INSTALL_DIR)" \ $(OPENSSL_MAKEFLAGS) \ - install + install_sw install_ssldirs endef define Build/InstallDev @@ -182,20 +371,43 @@ define Build/InstallDev endef define Package/libopenssl/install + $(INSTALL_DIR) $(1)/etc/ssl/certs + $(INSTALL_DIR) $(1)/etc/ssl/private + chmod 0700 $(1)/etc/ssl/private $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ + $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)) endef -define Package/openssl-util/install +define Package/libopenssl-conf/install $(INSTALL_DIR) $(1)/etc/ssl $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ - $(INSTALL_DIR) $(1)/etc/ssl/certs - $(INSTALL_DIR) $(1)/etc/ssl/private - chmod 0700 $(1)/etc/ssl/private +endef + +define Package/openssl-util/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ endef +define Package/libopenssl-afalg/install + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR) +endef + +define Package/libopenssl-devcrypto/install + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR) +endef + +define Package/libopenssl-padlock/install + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR) +endef + $(eval $(call BuildPackage,libopenssl)) +$(eval $(call BuildPackage,libopenssl-conf)) +$(eval $(call BuildPackage,libopenssl-afalg)) +$(eval $(call BuildPackage,libopenssl-devcrypto)) +$(eval $(call BuildPackage,libopenssl-padlock)) $(eval $(call BuildPackage,openssl-util))