openssl: add configuration options, disable ssl3
authorEneas U de Queiroz <cote2004-github@yahoo.com>
Mon, 22 Oct 2018 14:32:56 +0000 (11:32 -0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Tue, 12 Feb 2019 20:14:46 +0000 (21:14 +0100)
Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
21 files changed:
package/libs/openssl/Config.in
package/libs/openssl/Makefile
package/libs/openssl/include/crypto/cryptodev.h [deleted file]
package/libs/openssl/patches/100-openwrt_targets.patch [new file with mode: 0644]
package/libs/openssl/patches/110-optimize-for-size.patch [deleted file]
package/libs/openssl/patches/110-perl-path.patch [new file with mode: 0644]
package/libs/openssl/patches/120-makefile-dirs.patch [new file with mode: 0644]
package/libs/openssl/patches/130-disable_doc_tests.patch [new file with mode: 0644]
package/libs/openssl/patches/130-perl-path.patch [deleted file]
package/libs/openssl/patches/140-bash_path.patch [new file with mode: 0644]
package/libs/openssl/patches/140-makefile-dirs.patch [deleted file]
package/libs/openssl/patches/150-fix_link_segfault.patch [new file with mode: 0644]
package/libs/openssl/patches/150-no_engines.patch [deleted file]
package/libs/openssl/patches/160-disable_doc_tests.patch [deleted file]
package/libs/openssl/patches/160-remove_timestamp_check.patch [new file with mode: 0644]
package/libs/openssl/patches/170-bash_path.patch [deleted file]
package/libs/openssl/patches/170-parallel_build.patch [new file with mode: 0644]
package/libs/openssl/patches/180-fix_link_segfault.patch [deleted file]
package/libs/openssl/patches/180-strip-cflags-from-binary.patch [new file with mode: 0644]
package/libs/openssl/patches/190-remove_timestamp_check.patch [deleted file]
package/libs/openssl/patches/200-parallel_build.patch [deleted file]

index c39e285..fe73229 100644 (file)
 if PACKAGE_libopenssl
 
-config OPENSSL_WITH_EC
+comment "Build Options"
+
+config OPENSSL_OPTIMIZE_SPEED
+       bool
+       prompt "Enable optimization for speed instead of size"
+       select OPENSSL_WITH_ASM
+       help
+               Enabling this option increases code size (around 20%) and
+               performance.  The increase in performance and size depends on the
+               target CPU. EC and AES seem to benefit the most, with EC speed
+               increased by 20%-50% (mipsel & x86).
+               AES-GCM is supposed to be 3x faster on x86. YMMV.
+
+config OPENSSL_WITH_ASM
        bool
        default y
-       prompt "Enable elliptic curve support"
+       prompt "Compile with optimized assembly code"
+       depends on !arc
+       help
+               Disabling this option will reduce code size and performance.
+               The increase in performance and size depends on the target
+               CPU and on the algorithms being optimized.  As of 1.1.0i*:
 
-config OPENSSL_WITH_EC2M
-        bool
-        depends on OPENSSL_WITH_EC
-        prompt "Enable ec2m support"
+               Platform  Pkg Inc. Algorithms where assembly is used - ~% Speed Increase
+               aarch64   174K     BN, aes, sha1, sha256, sha512, nist256, poly1305
+               arm       152K     BN, aes, sha1, sha256, sha512, nist256, poly1305
+               i386      183K     BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292%
+               mipsel      1.5K   BN+97%, aes+4%, sha1+94%, sha256+60%
+               mips64      3.7K   BN, aes, sha1, sha256, sha512, poly1305
+               powerpc    20K     BN, aes, sha1, sha256, sha512, poly1305
+               x86_64    228K     BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228%
 
-config OPENSSL_WITH_SSL3
+               * Only most common algorithms shown. Your mileage may vary.
+                 BN (bignum) performance was measured using RSA sign/verify.
+
+config OPENSSL_WITH_SSE2
        bool
-       default n
-       prompt "Enable sslv3 support"
+       default y if !TARGET_x86_legacy && !TARGET_x86_geode
+       prompt "Enable use of x86 SSE2 instructions"
+       depends on OPENSSL_WITH_ASM && i386
+       help
+               Use of SSE2 instructions greatly increase performance (up to
+               3x faster) with a minimum (~0.2%, or 23KB) increase in package
+               size, but it will bring no benefit if your hardware does not
+               support them, such as Geode GX and LX.  In this case you may
+               save 23KB by saying yes here.  AMD Geode NX, and Intel
+               Pentium 4 and above support SSE2.
 
 config OPENSSL_WITH_DEPRECATED
        bool
        default y
-       prompt "Include deprecated APIs"
+       prompt "Include deprecated APIs (See help for a list of packages that need this)"
+       help
+               Squid currently requires this.
 
 config OPENSSL_NO_DEPRECATED
        bool
        default !OPENSSL_WITH_DEPRECATED
 
-config OPENSSL_WITH_DTLS
+config OPENSSL_WITH_ERROR_MESSAGES
        bool
-       default n
-       prompt "Enable DTLS support"
+       prompt "Include error messages"
+       help
+               This option aids debugging, but increases package size and
+               memory usage.
 
-config OPENSSL_WITH_COMPRESSION
+comment "Protocol Support"
+
+config OPENSSL_WITH_DTLS
        bool
-       default n
-       prompt "Enable compression support"
+       prompt "Enable DTLS support"
+       help
+               Datagram Transport Layer Security (DTLS) provides TLS-like security
+               for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications.
 
 config OPENSSL_WITH_NPN
        bool
        default y
        prompt "Enable NPN support"
+       help
+               NPN is a TLS extension, obsoleted and replaced with ALPN,
+               used to negotiate SPDY, and HTTP/2.
+
+config OPENSSL_WITH_SRP
+       bool
+       default y
+       prompt "Enable SRP support"
+       help
+               The Secure Remote Password protocol (SRP) is an augmented
+               password-authenticated key agreement (PAKE) protocol, specifically
+               designed to work around existing patents.
+
+config OPENSSL_WITH_CMS
+       bool
+       default y
+       prompt "Enable CMS (RFC 5652) support"
+       help
+               Cryptographic Message Syntax (CMS) is used to digitally sign,
+               digest, authenticate, or encrypt arbitrary message content.
+
+comment "Algorithm Selection"
+
+config OPENSSL_WITH_EC
+       bool
+       default y
+       prompt "Enable elliptic curve support"
+       help
+               Elliptic-curve cryptography (ECC) is an approach to public-key
+               cryptography based on the algebraic structure of elliptic curves
+               over finite fields. ECC requires smaller keys compared to non-ECC
+               cryptography to provide equivalent security.
+
+config OPENSSL_WITH_EC2M
+       bool
+       depends on OPENSSL_WITH_EC
+       prompt "Enable ec2m support"
+       help
+               This option enables the more efficient, yet less common, binary
+               field elliptic curves.
 
 config OPENSSL_WITH_PSK
        bool
        default y
        prompt "Enable PSK support"
+       help
+               Build support for Pre-Shared Key based cipher suites.
 
