2 # Copyright (C) 2006-2016 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR)/rules.mk
13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
16 ENGINES_DIR=engines-1.1
19 PKG_BUILD_DEPENDS:=cryptodev-linux
21 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
23 http://ftp.fi.muni.cz/pub/openssl/source/ \
24 http://ftp.linux.hr/pub/openssl/source/ \
25 ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
26 http://www.openssl.org/source/ \
27 http://www.openssl.org/source/old/$(PKG_BASE)/
28 PKG_HASH:=fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
31 PKG_LICENSE_FILES:=LICENSE
32 PKG_CPE_ID:=cpe:/a:openssl:openssl
33 PKG_CONFIG_DEPENDS:= \
34 CONFIG_OPENSSL_ENGINE \
35 CONFIG_OPENSSL_ENGINE_CRYPTO \
36 CONFIG_OPENSSL_NO_DEPRECATED \
37 CONFIG_OPENSSL_OPTIMIZE_SPEED \
38 CONFIG_OPENSSL_WITH_ARIA \
39 CONFIG_OPENSSL_WITH_ASM \
40 CONFIG_OPENSSL_WITH_ASYNC \
41 CONFIG_OPENSSL_WITH_BLAKE2 \
42 CONFIG_OPENSSL_WITH_CAMELLIA \
43 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
44 CONFIG_OPENSSL_WITH_CMS \
45 CONFIG_OPENSSL_WITH_COMPRESSION \
46 CONFIG_OPENSSL_WITH_DTLS \
47 CONFIG_OPENSSL_WITH_EC \
48 CONFIG_OPENSSL_WITH_EC2M \
49 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
50 CONFIG_OPENSSL_WITH_GOST \
51 CONFIG_OPENSSL_WITH_IDEA \
52 CONFIG_OPENSSL_WITH_MDC2 \
53 CONFIG_OPENSSL_WITH_NPN \
54 CONFIG_OPENSSL_WITH_PSK \
55 CONFIG_OPENSSL_WITH_RFC3779 \
56 CONFIG_OPENSSL_WITH_SEED \
57 CONFIG_OPENSSL_WITH_SM234 \
58 CONFIG_OPENSSL_WITH_SRP \
59 CONFIG_OPENSSL_WITH_SSE2 \
60 CONFIG_OPENSSL_WITH_TLS13 \
61 CONFIG_OPENSSL_WITH_WHIRLPOOL
63 include $(INCLUDE_DIR)/package.mk
65 ifneq ($(CONFIG_CCACHE),)
66 HOSTCC=$(HOSTCC_NOCACHE)
67 HOSTCXX=$(HOSTCXX_NOCACHE)
70 define Package/openssl/Default
71 TITLE:=Open source SSL toolkit
72 URL:=http://www.openssl.org/
77 define Package/libopenssl/config
78 source "$(SOURCE)/Config.in"
81 define Package/openssl/Default/description
82 The OpenSSL Project is a collaborative effort to develop a robust,
83 commercial-grade, full-featured, and Open Source toolkit implementing the
84 Transport Layer Security (TLS) protocol as well as a full-strength
85 general-purpose cryptography library.
88 define Package/libopenssl
89 $(call Package/openssl/Default)
91 DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
97 define Package/libopenssl/description
98 $(call Package/openssl/Default/description)
99 This package contains the OpenSSL shared libraries, needed by other programs.
102 define Package/openssl-util
103 $(call Package/openssl/Default)
110 define Package/openssl-util/conffiles
114 define Package/openssl-util/description
115 $(call Package/openssl/Default/description)
116 This package contains the OpenSSL command-line utility.
119 define Package/libopenssl-afalg
120 $(call Package/openssl/Default)
122 TITLE:=AFALG hardware acceleration engine
123 DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO @!LINUX_3_18 +kmod-crypto-user
126 define Package/libopenssl-afalg/description
127 This package adds an engine that enables hardware acceleration
128 through the AF_ALG kernel interface.
129 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
130 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
131 The engine_id is "afalg"
134 define Package/libopenssl-padlock
135 $(call Package/openssl/Default)
