package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_VERSION:=3.0.13
  12 PKG_RELEASE:=1
  13 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
  14
  15 PKG_BUILD_PARALLEL:=1
  16
  17 PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION))))
  18 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  19 PKG_SOURCE_URL:= \
  20         http://www.openssl.org/source/ \
  21         http://www.openssl.org/source/old/$(PKG_BASE)/ \
  22         http://ftp.fi.muni.cz/pub/openssl/source/ \
  23         http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
  24         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  25         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
  26
  27 PKG_HASH:=88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
  28
  29 PKG_LICENSE:=Apache-2.0
  30 PKG_LICENSE_FILES:=LICENSE
  31 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  32 PKG_CPE_ID:=cpe:/a:openssl:openssl
  33 PKG_CONFIG_DEPENDS:= \
  34         CONFIG_OPENSSL_ENGINE \
  35         CONFIG_OPENSSL_ENGINE_BUILTIN \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  39         CONFIG_OPENSSL_NO_DEPRECATED \
  40         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  41         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  42         CONFIG_OPENSSL_SMALL_FOOTPRINT \
  43         CONFIG_OPENSSL_WITH_ARIA \
  44         CONFIG_OPENSSL_WITH_ASM \
  45         CONFIG_OPENSSL_WITH_ASYNC \
  46         CONFIG_OPENSSL_WITH_BLAKE2 \
  47         CONFIG_OPENSSL_WITH_CAMELLIA \
  48         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  49         CONFIG_OPENSSL_WITH_CMS \
  50         CONFIG_OPENSSL_WITH_COMPRESSION \
  51         CONFIG_OPENSSL_WITH_DTLS \
  52         CONFIG_OPENSSL_WITH_EC2M \
  53         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  54         CONFIG_OPENSSL_WITH_IDEA \
  55         CONFIG_OPENSSL_WITH_MDC2 \
  56         CONFIG_OPENSSL_WITH_NPN \
  57         CONFIG_OPENSSL_WITH_PSK \
  58         CONFIG_OPENSSL_WITH_RFC3779 \
  59         CONFIG_OPENSSL_WITH_SEED \
  60         CONFIG_OPENSSL_WITH_SM234 \
  61         CONFIG_OPENSSL_WITH_SRP \
  62         CONFIG_OPENSSL_WITH_SSE2 \
  63         CONFIG_OPENSSL_WITH_TLS13 \
  64         CONFIG_OPENSSL_WITH_WHIRLPOOL
  65
  66 include $(INCLUDE_DIR)/package.mk
  67 include $(INCLUDE_DIR)/openssl-module.mk
  68
  69 ifneq ($(CONFIG_CCACHE),)
  70 HOSTCC=$(HOSTCC_NOCACHE)
  71 HOSTCXX=$(HOSTCXX_NOCACHE)
  72 endif
  73
  74 define Package/openssl/Default
  75   TITLE:=Open source SSL toolkit
  76   URL:=http://www.openssl.org/
  77   SECTION:=libs
  78   CATEGORY:=Libraries
  79 endef
  80
  81 define Package/libopenssl/config
  82 source "$(SOURCE)/Config.in"
  83 endef
  84
  85 define Package/openssl/Default/description
  86 The OpenSSL Project is a collaborative effort to develop a robust,
  87 commercial-grade, full-featured, and Open Source toolkit implementing the
  88 Transport Layer Security (TLS) protocol as well as a full-strength
  89 general-purpose cryptography library.
  90 endef
  91
  92 define Package/libopenssl
  93 $(call Package/openssl/Default)
  94   SUBMENU:=SSL
  95   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  96            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  97            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  98            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock \
  99            +(arm||armeb||mips||mipsel||powerpc||arc):libatomic
 100   TITLE+= (libraries)
 101   ABI_VERSION:=$(firstword $(subst .,$(space),$(PKG_VERSION)))
 102   MENU:=1
 103 endef
 104
 105 define Package/libopenssl/description
 106 $(call Package/openssl/Default/description)
 107 This package contains the OpenSSL shared libraries, needed by other programs.
 108 endef
 109
 110 define Package/openssl-util
 111   $(call Package/openssl/Default)
 112   SECTION:=utils
 113   CATEGORY:=Utilities
 114   DEPENDS:=+libopenssl +libopenssl-conf
 115   TITLE+= (utility)
 116 endef
 117
 118 define Package/openssl-util/description
 119 $(call Package/openssl/Default/description)