-config OPENSSL_WITH_SRP
+comment "Less commonly used build options"
+
+config OPENSSL_WITH_CAMELLIA
        bool
-       default y
-       prompt "Enable SRP support"
+       prompt "Enable Camellia cipher support"
+       help
+               Camellia is a bock cipher with security levels and processing
+               abilities comparable to AES.
 
-config OPENSSL_ENGINE_DIGEST
+config OPENSSL_WITH_IDEA
        bool
-       depends on OPENSSL_ENGINE_CRYPTO
-       prompt "Digests acceleration support"
+       prompt "Enable IDEA cipher support"
+       help
+               IDEA is a block cipher with 128-bit keys.
 
-config OPENSSL_HARDWARE_SUPPORT
+config OPENSSL_WITH_SEED
        bool
-       default n
-       prompt "Enable hardware support"
+       prompt "Enable SEED cipher support"
+       help
+               SEED is a block cipher with 128-bit keys broadly used in
+               South Korea, but seldom found elsewhere.
 
-config OPENSSL_OPTIMIZE_SPEED
+config OPENSSL_WITH_MDC2
        bool
-       default n
-       prompt "Enable optimization for speed instead of size"
+       prompt "Enable MDC2 digest support"
 
-endif
+config OPENSSL_WITH_WHIRLPOOL
+       bool
+       prompt "Enable Whirlpool digest support"
+
+config OPENSSL_WITH_COMPRESSION
+       bool
+       prompt "Enable compression support"
+       help
+               TLS compression is not recommended, as it is deemed insecure.
+               The CRIME attack exploits this weakness.
+               Even with this option turned on, it is disabled by default, and the
+               application must explicitly turn it on.
+
+config OPENSSL_WITH_RFC3779
+       bool
+       prompt "Enable RFC3779 support (BGP)"
+       help
+               RFC 3779 defines two X.509 v3 certificate extensions.  The first
+               binds a list of IP address blocks, or prefixes, to the subject of a
+               certificate.  The second binds a list of autonomous system
+               identifiers to the subject of a certificate.  These extensions may be
+               used to convey the authorization of the subject to use the IP
+               addresses and autonomous system identifiers contained in the
+               extensions.
+
+comment "Engine/Hardware Support"
+
+config OPENSSL_ENGINE
+       bool "Enable engine support"
+       help
+               This enables alternative cryptography implementations,
+               most commonly for interfacing with external crypto devices,
+               or supporting new/alternative ciphers and digests.
 
 config OPENSSL_ENGINE_CRYPTO
        bool
-       select OPENSSL_HARDWARE_SUPPORT
-       prompt "Crypto acceleration support" if PACKAGE_libopenssl
+       select OPENSSL_ENGINE
+       select PACKAGE_kmod-cryptodev
+       prompt "Acceleration support through /dev/crypto"
+       help
+               This enables use of hardware acceleration through OpenBSD
+               Cryptodev API (/dev/crypto) interface.
+               You must install kmod-cryptodev (under Kernel modules, Cryptographic
+               API modules) for /dev/crypto to show up and use hardware
+               acceleration; otherwise it falls back to software.
+
+config OPENSSL_ENGINE_DIGEST
+       bool
+       depends on OPENSSL_ENGINE_CRYPTO
+       prompt "/dev/crypto digest (md5/sha1) acceleration support"
+
+config OPENSSL_WITH_GOST
+       bool
+       prompt "Prepare library for GOST engine"
+       depends on OPENSSL_ENGINE
+       help
+               This option prepares the library to accept engine support
+               for Russian GOST crypto algorithms.
+
+endif
+
index 71c2c9c..d9b1de2 100644 (file)
@@ -15,7 +15,7 @@ PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=0
-
+PKG_BUILD_DEPENDS:=cryptodev-linux
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
@@ -25,24 +25,35 @@ PKG_SOURCE_URL:= \
        http://www.openssl.org/source/ \
        http://www.openssl.org/source/old/$(PKG_BASE)/
 PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
+ENGINES_DIR=engines
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:openssl:openssl
 PKG_CONFIG_DEPENDS:= \
+       CONFIG_OPENSSL_ENGINE \
        CONFIG_OPENSSL_ENGINE_CRYPTO \
        CONFIG_OPENSSL_ENGINE_DIGEST \
-       CONFIG_OPENSSL_WITH_EC \
-       CONFIG_OPENSSL_WITH_EC2M \
-       CONFIG_OPENSSL_WITH_SSL3 \
-       CONFIG_OPENSSL_HARDWARE_SUPPORT \
        CONFIG_OPENSSL_NO_DEPRECATED \
-       CONFIG_OPENSSL_WITH_DTLS \
+       CONFIG_OPENSSL_OPTIMIZE_SPEED \
+       CONFIG_OPENSSL_WITH_ASM \
+       CONFIG_OPENSSL_WITH_CAMELLIA \
+       CONFIG_OPENSSL_WITH_CMS \
        CONFIG_OPENSSL_WITH_COMPRESSION \
+       CONFIG_OPENSSL_WITH_DTLS \
+       CONFIG_OPENSSL_WITH_EC \
+       CONFIG_OPENSSL_WITH_EC2M \
+       CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
+       CONFIG_OPENSSL_WITH_GOST \
+       CONFIG_OPENSSL_WITH_IDEA \
+       CONFIG_OPENSSL_WITH_MDC2 \
        CONFIG_OPENSSL_WITH_NPN \
        CONFIG_OPENSSL_WITH_PSK \
+       CONFIG_OPENSSL_WITH_RFC3779 \
+       CONFIG_OPENSSL_WITH_SEED \
        CONFIG_OPENSSL_WITH_SRP \
-       CONFIG_OPENSSL_OPTIMIZE_SPEED
+       CONFIG_OPENSSL_WITH_SSE2 \
+       CONFIG_OPENSSL_WITH_WHIRLPOOL
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -54,6 +65,8 @@ endif
 define Package/openssl/Default
   TITLE:=Open source SSL toolkit
   URL:=http://www.openssl.org/
+  SECTION:=libs
+  CATEGORY:=Libraries
 endef
 
 define Package/libopenssl/config
@@ -62,16 +75,14 @@ endef
 
 define Package/openssl/Default/description
 The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, full-featured, and Open Source toolkit implementing the Secure
-Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
-as a full-strength general purpose cryptography library.
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) protocol as well as a full-strength
+general-purpose cryptography library.
 endef
 
 define Package/libopenssl
 $(call Package/openssl/Default)
-  SECTION:=libs
   SUBMENU:=SSL
-  CATEGORY:=Libraries
   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
   TITLE+= (libraries)
   ABI_VERSION:=1.0.0
@@ -100,19 +111,35 @@ $(call Package/openssl/Default/description)
 This package contains the OpenSSL command-line utility.
 endef
 
+define Package/libopenssl-gost
+  $(call Package/openssl/Default)
+  SUBMENU:=SSL
+  TITLE:=Russian GOST algorithms engine
+  DEPENDS:=libopenssl +@OPENSSL_WITH_GOST
+endef
+
+define Package/libopenssl-gost/description
+This package adds an engine that enables Russian GOST algorithms.
+To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "gost"
+endef
 
-OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
- no-whrlpool no-whirlpool no-seed no-jpake
-OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
+define Package/libopenssl-padlock
+  $(call Package/openssl/Default)
+  SUBMENU:=SSL
+  TITLE:=VIA Padlock hardware acceleration engine
+  DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
+endef
 
-ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
-  OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
-  ifdef CONFIG_OPENSSL_ENGINE_DIGEST
-    OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
-  endif
-else
-  OPENSSL_OPTIONS += no-engines
-endif
+define Package/libopenssl-padlock/description
+This package adds an engine that enables VIA Padlock hardware acceleration.
+To use it, you need to configure it in /etc/ssl/openssl.cnf.
+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
+The engine_id is "padlock"
+endef
+
+OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method
 
 ifndef CONFIG_OPENSSL_WITH_EC
   OPENSSL_OPTIONS += no-ec
@@ -122,20 +149,70 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
   OPENSSL_OPTIONS += no-ec2m
 endif
 
-ifndef CONFIG_OPENSSL_WITH_SSL3
-  OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
+ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
+  OPENSSL_OPTIONS += no-err
+endif
+
+ifndef CONFIG_OPENSSL_WITH_CAMELLIA
+  OPENSSL_OPTIONS += no-camellia
+endif
+
+ifndef CONFIG_OPENSSL_WITH_IDEA
+  OPENSSL_OPTIONS += no-idea
+endif
+
+ifndef CONFIG_OPENSSL_WITH_SEED
+  OPENSSL_OPTIONS += no-seed
 endif
 
-ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
-  OPENSSL_OPTIONS += no-hw
+ifndef CONFIG_OPENSSL_WITH_MDC2
+  OPENSSL_OPTIONS += no-mdc2
+endif
+
+ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
+  OPENSSL_OPTIONS += no-whirlpool
+endif
+
+ifndef CONFIG_OPENSSL_WITH_CMS
+  OPENSSL_OPTIONS += no-cms
+endif
+
+ifdef CONFIG_OPENSSL_WITH_RFC3779
+  OPENSSL_OPTIONS += enable-rfc3779
 endif
 
 ifdef CONFIG_OPENSSL_NO_DEPRECATED
   OPENSSL_OPTIONS += no-deprecated
 endif
 
+ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
+  TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+else
+  OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
+endif
+
+ifdef CONFIG_OPENSSL_ENGINE
+  ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
+    OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
+    ifdef CONFIG_OPENSSL_ENGINE_DIGEST
+      OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
+    endif
+  endif
+  ifndef CONFIG_PACKAGE_libopenssl-padlock
+    OPENSSL_OPTIONS += no-hw-padlock
+  endif
+else
+  OPENSSL_OPTIONS += no-engine
+endif
+
+ifndef CONFIG_OPENSSL_WITH_GOST
+  OPENSSL_OPTIONS += no-gost
+endif
+
+# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code,
+# but openssl util gets built without it
 ifndef CONFIG_OPENSSL_WITH_DTLS
-  OPENSSL_OPTIONS += no-dtls
+  OPENSSL_OPTIONS += no-dtls no-dtls1
 endif
 
 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
@@ -156,27 +233,18 @@ ifndef CONFIG_OPENSSL_WITH_SRP
   OPENSSL_OPTIONS += no-srp
 endif
 
-ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
-  TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
+ifndef CONFIG_OPENSSL_WITH_ASM
+  OPENSSL_OPTIONS += no-asm
 endif
 
-ifeq ($(CONFIG_x86_64),y)
-  OPENSSL_TARGET:=linux-x86_64-openwrt
-  OPENSSL_MAKEFLAGS += LIBDIR=lib
-else
-  OPENSSL_OPTIONS+=no-sse2
-  ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
-    OPENSSL_TARGET:=linux-mips-openwrt
-  else ifeq ($(CONFIG_aarch64),y)
-    OPENSSL_TARGET:=linux-aarch64-openwrt
-  else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
-    OPENSSL_TARGET:=linux-armv4-openwrt
-  else
-    OPENSSL_TARGET:=linux-generic-openwrt
-    OPENSSL_OPTIONS+=no-perlasm
+ifdef CONFIG_i386
+  ifndef CONFIG_OPENSSL_WITH_SSE2
+    OPENSSL_OPTIONS += no-sse2
   endif
 endif
 
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 
 define Build/Configure
@@ -187,11 +255,10 @@ define Build/Configure
        (cd $(PKG_BUILD_DIR); \
                ./Configure $(OPENSSL_TARGET) \
                        --prefix=/usr \
+                       --libdir=lib \
                        --openssldir=/etc/ssl \
                        $(TARGET_CPPFLAGS) \
-                       $(TARGET_LDFLAGS) -ldl \
-                       $(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
-                       $(OPENSSL_NO_CIPHERS) \
+                       $(TARGET_LDFLAGS) \
                        $(OPENSSL_OPTIONS) \
        )
        +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
@@ -202,7 +269,7 @@ define Build/Configure
                depend
 endef
 
-TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 TARGET_LDFLAGS += -Wl,--gc-sections
 
 define Build/Compile
@@ -251,20 +318,33 @@ define Build/InstallDev
 endef
 
 define Package/libopenssl/install
+       $(INSTALL_DIR) $(1)/etc/ssl/certs
+       $(INSTALL_DIR) $(1)/etc/ssl/private
+       chmod 0700 $(1)/etc/ssl/private
        $(INSTALL_DIR) $(1)/usr/lib
        $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
        $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
+       $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 endef
 
 define Package/openssl-util/install
        $(INSTALL_DIR) $(1)/etc/ssl
        $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
-       $(INSTALL_DIR) $(1)/etc/ssl/certs
-       $(INSTALL_DIR) $(1)/etc/ssl/private
-       chmod 0700 $(1)/etc/ssl/private
        $(INSTALL_DIR) $(1)/usr/bin
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 endef
 
