package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_VERSION:=3.0.8
  12 PKG_RELEASE:=9
  13 PKG_BUILD_FLAGS:=no-mips16 gc-sections
  14
  15 PKG_BUILD_PARALLEL:=1
  16
  17 PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION))))
  18 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  19 PKG_SOURCE_URL:= \
  20         http://www.openssl.org/source/ \
  21         http://www.openssl.org/source/old/$(PKG_BASE)/ \
  22         http://ftp.fi.muni.cz/pub/openssl/source/ \
  23         http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
  24         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  25         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
  26
  27 PKG_HASH:=6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
  28
  29 PKG_LICENSE:=Apache-2.0
  30 PKG_LICENSE_FILES:=LICENSE
  31 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  32 PKG_CPE_ID:=cpe:/a:openssl:openssl
  33 PKG_CONFIG_DEPENDS:= \
  34         CONFIG_OPENSSL_ENGINE \
  35         CONFIG_OPENSSL_ENGINE_BUILTIN \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  39         CONFIG_OPENSSL_NO_DEPRECATED \
  40         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  41         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  42         CONFIG_OPENSSL_SMALL_FOOTPRINT \
  43         CONFIG_OPENSSL_WITH_ARIA \
  44         CONFIG_OPENSSL_WITH_ASM \
  45         CONFIG_OPENSSL_WITH_ASYNC \
  46         CONFIG_OPENSSL_WITH_BLAKE2 \
  47         CONFIG_OPENSSL_WITH_CAMELLIA \
  48         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  49         CONFIG_OPENSSL_WITH_CMS \
  50         CONFIG_OPENSSL_WITH_COMPRESSION \
  51         CONFIG_OPENSSL_WITH_DTLS \
  52         CONFIG_OPENSSL_WITH_EC2M \
  53         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  54         CONFIG_OPENSSL_WITH_IDEA \
  55         CONFIG_OPENSSL_WITH_MDC2 \
  56         CONFIG_OPENSSL_WITH_NPN \
  57         CONFIG_OPENSSL_WITH_PSK \
  58         CONFIG_OPENSSL_WITH_RFC3779 \
  59         CONFIG_OPENSSL_WITH_SEED \
  60         CONFIG_OPENSSL_WITH_SM234 \
  61         CONFIG_OPENSSL_WITH_SRP \
  62         CONFIG_OPENSSL_WITH_SSE2 \
  63         CONFIG_OPENSSL_WITH_TLS13 \
  64         CONFIG_OPENSSL_WITH_WHIRLPOOL
  65
  66 include $(INCLUDE_DIR)/package.mk
  67 include $(INCLUDE_DIR)/openssl-module.mk
  68
  69 ifneq ($(CONFIG_CCACHE),)
  70 HOSTCC=$(HOSTCC_NOCACHE)
  71 HOSTCXX=$(HOSTCXX_NOCACHE)
  72 endif
  73
  74 define Package/openssl/Default
  75   TITLE:=Open source SSL toolkit
  76   URL:=http://www.openssl.org/
  77   SECTION:=libs
  78   CATEGORY:=Libraries
  79 endef
  80
  81 define Package/libopenssl/config
  82 source "$(SOURCE)/Config.in"
  83 endef
  84
  85 define Package/openssl/Default/description
  86 The OpenSSL Project is a collaborative effort to develop a robust,
  87 commercial-grade, full-featured, and Open Source toolkit implementing the
  88 Transport Layer Security (TLS) protocol as well as a full-strength
  89 general-purpose cryptography library.