137 TITLE:=VIA Padlock hardware acceleration engine
138 DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
141 define Package/libopenssl-padlock/description
142 This package adds an engine that enables VIA Padlock hardware acceleration.
143 To use it, you need to configure it in /etc/ssl/openssl.cnf.
144 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
145 The engine_id is "padlock"
148 OPENSSL_OPTIONS:= shared
150 ifndef CONFIG_OPENSSL_WITH_BLAKE2
151 OPENSSL_OPTIONS += no-blake2
154 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
155 OPENSSL_OPTIONS += no-chacha no-poly1305
158 ifndef CONFIG_OPENSSL_WITH_ASYNC
159 OPENSSL_OPTIONS += no-async
162 ifndef CONFIG_OPENSSL_WITH_EC
163 OPENSSL_OPTIONS += no-ec
166 ifndef CONFIG_OPENSSL_WITH_EC2M
167 OPENSSL_OPTIONS += no-ec2m
170 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
171 OPENSSL_OPTIONS += no-err
174 ifndef CONFIG_OPENSSL_WITH_TLS13
175 OPENSSL_OPTIONS += no-tls1_3
178 ifndef CONFIG_OPENSSL_WITH_ARIA
179 OPENSSL_OPTIONS += no-aria
182 ifndef CONFIG_OPENSSL_WITH_SM234
183 OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
186 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
187 OPENSSL_OPTIONS += no-camellia
190 ifndef CONFIG_OPENSSL_WITH_IDEA
191 OPENSSL_OPTIONS += no-idea
194 ifndef CONFIG_OPENSSL_WITH_SEED
195 OPENSSL_OPTIONS += no-seed
198 ifndef CONFIG_OPENSSL_WITH_MDC2
199 OPENSSL_OPTIONS += no-mdc2
202 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
203 OPENSSL_OPTIONS += no-whirlpool
206 ifndef CONFIG_OPENSSL_WITH_CMS
207 OPENSSL_OPTIONS += no-cms
210 ifndef CONFIG_OPENSSL_WITH_RFC3779
211 OPENSSL_OPTIONS += no-rfc3779
214 ifdef CONFIG_OPENSSL_NO_DEPRECATED
215 OPENSSL_OPTIONS += no-deprecated
218 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
219 TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
221 OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
224 ifdef CONFIG_OPENSSL_ENGINE
225 ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
226 OPENSSL_OPTIONS += enable-devcryptoeng
228 ifndef CONFIG_PACKAGE_libopenssl-afalg
229 OPENSSL_OPTIONS += no-afalgeng
231 ifndef CONFIG_PACKAGE_libopenssl-padlock
232 OPENSSL_OPTIONS += no-hw-padlock
235 OPENSSL_OPTIONS += no-engine
238 ifndef CONFIG_OPENSSL_WITH_GOST
239 OPENSSL_OPTIONS += no-gost
242 ifndef CONFIG_OPENSSL_WITH_DTLS
243 OPENSSL_OPTIONS += no-dtls
246 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
247 OPENSSL_OPTIONS += zlib-dynamic
249 OPENSSL_OPTIONS += no-comp
252 ifndef CONFIG_OPENSSL_WITH_NPN
253 OPENSSL_OPTIONS += no-nextprotoneg
256 ifndef CONFIG_OPENSSL_WITH_PSK
257 OPENSSL_OPTIONS += no-psk
260 ifndef CONFIG_OPENSSL_WITH_SRP
261 OPENSSL_OPTIONS += no-srp
264 ifndef CONFIG_OPENSSL_WITH_ASM
265 OPENSSL_OPTIONS += no-asm
269 ifndef CONFIG_OPENSSL_WITH_SSE2
270 OPENSSL_OPTIONS += no-sse2
274 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
276 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
278 define Build/Configure
279 [ -f $(STAMP_CONFIGURED) ] || { \
280 rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
281 find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
283 (cd $(PKG_BUILD_DIR); \
284 ./Configure $(OPENSSL_TARGET) \
287 --openssldir=/etc/ssl \
294 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
295 TARGET_LDFLAGS += -Wl,--gc-sections
298 +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
299 CROSS_COMPILE="$(TARGET_CROSS)" \
301 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
302 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
303 $(OPENSSL_MAKEFLAGS) \
305 $(MAKE) -C $(PKG_BUILD_DIR) \
306 CROSS_COMPILE="$(TARGET_CROSS)" \
308 DESTDIR="$(PKG_INSTALL_DIR)" \
309 $(OPENSSL_MAKEFLAGS) \
310 install_sw install_ssldirs
313 define Build/InstallDev
314 $(INSTALL_DIR) $(1)/usr/include
315 $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
316 $(INSTALL_DIR) $(1)/usr/lib/
317 $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
318 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
319 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
320 [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
323 define Package/libopenssl/install
324 $(INSTALL_DIR) $(1)/etc/ssl/certs
325 $(INSTALL_DIR) $(1)/etc/ssl/private
326 chmod 0700 $(1)/etc/ssl/private
327 $(INSTALL_DIR) $(1)/usr/lib
328 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
329 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
330 $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
333 define Package/openssl-util/install
334 $(INSTALL_DIR) $(1)/etc/ssl
335 $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
336 $(INSTALL_DIR) $(1)/usr/bin
337 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
340 define Package/libopenssl-afalg/install
341 $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
342 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
345 define Package/libopenssl-padlock/install
346 $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
347 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
350 $(eval $(call BuildPackage,libopenssl))
351 $(eval $(call BuildPackage,libopenssl-afalg))
352 $(eval $(call BuildPackage,libopenssl-padlock))
353 $(eval $(call BuildPackage,openssl-util))