+define Package/libopenssl-padlock/install
+       $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
+define Package/libopenssl-gost/install
+       $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR)
+endef
+
 $(eval $(call BuildPackage,libopenssl))
+$(eval $(call BuildPackage,libopenssl-gost))
+$(eval $(call BuildPackage,libopenssl-padlock))
 $(eval $(call BuildPackage,openssl-util))
diff --git a/package/libs/openssl/include/crypto/cryptodev.h b/package/libs/openssl/include/crypto/cryptodev.h
deleted file mode 100644 (file)
index 7fb9c7d..0000000
+++ /dev/null
@@ -1,292 +0,0 @@
-/* This is a source compatible implementation with the original API of
- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
- * Placed under public domain */
-
-#ifndef L_CRYPTODEV_H
-#define L_CRYPTODEV_H
-
-#include <linux/types.h>
-#ifndef __KERNEL__
-#define __user
-#endif
-
-/* API extensions for linux */
-#define CRYPTO_HMAC_MAX_KEY_LEN                512
-#define CRYPTO_CIPHER_MAX_KEY_LEN      64
-
-/* All the supported algorithms
- */
-enum cryptodev_crypto_op_t {
-       CRYPTO_DES_CBC = 1,
-       CRYPTO_3DES_CBC = 2,
-       CRYPTO_BLF_CBC = 3,
-       CRYPTO_CAST_CBC = 4,
-       CRYPTO_SKIPJACK_CBC = 5,
-       CRYPTO_MD5_HMAC = 6,
-       CRYPTO_SHA1_HMAC = 7,
-       CRYPTO_RIPEMD160_HMAC = 8,
-       CRYPTO_MD5_KPDK = 9,
-       CRYPTO_SHA1_KPDK = 10,
-       CRYPTO_RIJNDAEL128_CBC = 11,
-       CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
-       CRYPTO_ARC4 = 12,
-       CRYPTO_MD5 = 13,
-       CRYPTO_SHA1 = 14,
-       CRYPTO_DEFLATE_COMP = 15,
-       CRYPTO_NULL = 16,
-       CRYPTO_LZS_COMP = 17,
-       CRYPTO_SHA2_256_HMAC = 18,
-       CRYPTO_SHA2_384_HMAC = 19,
-       CRYPTO_SHA2_512_HMAC = 20,
-       CRYPTO_AES_CTR = 21,
-       CRYPTO_AES_XTS = 22,
-       CRYPTO_AES_ECB = 23,
-       CRYPTO_AES_GCM = 50,
-
-       CRYPTO_CAMELLIA_CBC = 101,
-       CRYPTO_RIPEMD160,
-       CRYPTO_SHA2_224,
-       CRYPTO_SHA2_256,
-       CRYPTO_SHA2_384,
-       CRYPTO_SHA2_512,
-       CRYPTO_SHA2_224_HMAC,
-       CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
-};
-
-#define        CRYPTO_ALGORITHM_MAX    (CRYPTO_ALGORITHM_ALL - 1)
-
-/* Values for ciphers */
-#define DES_BLOCK_LEN          8
-#define DES3_BLOCK_LEN         8
-#define RIJNDAEL128_BLOCK_LEN  16
-#define AES_BLOCK_LEN          RIJNDAEL128_BLOCK_LEN
-#define CAMELLIA_BLOCK_LEN      16
-#define BLOWFISH_BLOCK_LEN     8
-#define SKIPJACK_BLOCK_LEN     8
-#define CAST128_BLOCK_LEN      8
-
-/* the maximum of the above */
-#define EALG_MAX_BLOCK_LEN     16
-
-/* Values for hashes/MAC */
-#define AALG_MAX_RESULT_LEN            64
-
-/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
-#define CRYPTODEV_MAX_ALG_NAME         64
-
-#define HASH_MAX_LEN 64
-
-/* input of CIOCGSESSION */
-struct session_op {
-       /* Specify either cipher or mac
-        */
-       __u32   cipher;         /* cryptodev_crypto_op_t */
-       __u32   mac;            /* cryptodev_crypto_op_t */
-
-       __u32   keylen;
-       __u8    __user *key;
-       __u32   mackeylen;
-       __u8    __user *mackey;
-
-       __u32   ses;            /* session identifier */
-};
-
-struct session_info_op {
-       __u32 ses;              /* session identifier */
-
-       /* verbose names for the requested ciphers */
-       struct alg_info {
-               char cra_name[CRYPTODEV_MAX_ALG_NAME];
-               char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
-       } cipher_info, hash_info;
-
-       __u16   alignmask;      /* alignment constraints */
-       __u32   flags;          /* SIOP_FLAGS_* */
-};
-
-/* If this flag is set then this algorithm uses
- * a driver only available in kernel (software drivers,
- * or drivers based on instruction sets do not set this flag).
- *
- * If multiple algorithms are involved (as in AEAD case), then
- * if one of them is kernel-driver-only this flag will be set.
- */
-#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
-
-#define        COP_ENCRYPT     0
-#define COP_DECRYPT    1
-
-/* input of CIOCCRYPT */
-struct crypt_op {
-       __u32   ses;            /* session identifier */
-       __u16   op;             /* COP_ENCRYPT or COP_DECRYPT */
-       __u16   flags;          /* see COP_FLAG_* */
-       __u32   len;            /* length of source data */
-       __u8    __user *src;    /* source data */
-       __u8    __user *dst;    /* pointer to output data */
-       /* pointer to output data for hash/MAC operations */
-       __u8    __user *mac;
-       /* initialization vector for encryption operations */
-       __u8    __user *iv;
-};
-
-/* input of CIOCAUTHCRYPT */
-struct crypt_auth_op {
-       __u32   ses;            /* session identifier */
-       __u16   op;             /* COP_ENCRYPT or COP_DECRYPT */
-       __u16   flags;          /* see COP_FLAG_AEAD_* */
-       __u32   len;            /* length of source data */
-       __u32   auth_len;       /* length of auth data */
-       __u8    __user *auth_src;       /* authenticated-only data */
-
-       /* The current implementation is more efficient if data are
-        * encrypted in-place (src==dst). */
-       __u8    __user *src;    /* data to be encrypted and authenticated */
-       __u8    __user *dst;    /* pointer to output data. Must have
-                                * space for tag. For TLS this should be at least 
-                                * len + tag_size + block_size for padding */
-
-       __u8    __user *tag;    /* where the tag will be copied to. TLS mode
-                                 * doesn't use that as tag is copied to dst.
-                                 * SRTP mode copies tag there. */
-       __u32   tag_len;        /* the length of the tag. Use zero for digest size or max tag. */
-
-       /* initialization vector for encryption operations */
-       __u8    __user *iv;
-       __u32   iv_len;
-};
-
-/* In plain AEAD mode the following are required:
- *  flags   : 0
- *  iv      : the initialization vector (12 bytes)
- *  auth_len: the length of the data to be authenticated
- *  auth_src: the data to be authenticated
- *  len     : length of data to be encrypted
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data. It must have
- *            at least a size of len + tag_size.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the maximum tag output.
- *
- * Note tag isn't being used because the Linux AEAD interface
- * copies the tag just after data.
- */
-
-/* In TLS mode (used for CBC ciphers that required padding) 
- * the following are required:
- *  flags   : COP_FLAG_AEAD_TLS_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated only
- *  len     : length of data to be encrypted
- *  auth_src: the data to be authenticated
- *  src     : the data to be encrypted
- *  dst     : space to hold encrypted data (preferably in-place). It must have
- *            at least a size of len + tag_size + blocksize.
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *
- * Note that the padding used is the minimum padding.
- */
-
-/* In SRTP mode the following are required:
- *  flags   : COP_FLAG_AEAD_SRTP_TYPE
- *  iv      : the initialization vector
- *  auth_len: the length of the data to be authenticated. This must
- *            include the SRTP header + SRTP payload (data to be encrypted) + rest
- *            
- *  len     : length of data to be encrypted
- *  auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
- *  src     : pointer to the data to be encrypted.
- *  dst     : This is mandatory to be the same as src (in-place only).
- *  tag_size: the size of the desired authentication tag or zero to use
- *            the default mac output.
- *  tag     : Pointer to an address where the authentication tag will be copied.
- */
-
-
-/* struct crypt_op flags */
-
-#define COP_FLAG_NONE          (0 << 0) /* totally no flag */