  90 endef
  91
  92 define Package/libopenssl
  93 $(call Package/openssl/Default)
  94   SUBMENU:=SSL
  95   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  96            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  97            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  98            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock \
  99            +(arm||armeb||mips||mipsel||powerpc||arc):libatomic
 100   TITLE+= (libraries)
 101   ABI_VERSION:=$(firstword $(subst .,$(space),$(PKG_VERSION)))
 102   MENU:=1
 103 endef
 104
 105 define Package/libopenssl/description
 106 $(call Package/openssl/Default/description)
 107 This package contains the OpenSSL shared libraries, needed by other programs.
 108 endef
 109
 110 define Package/openssl-util
 111   $(call Package/openssl/Default)
 112   SECTION:=utils
 113   CATEGORY:=Utilities
 114   DEPENDS:=+libopenssl +libopenssl-conf
 115   TITLE+= (utility)
 116 endef
 117
 118 define Package/openssl-util/description
 119 $(call Package/openssl/Default/description)
 120 This package contains the OpenSSL command-line utility.
 121 endef
 122
 123 define Package/libopenssl-conf
 124   $(call Package/openssl/Default)
 125   SUBMENU:=SSL
 126   TITLE:=/etc/ssl/openssl.cnf config file
 127   DEPENDS:=libopenssl
 128 endef
 129
 130 define Package/libopenssl-conf/conffiles
 131 /etc/ssl/openssl.cnf
 132 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/modules.cnf.d/devcrypto.cnf)
 133 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/modules.cnf.d/padlock.cnf)
 134 endef
 135
 136 define Package/libopenssl-conf/description
 137 $(call Package/openssl/Default/description)
 138 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 139 endef
 140
 141 ifneq ($(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK)$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),)
 142 define Package/libopenssl-conf/postinst
 143 #!/bin/sh
 144 OPENSSL_UCI="$${IPKG_INSTROOT}/etc/config/openssl"
 145
 146 add_engine_config() {
 147         if [ -z "$${IPKG_INSTROOT}" ] && uci -q get "openssl.$$1" >/dev/null; then
 148                 [ "$$(uci -q get "openssl.$$1.builtin")" = 1 ] && return
 149                 uci set "openssl.$$1.builtin=1" && uci commit openssl
 150                 return
 151         fi
 152         {
 153                 echo "engine '$$1'"
 154                 echo "  option enabled '1'"
 155                 echo "  option builtin '1'"
 156                 echo
 157         } >>"$${OPENSSL_UCI}"
 158 }
 159
 160 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),add_engine_config devcrypto)
 161 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),add_engine_config padlock)
 162 endef
 163 endif
 164
 165 $(eval $(call Package/openssl/add-provider,legacy))
 166 define Package/libopenssl-legacy
 167   $(call Package/openssl/Default)
 168   $(call Package/openssl/module/Default)
 169   TITLE:=OpenSSL legacy provider
 170 endef
 171
 172 define Package/libopenssl-legacy/description
 173 The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that
 174 have been deemed legacy. Such algorithms have commonly fallen out of use, have
 175 been deemed insecure by the cryptography community, or something similar.  See
 176 https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
 177 endef
 178
 179 $(eval $(call Package/openssl/add-engine,afalg))
 180 define Package/libopenssl-afalg
 181   $(call Package/openssl/Default)
 182   $(call Package/openssl/engine/Default)
 183   TITLE:=AFALG hardware acceleration engine
 184   DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
 185              @!OPENSSL_ENGINE_BUILTIN
 186 endef
 187
 188 define Package/libopenssl-afalg/description
 189 This package adds an engine that enables hardware acceleration
 190 through the AF_ALG kernel interface.
 191 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 192 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 193 The engine_id is "afalg"
 194 endef
 195
 196 $(eval $(call Package/openssl/add-engine,devcrypto))
 197 define Package/libopenssl-devcrypto
 198   $(call Package/openssl/Default)
 199   $(call Package/openssl/engine/Default)
 200   TITLE:=/dev/crypto hardware acceleration engine
 201   DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
 202 endef
 203
 204 define Package/libopenssl-devcrypto/description
 205 This package adds an engine that enables hardware acceleration
 206 through the /dev/crypto kernel interface.