 120 This package contains the OpenSSL command-line utility.
 121 endef
 122
 123 define Package/libopenssl-conf
 124   $(call Package/openssl/Default)
 125   SUBMENU:=SSL
 126   TITLE:=/etc/ssl/openssl.cnf config file
 127   DEPENDS:=libopenssl
 128 endef
 129
 130 define Package/libopenssl-conf/conffiles
 131 /etc/ssl/openssl.cnf
 132 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/modules.cnf.d/devcrypto.cnf)
 133 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/modules.cnf.d/padlock.cnf)
 134 endef
 135
 136 define Package/libopenssl-conf/description
 137 $(call Package/openssl/Default/description)
 138 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 139 endef
 140
 141 ifneq ($(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK)$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),)
 142 define Package/libopenssl-conf/postinst
 143 #!/bin/sh
 144
 145 add_engine_config() {
 146         if [ -z "$${IPKG_INSTROOT}" ] && uci -q get "openssl.$$1" >/dev/null; then
 147                 [ "$$(uci -q get "openssl.$$1.builtin")" = 1 ] && return
 148                 uci set "openssl.$$1.builtin=1" && uci commit openssl
 149                 return
 150         fi
 151 }
 152
 153 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),add_engine_config devcrypto)
 154 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),add_engine_config padlock)
 155 endef
 156 endif
 157
 158 $(eval $(call Package/openssl/add-provider,legacy))
 159 define Package/libopenssl-legacy
 160   $(call Package/openssl/Default)
 161   $(call Package/openssl/module/Default)
 162   TITLE:=OpenSSL legacy provider
 163 endef
 164
 165 define Package/libopenssl-legacy/description
 166 The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that
 167 have been deemed legacy. Such algorithms have commonly fallen out of use, have
 168 been deemed insecure by the cryptography community, or something similar.  See
 169 https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
 170 endef
 171
 172 $(eval $(call Package/openssl/add-engine,afalg))
 173 define Package/libopenssl-afalg
 174   $(call Package/openssl/Default)
 175   $(call Package/openssl/engine/Default)
 176   TITLE:=AFALG hardware acceleration engine
 177   DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
 178              @!OPENSSL_ENGINE_BUILTIN
 179 endef
 180
 181 define Package/libopenssl-afalg/description
 182 This package adds an engine that enables hardware acceleration
 183 through the AF_ALG kernel interface.
 184 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 185 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 186 The engine_id is "afalg"
 187 endef
 188
 189 $(eval $(call Package/openssl/add-engine,devcrypto))
 190 define Package/libopenssl-devcrypto
 191   $(call Package/openssl/Default)
 192   $(call Package/openssl/engine/Default)
 193   TITLE:=/dev/crypto hardware acceleration engine
 194   DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
 195 endef
 196
 197 define Package/libopenssl-devcrypto/description
 198 This package adds an engine that enables hardware acceleration
 199 through the /dev/crypto kernel interface.
 200 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 201 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 202 The engine_id is "devcrypto"
 203 endef
 204
 205 $(eval $(call Package/openssl/add-engine,padlock))
 206 define Package/libopenssl-padlock
 207   $(call Package/openssl/Default)
 208   $(call Package/openssl/engine/Default)
 209   TITLE:=VIA Padlock hardware acceleration engine
 210   DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
 211              @!OPENSSL_ENGINE_BUILTIN
 212 endef
 213
 214 define Package/libopenssl-padlock/description
 215 This package adds an engine that enables VIA Padlock hardware acceleration.
 216 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 217 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 218 The engine_id is "padlock"
 219 endef
 220
 221 OPENSSL_OPTIONS:= shared no-tests
 222
 223 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 224   OPENSSL_OPTIONS += no-blake2
 225 endif
 226
 227 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 228   OPENSSL_OPTIONS += no-chacha no-poly1305
 229 else
 230   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 231     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 232   endif
 233 endif
 234
 235 ifndef CONFIG_OPENSSL_WITH_ASYNC
 236   OPENSSL_OPTIONS += no-async
 237 endif
 238
 239 ifndef CONFIG_OPENSSL_WITH_EC2M
 240   OPENSSL_OPTIONS += no-ec2m
 241 endif
 242
 243 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 244   OPENSSL_OPTIONS += no-err
 245 endif
 246
 247 ifndef CONFIG_OPENSSL_WITH_TLS13
 248   OPENSSL_OPTIONS += no-tls1_3
 249 endif
 250
 251 ifndef CONFIG_OPENSSL_WITH_ARIA
 252   OPENSSL_OPTIONS += no-aria
 253 endif
 254
 255 ifndef CONFIG_OPENSSL_WITH_SM234
 256   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 257 endif
 258
 259 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 260   OPENSSL_OPTIONS += no-camellia
 261 endif
 262
 263 ifndef CONFIG_OPENSSL_WITH_IDEA
 264   OPENSSL_OPTIONS += no-idea
 265 endif
 266
 267 ifndef CONFIG_OPENSSL_WITH_SEED
 268   OPENSSL_OPTIONS += no-seed
 269 endif
 270
 271 ifndef CONFIG_OPENSSL_WITH_MDC2
 272   OPENSSL_OPTIONS += no-mdc2
 273 endif
 274
 275 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 276   OPENSSL_OPTIONS += no-whirlpool
 277 endif
 278
 279 ifndef CONFIG_OPENSSL_WITH_CMS
 280   OPENSSL_OPTIONS += no-cms
 281 endif
 282
 283 ifndef CONFIG_OPENSSL_WITH_RFC3779
 284   OPENSSL_OPTIONS += no-rfc3779
 285 endif
 286
 287 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 288   OPENSSL_OPTIONS += no-deprecated