-#define COP_FLAG_UPDATE                (1 << 0) /* multi-update hash mode */
-#define COP_FLAG_FINAL         (1 << 1) /* multi-update final hash mode */
-#define COP_FLAG_WRITE_IV      (1 << 2) /* update the IV during operation */
-#define COP_FLAG_NO_ZC         (1 << 3) /* do not zero-copy */
-#define COP_FLAG_AEAD_TLS_TYPE  (1 << 4) /* authenticate and encrypt using the 
-                                          * TLS protocol rules */
-#define COP_FLAG_AEAD_SRTP_TYPE  (1 << 5) /* authenticate and encrypt using the 
-                                           * SRTP protocol rules */
-#define COP_FLAG_RESET         (1 << 6) /* multi-update reset the state.
-                                          * should be used in combination
-                                          * with COP_FLAG_UPDATE */
-
-
-/* Stuff for bignum arithmetic and public key
- * cryptography - not supported yet by linux
- * cryptodev.
- */
-
-#define        CRYPTO_ALG_FLAG_SUPPORTED       1
-#define        CRYPTO_ALG_FLAG_RNG_ENABLE      2
-#define        CRYPTO_ALG_FLAG_DSA_SHA         4
-
-struct crparam {
-       __u8    *crp_p;
-       __u32   crp_nbits;
-};
-
-#define CRK_MAXPARAM   8
-
-/* input of CIOCKEY */
-struct crypt_kop {
-       __u32   crk_op;         /* cryptodev_crk_op_t */
-       __u32   crk_status;
-       __u16   crk_iparams;
-       __u16   crk_oparams;
-       __u32   crk_pad1;
-       struct crparam  crk_param[CRK_MAXPARAM];
-};
-
-enum cryptodev_crk_op_t {
-       CRK_MOD_EXP = 0,
-       CRK_MOD_EXP_CRT = 1,
-       CRK_DSA_SIGN = 2,
-       CRK_DSA_VERIFY = 3,
-       CRK_DH_COMPUTE_KEY = 4,
-       CRK_ALGORITHM_ALL
-};
-
-#define CRK_ALGORITHM_MAX      (CRK_ALGORITHM_ALL-1)
-
-/* features to be queried with CIOCASYMFEAT ioctl
- */
-#define CRF_MOD_EXP            (1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT                (1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN           (1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY         (1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY     (1 << CRK_DH_COMPUTE_KEY)
-
-
-/* ioctl's. Compatible with old linux cryptodev.h
- */
-#define CRIOGET         _IOWR('c', 101, __u32)
-#define CIOCGSESSION    _IOWR('c', 102, struct session_op)
-#define CIOCFSESSION    _IOW('c', 103, __u32)
-#define CIOCCRYPT       _IOWR('c', 104, struct crypt_op)
-#define CIOCKEY         _IOWR('c', 105, struct crypt_kop)
-#define CIOCASYMFEAT    _IOR('c', 106, __u32)
-#define CIOCGSESSINFO  _IOWR('c', 107, struct session_info_op)
-
-/* to indicate that CRIOGET is not required in linux
- */
-#define CRIOGET_NOT_NEEDED 1
-
-/* additional ioctls for AEAD */
-#define CIOCAUTHCRYPT   _IOWR('c', 109, struct crypt_auth_op)
-
-/* additional ioctls for asynchronous operation.
- * These are conditionally enabled since version 1.6.
- */
-#define CIOCASYNCCRYPT    _IOW('c', 110, struct crypt_op)
-#define CIOCASYNCFETCH    _IOR('c', 111, struct crypt_op)
-
-#endif /* L_CRYPTODEV_H */
diff --git a/package/libs/openssl/patches/100-openwrt_targets.patch b/package/libs/openssl/patches/100-openwrt_targets.patch
new file mode 100644 (file)
index 0000000..52a51f9
--- /dev/null
@@ -0,0 +1,44 @@
+From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 16:21:27 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
++++ b/Configure
+@@ -470,6 +470,32 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
++# OpenWrt targets
++# from linux-aarch64
++"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-generic32
++"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-armv4
++"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-elf
++"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-mips32
++"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux64-mips64
++"linux-mips64-openwrt",   "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux64-mips64
++"linux-mips64el-openwrt",   "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-mips32
++"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-ppc
++"linux-powerpc-openwrt",      "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++# from linux-x86_64
++"linux-x86_64-openwrt",       "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++# from linux-generic32
++"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch
deleted file mode 100644 (file)
index d6d4a21..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -470,6 +470,13 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-+# OpenWrt targets
-+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64-openwrt",       "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/package/libs/openssl/patches/110-perl-path.patch b/package/libs/openssl/patches/110-perl-path.patch
new file mode 100644 (file)
index 0000000..2dbdc76
--- /dev/null
@@ -0,0 +1,64 @@
+--- a/Configure
++++ b/Configure
+@@ -1,4 +1,4 @@
+-:
++#!/usr/bin/perl
+ eval 'exec perl -S $0 ${1+"$@"}'
+     if $running_under_some_shell;
+ ##
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ # Perl c_rehash script, scan all files in a directory
+ # and add symbolic links to their hash values.
+--- a/util/clean-depend.pl
++++ b/util/clean-depend.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ # Clean the dependency list in a makefile of standard includes...
+ # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+--- a/util/mkdef.pl
++++ b/util/mkdef.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ #
+ # generate a .def file
+ #
+--- a/util/mkerr.pl
++++ b/util/mkerr.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ my $config = "crypto/err/openssl.ec";
+ my $hprefix = "openssl/";
+--- a/util/mkstack.pl
++++ b/util/mkstack.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ # This is a utility that searches out "DECLARE_STACK_OF()"
+ # declarations in .h and .c files, and updates/creates/replaces
+--- a/util/pod2man.pl
++++ b/util/pod2man.pl
+@@ -1,4 +1,4 @@
+-: #!/usr/bin/perl-5.005
++#!/usr/bin/perl
+     eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+       if $running_under_some_shell;
+--- a/util/selftest.pl
++++ b/util/selftest.pl
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl -w
++#!/usr/bin/perl
+ #
+ # Run the test suite and generate a report
+ #
diff --git a/package/libs/openssl/patches/120-makefile-dirs.patch b/package/libs/openssl/patches/120-makefile-dirs.patch
new file mode 100644 (file)
index 0000000..5bcb316
--- /dev/null
@@ -0,0 +1,11 @@
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -137,7 +137,7 @@ FIPSCANLIB=
+ BASEADDR=
+-DIRS=   crypto ssl engines apps test tools
++DIRS=   crypto ssl engines apps
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
diff --git a/package/libs/openssl/patches/130-disable_doc_tests.patch b/package/libs/openssl/patches/130-disable_doc_tests.patch
new file mode 100644 (file)
index 0000000..e38d44a
--- /dev/null
@@ -0,0 +1,58 @@
+--- a/Makefile
++++ b/Makefile
+@@ -139,7 +139,7 @@ FIPSCANLIB=
+ BASEADDR=0xFB00000
+-DIRS=   crypto ssl engines apps test tools
++DIRS=   crypto ssl engines apps tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+@@ -157,7 +157,7 @@ SDIRS=  \
+ # tests to perform.  "alltests" is a special word indicating that all tests
+ # should be performed.
+-TESTS = alltests
++TESTS =
+ MAKEFILE= Makefile
+@@ -171,7 +171,7 @@ SHELL=/bin/sh
+ TOP=    .
+ ONEDIRS=out tmp
+-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
++EDIRS=  times bugs util include certs ms shlib mt demos perl sf dep VMS
+ WDIRS=  windows
+ LIBS=   libcrypto.a libssl.a
+ SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+@@ -276,7 +276,7 @@ reflect:
+ sub_all: build_all
+-build_all: build_libs build_apps build_tests build_tools
++build_all: build_libs build_apps build_tools
+ build_libs: build_libcrypto build_libssl openssl.pc
+@@ -542,7 +542,7 @@ dist:
+       @$(MAKE) SDIRS='$(SDIRS)' clean
+       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+-install: all install_docs install_sw