 207 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 208 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 209 The engine_id is "devcrypto"
 210 endef
 211
 212 $(eval $(call Package/openssl/add-engine,padlock))
 213 define Package/libopenssl-padlock
 214   $(call Package/openssl/Default)
 215   $(call Package/openssl/engine/Default)
 216   TITLE:=VIA Padlock hardware acceleration engine
 217   DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
 218              @!OPENSSL_ENGINE_BUILTIN
 219 endef
 220
 221 define Package/libopenssl-padlock/description
 222 This package adds an engine that enables VIA Padlock hardware acceleration.
 223 See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
 224 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 225 The engine_id is "padlock"
 226 endef
 227
 228 OPENSSL_OPTIONS:= shared no-tests
 229
 230 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 231   OPENSSL_OPTIONS += no-blake2
 232 endif
 233
 234 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 235   OPENSSL_OPTIONS += no-chacha no-poly1305
 236 else
 237   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 238     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 239   endif
 240 endif
 241
 242 ifndef CONFIG_OPENSSL_WITH_ASYNC
 243   OPENSSL_OPTIONS += no-async
 244 endif
 245
 246 ifndef CONFIG_OPENSSL_WITH_EC2M
 247   OPENSSL_OPTIONS += no-ec2m
 248 endif
 249
 250 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 251   OPENSSL_OPTIONS += no-err
 252 endif
 253
 254 ifndef CONFIG_OPENSSL_WITH_TLS13
 255   OPENSSL_OPTIONS += no-tls1_3
 256 endif
 257
 258 ifndef CONFIG_OPENSSL_WITH_ARIA
 259   OPENSSL_OPTIONS += no-aria
 260 endif
 261
 262 ifndef CONFIG_OPENSSL_WITH_SM234
 263   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 264 endif
 265
 266 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 267   OPENSSL_OPTIONS += no-camellia
 268 endif
 269
 270 ifndef CONFIG_OPENSSL_WITH_IDEA
 271   OPENSSL_OPTIONS += no-idea
 272 endif
 273
 274 ifndef CONFIG_OPENSSL_WITH_SEED
 275   OPENSSL_OPTIONS += no-seed
 276 endif
 277
 278 ifndef CONFIG_OPENSSL_WITH_MDC2
 279   OPENSSL_OPTIONS += no-mdc2
 280 endif
 281
 282 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 283   OPENSSL_OPTIONS += no-whirlpool
 284 endif
 285
 286 ifndef CONFIG_OPENSSL_WITH_CMS
 287   OPENSSL_OPTIONS += no-cms
 288 endif
 289
 290 ifndef CONFIG_OPENSSL_WITH_RFC3779
 291   OPENSSL_OPTIONS += no-rfc3779
 292 endif
 293
 294 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 295   OPENSSL_OPTIONS += no-deprecated
 296 endif
 297
 298 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 299   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 300 endif
 301
 302 ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
 303   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 304 endif
 305
 306 ifdef CONFIG_OPENSSL_ENGINE
 307   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 308     OPENSSL_OPTIONS += disable-dynamic-engine
 309     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 310       OPENSSL_OPTIONS += no-afalgeng
 311     endif
 312     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 313       OPENSSL_OPTIONS += enable-devcryptoeng
 314     endif
 315     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 316       OPENSSL_OPTIONS += no-padlockeng
 317     endif
 318   else
 319     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 320       OPENSSL_OPTIONS += enable-devcryptoeng
 321     endif
 322     ifndef CONFIG_PACKAGE_libopenssl-afalg
 323       OPENSSL_OPTIONS += no-afalgeng
 324     endif
 325     ifndef CONFIG_PACKAGE_libopenssl-padlock
 326       OPENSSL_OPTIONS += no-padlockeng
 327     endif
 328   endif
 329 else
 330   OPENSSL_OPTIONS += no-engine
 331 endif
 332
 333 ifndef CONFIG_OPENSSL_WITH_DTLS
 334   OPENSSL_OPTIONS += no-dtls
 335 endif
 336
 337 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 338   OPENSSL_OPTIONS += zlib-dynamic
 339 else
 340   OPENSSL_OPTIONS += no-comp
 341 endif
 342