 289 endif
 290
 291 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 292   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 293 endif
 294
 295 ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
 296   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 297 endif
 298
 299 ifdef CONFIG_OPENSSL_ENGINE
 300   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 301     OPENSSL_OPTIONS += disable-dynamic-engine
 302     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 303       OPENSSL_OPTIONS += no-afalgeng
 304     endif
 305     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 306       OPENSSL_OPTIONS += enable-devcryptoeng
 307     endif
 308     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 309       OPENSSL_OPTIONS += no-padlockeng
 310     endif
 311   else
 312     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 313       OPENSSL_OPTIONS += enable-devcryptoeng
 314     endif
 315     ifndef CONFIG_PACKAGE_libopenssl-afalg
 316       OPENSSL_OPTIONS += no-afalgeng
 317     endif
 318     ifndef CONFIG_PACKAGE_libopenssl-padlock
 319       OPENSSL_OPTIONS += no-padlockeng
 320     endif
 321   endif
 322 else
 323   OPENSSL_OPTIONS += no-engine
 324 endif
 325
 326 ifndef CONFIG_OPENSSL_WITH_DTLS
 327   OPENSSL_OPTIONS += no-dtls
 328 endif
 329
 330 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 331   OPENSSL_OPTIONS += zlib-dynamic
 332 else
 333   OPENSSL_OPTIONS += no-comp
 334 endif
 335
 336 ifndef CONFIG_OPENSSL_WITH_NPN
 337   OPENSSL_OPTIONS += no-nextprotoneg
 338 endif
 339
 340 ifndef CONFIG_OPENSSL_WITH_PSK
 341   OPENSSL_OPTIONS += no-psk
 342 endif
 343
 344 ifndef CONFIG_OPENSSL_WITH_SRP
 345   OPENSSL_OPTIONS += no-srp
 346 endif
 347
 348 ifndef CONFIG_OPENSSL_WITH_ASM
 349   OPENSSL_OPTIONS += no-asm
 350 endif
 351
 352 ifdef CONFIG_i386
 353   ifndef CONFIG_OPENSSL_WITH_SSE2
 354     OPENSSL_OPTIONS += no-sse2
 355   endif
 356 endif
 357
 358 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 359
 360 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
 361
 362 define Build/Configure
 363         (cd $(PKG_BUILD_DIR); \
 364                 ./Configure $(OPENSSL_TARGET) \
 365                         --prefix=/usr \
 366                         --libdir=lib \
 367                         --openssldir=/etc/ssl \
 368                         --cross-compile-prefix="$(TARGET_CROSS)" \
 369                         $(TARGET_CFLAGS) \
 370                         $(TARGET_CPPFLAGS) \
 371                         $(TARGET_LDFLAGS) \
 372                         $(OPENSSL_OPTIONS) && \
 373                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 374         )
 375 endef
 376
 377 TARGET_CFLAGS += $(FPIC)
 378
 379 define Build/Compile
 380         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 381                 CC="$(TARGET_CC)" \
 382                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 383                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 384                 $(OPENSSL_MAKEFLAGS) \
 385                 all
 386         $(MAKE) -C $(PKG_BUILD_DIR) \
 387                 CC="$(TARGET_CC)" \
 388                 DESTDIR="$(PKG_INSTALL_DIR)" \
 389                 $(OPENSSL_MAKEFLAGS) \
 390                 install_sw install_ssldirs
 391 endef
 392
 393 define Build/InstallDev
 394         $(INSTALL_DIR) $(1)/usr/include
 395         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 396         $(INSTALL_DIR) $(1)/usr/lib/
 397         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 398         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 399         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 400         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 401 endef
 402
 403 define Package/libopenssl/install
 404         $(INSTALL_DIR) $(1)/etc/ssl/certs
 405         $(INSTALL_DIR) $(1)/etc/ssl/private
 406         chmod 0700 $(1)/etc/ssl/private
 407         $(INSTALL_DIR) $(1)/usr/lib
 408         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 409         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 410         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 411 endef
 412
 413 define Package/libopenssl-conf/install
 414         $(INSTALL_DIR) $(1)/etc/ssl/modules.cnf.d $(1)/etc/config $(1)/etc/init.d
 415         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 416         $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
 417         $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
 418         touch $(1)/etc/config/openssl
 419         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
 420                 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/
 421                 echo -e "config engine 'devcrypto'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)
 422         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
 423                 $(CP) ./files/padlock.cnf $(1)/etc/ssl/modules.cnf.d/
 424                 echo -e "\nconfig engine 'padlock'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)
 425 endef
 426
 427 define Package/openssl-util/install
 428         $(INSTALL_DIR) $(1)/usr/bin
 429         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 430 endef
 431
 432 $(eval $(call BuildPackage,libopenssl))
 433 $(eval $(call BuildPackage,libopenssl-conf))
 434 $(eval $(call BuildPackage,libopenssl-afalg))
 435 $(eval $(call BuildPackage,libopenssl-devcrypto))
 436 $(eval $(call BuildPackage,libopenssl-legacy))
 437 $(eval $(call BuildPackage,libopenssl-padlock))
 438 $(eval $(call BuildPackage,openssl-util))