++install: all install_sw
+ install_sw:
+       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -540,7 +540,7 @@ dist:
+       @$(MAKE) SDIRS='$(SDIRS)' clean
+       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+-install: all install_docs install_sw
++install: all install_sw
+ install_sw:
+       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
diff --git a/package/libs/openssl/patches/130-perl-path.patch b/package/libs/openssl/patches/130-perl-path.patch
deleted file mode 100644 (file)
index 2dbdc76..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -1,4 +1,4 @@
--:
-+#!/usr/bin/perl
- eval 'exec perl -S $0 ${1+"$@"}'
-     if $running_under_some_shell;
- ##
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl
-+#!/usr/bin/perl
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
---- a/util/clean-depend.pl
-+++ b/util/clean-depend.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- # Clean the dependency list in a makefile of standard includes...
- # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
---- a/util/mkdef.pl
-+++ b/util/mkdef.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- #
- # generate a .def file
- #
---- a/util/mkerr.pl
-+++ b/util/mkerr.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- my $config = "crypto/err/openssl.ec";
- my $hprefix = "openssl/";
---- a/util/mkstack.pl
-+++ b/util/mkstack.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- # This is a utility that searches out "DECLARE_STACK_OF()"
- # declarations in .h and .c files, and updates/creates/replaces
---- a/util/pod2man.pl
-+++ b/util/pod2man.pl
-@@ -1,4 +1,4 @@
--: #!/usr/bin/perl-5.005
-+#!/usr/bin/perl
-     eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
-       if $running_under_some_shell;
---- a/util/selftest.pl
-+++ b/util/selftest.pl
-@@ -1,4 +1,4 @@
--#!/usr/local/bin/perl -w
-+#!/usr/bin/perl
- #
- # Run the test suite and generate a report
- #
diff --git a/package/libs/openssl/patches/140-bash_path.patch b/package/libs/openssl/patches/140-bash_path.patch
new file mode 100644 (file)
index 0000000..c29b59a
--- /dev/null
@@ -0,0 +1,8 @@
+--- a/util/domd
++++ b/util/domd
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/usr/bin/env bash
+ # Do a makedepend, only leave out the standard headers
+ # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/140-makefile-dirs.patch
deleted file mode 100644 (file)
index 83c412f..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -137,7 +137,7 @@ FIPSCANLIB=
- BASEADDR=
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl apps
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
diff --git a/package/libs/openssl/patches/150-fix_link_segfault.patch b/package/libs/openssl/patches/150-fix_link_segfault.patch
new file mode 100644 (file)
index 0000000..3e36beb
--- /dev/null
@@ -0,0 +1,18 @@
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -95,7 +95,6 @@ LINK_APP=    \
+     LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+ LINK_SO=      \
+@@ -105,7 +104,6 @@ LINK_SO=   \
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+-    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+       $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch
deleted file mode 100644 (file)
index a518a00..0000000
+++ /dev/null
@@ -1,81 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -2144,6 +2144,11 @@ EOF
-       close(OUT);
-   }
-   
-+# ugly hack to disable engines
-+if($target eq "mingwx") {
-+      system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
-+}
-+
- print <<EOF;
- Configured for $target.
---- a/util/libeay.num
-+++ b/util/libeay.num
-@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it
- UI_add_error_string                     2633  EXIST::FUNCTION:
- KRB5_CHECKSUM_free                      2634  EXIST::FUNCTION:
- OCSP_REQUEST_get_ext                    2635  EXIST::FUNCTION:
--ENGINE_load_ubsec                       2636  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- ENGINE_register_all_digests             2637  EXIST::FUNCTION:ENGINE
- PKEY_USAGE_PERIOD_it                    2638  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKEY_USAGE_PERIOD_it                    2638  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new
- AES_set_encrypt_key                     3024  EXIST::FUNCTION:AES
- OCSP_resp_count                         3025  EXIST::FUNCTION:
- KRB5_CHECKSUM_new                       3026  EXIST::FUNCTION:
--ENGINE_load_cswift                      3027  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_onereq_get0_id                     3028  EXIST::FUNCTION:
- ENGINE_set_default_ciphers              3029  EXIST::FUNCTION:ENGINE
- NOTICEREF_it                            3030  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2580,7 +2578,6 @@ ASN1_primitive_free
- i2d_EXTENDED_KEY_USAGE                  3052  EXIST::FUNCTION:
- i2d_OCSP_SIGNATURE                      3053  EXIST::FUNCTION:
- asn1_enc_save                           3054  EXIST::FUNCTION:
--ENGINE_load_nuron                       3055  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_old_des_pcbc_encrypt              3056  EXIST::FUNCTION:DES
- PKCS12_MAC_DATA_it                      3057  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- PKCS12_MAC_DATA_it                      3057  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-@@ -2604,7 +2601,6 @@ asn1_get_choice_selector
- i2d_KRB5_CHECKSUM                       3072  EXIST::FUNCTION:
- ENGINE_set_table_flags                  3073  EXIST::FUNCTION:ENGINE
- AES_options                             3074  EXIST::FUNCTION:AES
--ENGINE_load_chil                        3075  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OCSP_id_cmp                             3076  EXIST::FUNCTION:
- OCSP_BASICRESP_new                      3077  EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_by_NID             3078  EXIST::FUNCTION:
-@@ -2671,7 +2667,6 @@ OCSP_CRLID_it
- OCSP_CRLID_it                           3127  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- i2d_KRB5_AUTHENTBODY                    3128  EXIST::FUNCTION:
- OCSP_REQUEST_get_ext_count              3129  EXIST::FUNCTION:
--ENGINE_load_atalla                      3130  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- X509_NAME_it                            3131  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_NAME_it                            3131  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
- USERNOTICE_it                           3132  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-@@ -2766,8 +2761,6 @@ DES_read_2passwords
- DES_read_password                       3207  EXIST::FUNCTION:DES
- UI_UTIL_read_pw                         3208  EXIST::FUNCTION:
- UI_UTIL_read_pw_string                  3209  EXIST::FUNCTION:
--ENGINE_load_aep                         3210  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
--ENGINE_load_sureware                    3211  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- OPENSSL_add_all_algorithms_noconf       3212  EXIST:!VMS:FUNCTION:
- OPENSSL_add_all_algo_noconf             3212  EXIST:VMS:FUNCTION:
- OPENSSL_add_all_algorithms_conf         3213  EXIST:!VMS:FUNCTION:
-@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules
- AES_ofb128_encrypt                      3215  EXIST::FUNCTION:AES
- AES_ctr128_encrypt                      3216  EXIST::FUNCTION:AES
- AES_cfb128_encrypt                      3217  EXIST::FUNCTION:AES
--ENGINE_load_4758cca                     3218  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- _ossl_096_des_random_seed               3219  EXIST::FUNCTION:DES
- EVP_aes_256_ofb                         3220  EXIST::FUNCTION:AES
- EVP_aes_192_ofb                         3221  EXIST::FUNCTION:AES
-@@ -3111,7 +3103,6 @@ EC_GFp_nist_method
- STORE_meth_set_modify_fn                3530  NOEXIST::FUNCTION:
- STORE_method_set_modify_function        3530  NOEXIST::FUNCTION:
- STORE_parse_attrs_next                  3531  NOEXIST::FUNCTION:
--ENGINE_load_padlock                     3532  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
- EC_GROUP_set_curve_name                 3533  EXIST::FUNCTION:EC
- X509_CERT_PAIR_it                       3534  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
- X509_CERT_PAIR_it                       3534  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/160-disable_doc_tests.patch
deleted file mode 100644 (file)
index e38d44a..0000000
+++ /dev/null
@@ -1,58 +0,0 @@
---- a/Makefile
-+++ b/Makefile
-@@ -139,7 +139,7 @@ FIPSCANLIB=
- BASEADDR=0xFB00000
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
-@@ -157,7 +157,7 @@ SDIRS=  \
- # tests to perform.  "alltests" is a special word indicating that all tests
- # should be performed.
--TESTS = alltests
-+TESTS =
- MAKEFILE= Makefile
-@@ -171,7 +171,7 @@ SHELL=/bin/sh
- TOP=    .
- ONEDIRS=out tmp
--EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-+EDIRS=  times bugs util include certs ms shlib mt demos perl sf dep VMS
- WDIRS=  windows
- LIBS=   libcrypto.a libssl.a
- SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-@@ -276,7 +276,7 @@ reflect:
- sub_all: build_all
--build_all: build_libs build_apps build_tests build_tools
-+build_all: build_libs build_apps build_tools
- build_libs: build_libcrypto build_libssl openssl.pc
-@@ -542,7 +542,7 @@ dist:
-       @$(MAKE) SDIRS='$(SDIRS)' clean
-       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
--install: all install_docs install_sw
-+install: all install_sw
- install_sw:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -540,7 +540,7 @@ dist:
-       @$(MAKE) SDIRS='$(SDIRS)' clean
-       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
--install: all install_docs install_sw
-+install: all install_sw
- install_sw:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
diff --git a/package/libs/openssl/patches/160-remove_timestamp_check.patch b/package/libs/openssl/patches/160-remove_timestamp_check.patch
new file mode 100644 (file)
index 0000000..424e660
--- /dev/null
@@ -0,0 +1,23 @@
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -185,7 +185,7 @@ TARFILE=        ../$(NAME).tar
+ EXHEADER=       e_os2.h
+ HEADER=         e_os.h
+-all: Makefile build_all
++all: build_all
+ # as we stick to -e, CLEARENV ensures that local variables in lower
+ # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+@@ -404,11 +404,6 @@ openssl.pc: Makefile
+           echo 'Version: '$(VERSION); \
+           echo 'Requires: libssl libcrypto' ) > openssl.pc
+-Makefile: Makefile.org Configure config
+-      @echo "Makefile is older than Makefile.org, Configure or config."
+-      @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+-      @false
+-
+ libclean:
+       rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
diff --git a/package/libs/openssl/patches/170-bash_path.patch b/package/libs/openssl/patches/170-bash_path.patch
deleted file mode 100644 (file)
index c29b59a..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
---- a/util/domd
-+++ b/util/domd
-@@ -1,4 +1,4 @@
--#!/bin/sh
-+#!/usr/bin/env bash
- # Do a makedepend, only leave out the standard headers
- # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
diff --git a/package/libs/openssl/patches/170-parallel_build.patch b/package/libs/openssl/patches/170-parallel_build.patch
new file mode 100644 (file)
index 0000000..cbe5d51
--- /dev/null
@@ -0,0 +1,184 @@
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
+ build_libssl: build_ssl libssl.pc
+ build_crypto:
+-      @dir=crypto; target=all; $(BUILD_ONE_CMD)
++      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-      @dir=ssl; target=all; $(BUILD_ONE_CMD)
++      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-      @dir=engines; target=all; $(BUILD_ONE_CMD)
++      +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-      @dir=apps; target=all; $(BUILD_ONE_CMD)
++      +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-      @dir=test; target=all; $(BUILD_ONE_CMD)
++      +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-      @dir=tools; target=all; $(BUILD_ONE_CMD)
++      +@dir=tools; target=all; $(BUILD_ONE_CMD)
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
+       @set -e; target=update; $(RECURSIVE_BUILD_CMD)
+ depend:
+-      @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
++      +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+ lint:
+       @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+@@ -535,9 +535,9 @@ dist:
+       @$(MAKE) SDIRS='$(SDIRS)' clean
+       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+-install: all install_sw
++install: install_sw
+-install_sw:
++install_dirs:
+       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -546,12 +546,19 @@ install_sw:
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++      @$(PERL) $(TOP)/util/mkdir-p.pl \
++              $(INSTALL_PREFIX)$(MANDIR)/man1 \
++              $(INSTALL_PREFIX)$(MANDIR)/man3 \
++              $(INSTALL_PREFIX)$(MANDIR)/man5 \
++              $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+       do \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+-      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+       do \
+               if [ -f "$$i" ]; then \
+@@ -635,12 +642,7 @@ install_html_docs:
+               done; \
+       done
+-install_docs:
+-      @$(PERL) $(TOP)/util/mkdir-p.pl \
+-              $(INSTALL_PREFIX)$(MANDIR)/man1 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man3 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man5 \
+-              $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+       here="`pwd`"; \
+       filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -120,6 +120,7 @@ SYMLINK_SO=        \
+                       done; \
+               fi; \
+               if [ -n "$$SHLIB_SOVER" ]; then \
++                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+               fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -87,11 +87,11 @@ testapps:
+       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ subdirs:
+-      @target=all; $(RECURSIVE_MAKE)
++      +@target=all; $(RECURSIVE_MAKE)
+ files:
+       $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-      @target=files; $(RECURSIVE_MAKE)
++      +@target=files; $(RECURSIVE_MAKE)
+ links:
+       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -102,7 +102,7 @@ links:
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:  $(LIB)
+       @touch lib
+-$(LIB):       $(LIBOBJ)
++$(LIB):       $(LIBOBJ) | subdirs
+       $(AR) $(LIB) $(LIBOBJ)
+       test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+       $(RANLIB) $(LIB) || echo Never mind.
+@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs
+       fi
+ libs:
+-      @target=lib; $(RECURSIVE_MAKE)
++      +@target=lib; $(RECURSIVE_MAKE)
+ install:
+       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -122,7 +122,7 @@ install:
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+-      @target=install; $(RECURSIVE_MAKE)
++      +@target=install; $(RECURSIVE_MAKE)
+ lint:
+       @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@ top:
+ all:  lib subdirs
+-lib:  $(LIBOBJ)
++lib:  $(LIBOBJ) | subdirs
+       @if [ -n "$(SHARED_LIBS)" ]; then \
+               set -e; \
+               for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
+ subdirs:
+       echo $(EDIRS)
+-      @target=all; $(RECURSIVE_MAKE)
++      +@target=all; $(RECURSIVE_MAKE)
+ files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@ install:
+                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+               done; \
+       fi
+-      @target=install; $(RECURSIVE_MAKE)
++      +@target=install; $(RECURSIVE_MAKE)
+ tags:
+       ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -145,7 +145,7 @@ install:
+ tags:
+       ctags $(SRC)
+-tests:        exe apps $(TESTS)
++tests:        exe $(TESTS)
+ apps:
+       @(cd ..; $(MAKE) DIRS=apps all)
+@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
+ #     fi
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-      @target=dummytest; $(BUILD_CMD)
++      +@target=dummytest; $(BUILD_CMD)
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/package/libs/openssl/patches/180-fix_link_segfault.patch b/package/libs/openssl/patches/180-fix_link_segfault.patch
deleted file mode 100644 (file)
index 3e36beb..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -95,7 +95,6 @@ LINK_APP=    \
-     LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
--    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
- LINK_SO=      \
-@@ -105,7 +104,6 @@ LINK_SO=   \
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
--    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
-       -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-       $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
diff --git a/package/libs/openssl/patches/180-strip-cflags-from-binary.patch b/package/libs/openssl/patches/180-strip-cflags-from-binary.patch
new file mode 100644 (file)
index 0000000..e70bd07
--- /dev/null
@@ -0,0 +1,21 @@
+From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 26 Sep 2018 18:04:58 -0300
+Subject: Avoid exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -57,7 +57,7 @@ top:
+ all: shared
+ buildinf.h: ../Makefile
+-      $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++      $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap%  -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h
+ x86cpuid.s:   x86cpuid.pl perlasm/x86asm.pl
+       $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/190-remove_timestamp_check.patch
deleted file mode 100644 (file)
index 424e660..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -185,7 +185,7 @@ TARFILE=        ../$(NAME).tar
- EXHEADER=       e_os2.h
- HEADER=         e_os.h
--all: Makefile build_all
-+all: build_all
- # as we stick to -e, CLEARENV ensures that local variables in lower
- # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-@@ -404,11 +404,6 @@ openssl.pc: Makefile
-           echo 'Version: '$(VERSION); \
-           echo 'Requires: libssl libcrypto' ) > openssl.pc
--Makefile: Makefile.org Configure config
--      @echo "Makefile is older than Makefile.org, Configure or config."
--      @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
--      @false
--
- libclean:
-       rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/200-parallel_build.patch
deleted file mode 100644 (file)
index 37134e4..0000000
+++ /dev/null
@@ -1,184 +0,0 @@
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engi
- build_libssl: build_ssl libssl.pc
- build_crypto:
--      @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+      +@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--      @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+      +@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--      @dir=engines; target=all; $(BUILD_ONE_CMD)
-+      +@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--      @dir=apps; target=all; $(BUILD_ONE_CMD)
-+      +@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--      @dir=test; target=all; $(BUILD_ONE_CMD)
-+      +@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--      @dir=tools; target=all; $(BUILD_ONE_CMD)
-+      +@dir=tools; target=all; $(BUILD_ONE_CMD)
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -473,7 +473,7 @@ update: errors stacks util/libeay.num ut
-       @set -e; target=update; $(RECURSIVE_BUILD_CMD)
- depend:
--      @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
- lint:
-       @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-@@ -535,9 +535,9 @@ dist:
-       @$(MAKE) SDIRS='$(SDIRS)' clean
-       @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
--install: all install_sw
-+install: install_sw
--install_sw:
-+install_dirs:
-       @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-               $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -546,12 +546,19 @@ install_sw:
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-               $(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+      @$(PERL) $(TOP)/util/mkdir-p.pl \
-+              $(INSTALL_PREFIX)$(MANDIR)/man1 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man3 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man5 \
-+              $(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
-       @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-       do \
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+      +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-       do \
-               if [ -f "$$i" ]; then \
-@@ -635,12 +642,7 @@ install_html_docs:
-               done; \
-       done
--install_docs:
--      @$(PERL) $(TOP)/util/mkdir-p.pl \
--              $(INSTALL_PREFIX)$(MANDIR)/man1 \
--              $(INSTALL_PREFIX)$(MANDIR)/man3 \
--              $(INSTALL_PREFIX)$(MANDIR)/man5 \
--              $(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
-       @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-       here="`pwd`"; \
-       filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -120,6 +120,7 @@ SYMLINK_SO=        \
-                       done; \
-               fi; \
-               if [ -n "$$SHLIB_SOVER" ]; then \
-+                      [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
-                       ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
-                         ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-               fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@ testapps:
-       @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- subdirs:
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--      @target=files; $(RECURSIVE_MAKE)
-+      +@target=files; $(RECURSIVE_MAKE)
- links:
-       @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@ links:
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:  $(LIB)
-       @touch lib
--$(LIB):       $(LIBOBJ)
-+$(LIB):       $(LIBOBJ) | subdirs
-       $(AR) $(LIB) $(LIBOBJ)
-       test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
-       $(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
-       fi
- libs:
--      @target=lib; $(RECURSIVE_MAKE)
-+      +@target=lib; $(RECURSIVE_MAKE)
- install:
-       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@ install:
-       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-       done;
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- lint:
-       @target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@ top:
- all:  lib subdirs
--lib:  $(LIBOBJ)
-+lib:  $(LIBOBJ) | subdirs
-       @if [ -n "$(SHARED_LIBS)" ]; then \
-               set -e; \
-               for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
- subdirs:
-       echo $(EDIRS)
--      @target=all; $(RECURSIVE_MAKE)
-+      +@target=all; $(RECURSIVE_MAKE)
- files:
-       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@ install:
-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-               done; \
-       fi
--      @target=install; $(RECURSIVE_MAKE)
-+      +@target=install; $(RECURSIVE_MAKE)
- tags:
-       ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -145,7 +145,7 @@ install:
- tags:
-       ctags $(SRC)
--tests:        exe apps $(TESTS)
-+tests:        exe $(TESTS)
- apps:
-       @(cd ..; $(MAKE) DIRS=apps all)
-@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
- #     fi
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--      @target=dummytest; $(BUILD_CMD)
-+      +@target=dummytest; $(BUILD_CMD)
- # DO NOT DELETE THIS LINE -- make depend depends on it.