 343 ifndef CONFIG_OPENSSL_WITH_NPN
 344   OPENSSL_OPTIONS += no-nextprotoneg
 345 endif
 346
 347 ifndef CONFIG_OPENSSL_WITH_PSK
 348   OPENSSL_OPTIONS += no-psk
 349 endif
 350
 351 ifndef CONFIG_OPENSSL_WITH_SRP
 352   OPENSSL_OPTIONS += no-srp
 353 endif
 354
 355 ifndef CONFIG_OPENSSL_WITH_ASM
 356   OPENSSL_OPTIONS += no-asm
 357 endif
 358
 359 ifdef CONFIG_i386
 360   ifndef CONFIG_OPENSSL_WITH_SSE2
 361     OPENSSL_OPTIONS += no-sse2
 362   endif
 363 endif
 364
 365 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 366
 367 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
 368
 369 define Build/Configure
 370         (cd $(PKG_BUILD_DIR); \
 371                 ./Configure $(OPENSSL_TARGET) \
 372                         --prefix=/usr \
 373                         --libdir=lib \
 374                         --openssldir=/etc/ssl \
 375                         --cross-compile-prefix="$(TARGET_CROSS)" \
 376                         $(TARGET_CPPFLAGS) \
 377                         $(TARGET_LDFLAGS) \
 378                         $(OPENSSL_OPTIONS) && \
 379                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 380         )
 381 endef
 382
 383 TARGET_CFLAGS += $(FPIC)
 384
 385 define Build/Compile
 386         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 387                 CC="$(TARGET_CC)" \
 388                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 389                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 390                 $(OPENSSL_MAKEFLAGS) \
 391                 all
 392         $(MAKE) -C $(PKG_BUILD_DIR) \
 393                 CC="$(TARGET_CC)" \
 394                 DESTDIR="$(PKG_INSTALL_DIR)" \
 395                 $(OPENSSL_MAKEFLAGS) \
 396                 install_sw install_ssldirs
 397 endef
 398
 399 define Build/InstallDev
 400         $(INSTALL_DIR) $(1)/usr/include
 401         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 402         $(INSTALL_DIR) $(1)/usr/lib/
 403         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 404         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 405         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 406         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 407 endef
 408
 409 define Package/libopenssl/install
 410         $(INSTALL_DIR) $(1)/etc/ssl/certs
 411         $(INSTALL_DIR) $(1)/etc/ssl/private
 412         chmod 0700 $(1)/etc/ssl/private
 413         $(INSTALL_DIR) $(1)/usr/lib
 414         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 415         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 416         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 417 endef
 418
 419 define Package/libopenssl-conf/install
 420         $(INSTALL_DIR) $(1)/etc/ssl/modules.cnf.d $(1)/etc/config $(1)/etc/init.d
 421         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 422         $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
 423         $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
 424         touch $(1)/etc/config/openssl
 425         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
 426                 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/
 427                 echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
 428         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
 429                 $(CP) ./files/padlock.cnf $(1)/etc/ssl/modules.cnf.d/
 430                 echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
 431 endef
 432
 433 define Package/openssl-util/install
 434         $(INSTALL_DIR) $(1)/usr/bin
 435         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 436 endef
 437
 438 $(eval $(call BuildPackage,libopenssl))
 439 $(eval $(call BuildPackage,libopenssl-conf))
 440 $(eval $(call BuildPackage,libopenssl-afalg))
 441 $(eval $(call BuildPackage,libopenssl-devcrypto))
 442 $(eval $(call BuildPackage,libopenssl-legacy))
 443 $(eval $(call BuildPackage,libopenssl-padlock))
 444 $(eval $(call BuildPackage,openssl-util))