package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_BASE:=1.1.1
  12 PKG_BUGFIX:=g
  13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  14 PKG_RELEASE:=1
  15 PKG_USE_MIPS16:=0
  16 ENGINES_DIR=engines-1.1
  17
  18 PKG_BUILD_PARALLEL:=1
  19
  20 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  21 PKG_SOURCE_URL:= \
  22         http://ftp.fi.muni.cz/pub/openssl/source/ \
  23         http://ftp.linux.hr/pub/openssl/source/ \
  24         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  25         http://www.openssl.org/source/ \
  26         http://www.openssl.org/source/old/$(PKG_BASE)/
  27 PKG_HASH:=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
  28
  29 PKG_LICENSE:=OpenSSL
  30 PKG_LICENSE_FILES:=LICENSE
  31 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  32 PKG_CPE_ID:=cpe:/a:openssl:openssl
  33 PKG_CONFIG_DEPENDS:= \
  34         CONFIG_OPENSSL_ENGINE \
  35         CONFIG_OPENSSL_ENGINE_BUILTIN \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  39         CONFIG_OPENSSL_NO_DEPRECATED \
  40         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  41         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  42         CONFIG_OPENSSL_WITH_ARIA \
  43         CONFIG_OPENSSL_WITH_ASM \
  44         CONFIG_OPENSSL_WITH_ASYNC \
  45         CONFIG_OPENSSL_WITH_BLAKE2 \
  46         CONFIG_OPENSSL_WITH_CAMELLIA \
  47         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  48         CONFIG_OPENSSL_WITH_CMS \
  49         CONFIG_OPENSSL_WITH_COMPRESSION \
  50         CONFIG_OPENSSL_WITH_DTLS \
  51         CONFIG_OPENSSL_WITH_EC2M \
  52         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  53         CONFIG_OPENSSL_WITH_GOST \
  54         CONFIG_OPENSSL_WITH_IDEA \
  55         CONFIG_OPENSSL_WITH_MDC2 \
  56         CONFIG_OPENSSL_WITH_NPN \
  57         CONFIG_OPENSSL_WITH_PSK \
  58         CONFIG_OPENSSL_WITH_RFC3779 \
  59         CONFIG_OPENSSL_WITH_SEED \
  60         CONFIG_OPENSSL_WITH_SM234 \
  61         CONFIG_OPENSSL_WITH_SRP \
  62         CONFIG_OPENSSL_WITH_SSE2 \
  63         CONFIG_OPENSSL_WITH_TLS13 \
  64         CONFIG_OPENSSL_WITH_WHIRLPOOL
  65
  66 include $(INCLUDE_DIR)/package.mk
  67
  68 ifneq ($(CONFIG_CCACHE),)
  69 HOSTCC=$(HOSTCC_NOCACHE)
  70 HOSTCXX=$(HOSTCXX_NOCACHE)
  71 endif
  72
  73 define Package/openssl/Default
  74   TITLE:=Open source SSL toolkit
  75   URL:=http://www.openssl.org/
  76   SECTION:=libs
  77   CATEGORY:=Libraries
  78 endef
  79
  80 define Package/libopenssl/config
  81 source "$(SOURCE)/Config.in"
  82 endef
  83
  84 define Package/openssl/Default/description
  85 The OpenSSL Project is a collaborative effort to develop a robust,
  86 commercial-grade, full-featured, and Open Source toolkit implementing the
  87 Transport Layer Security (TLS) protocol as well as a full-strength
  88 general-purpose cryptography library.
  89 endef
  90
  91 define Package/libopenssl
  92 $(call Package/openssl/Default)
  93   SUBMENU:=SSL
  94   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  95            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  96            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  97            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
  98   TITLE+= (libraries)
  99   ABI_VERSION:=1.1
 100   MENU:=1
 101 endef
 102
 103 define Package/libopenssl/description
 104 $(call Package/openssl/Default/description)
 105 This package contains the OpenSSL shared libraries, needed by other programs.
 106 endef
 107
 108 define Package/openssl-util
 109   $(call Package/openssl/Default)
 110   SECTION:=utils
 111   CATEGORY:=Utilities
 112   DEPENDS:=+libopenssl +libopenssl-conf
 113   TITLE+= (utility)
 114 endef
 115
 116 define Package/openssl-util/description
 117 $(call Package/openssl/Default/description)
 118 This package contains the OpenSSL command-line utility.
 119 endef
 120
 121 define Package/libopenssl-conf
 122   $(call Package/openssl/Default)
 123   SUBMENU:=SSL
 124   TITLE:=/etc/ssl/openssl.cnf config file
 125   DEPENDS:=libopenssl
 126 endef
 127
 128 define Package/libopenssl-conf/conffiles
 129 /etc/ssl/openssl.cnf
 130 endef
 131
 132 define Package/libopenssl-conf/description
 133 $(call Package/openssl/Default/description)
 134 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 135 endef
 136
 137 define Package/libopenssl-afalg
 138   $(call Package/openssl/Default)
 139   SUBMENU:=SSL
 140   TITLE:=AFALG hardware acceleration engine
 141   DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \
 142            +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 143 endef
 144
 145 define Package/libopenssl-afalg/description
 146 This package adds an engine that enables hardware acceleration
 147 through the AF_ALG kernel interface.
 148 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 149 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 150 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 151 The engine_id is "afalg"
 152 endef
 153
 154 define Package/libopenssl-devcrypto
 155   $(call Package/openssl/Default)
 156   SUBMENU:=SSL
 157   TITLE:=/dev/crypto hardware acceleration engine
 158   DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \
 159            @!OPENSSL_ENGINE_BUILTIN
 160 endef
 161
 162 define Package/libopenssl-devcrypto/description
 163 This package adds an engine that enables hardware acceleration
 164 through the /dev/crypto kernel interface.
 165 To use it, you need to configure the engine in /etc/ssl/openssl.cnf
 166 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 167 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 168 The engine_id is "devcrypto"
 169 endef
 170
 171 define Package/libopenssl-padlock
 172   $(call Package/openssl/Default)
 173   SUBMENU:=SSL
 174   TITLE:=VIA Padlock hardware acceleration engine
 175   DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
 176            +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN
 177 endef
 178
 179 define Package/libopenssl-padlock/description
 180 This package adds an engine that enables VIA Padlock hardware acceleration.
 181 To use it, you need to configure it in /etc/ssl/openssl.cnf.
 182 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 183 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 184 The engine_id is "padlock"
 185 endef
 186
 187 OPENSSL_OPTIONS:= shared
 188
 189 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 190   OPENSSL_OPTIONS += no-blake2
 191 endif
 192
 193 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 194   OPENSSL_OPTIONS += no-chacha no-poly1305
 195 else
 196   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 197     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 198   endif
 199 endif
 200
 201 ifndef CONFIG_OPENSSL_WITH_ASYNC
 202   OPENSSL_OPTIONS += no-async
 203 endif
 204
 205 ifndef CONFIG_OPENSSL_WITH_EC2M
 206   OPENSSL_OPTIONS += no-ec2m
 207 endif
 208
 209 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 210   OPENSSL_OPTIONS += no-err
 211 endif
 212
 213 ifndef CONFIG_OPENSSL_WITH_TLS13
 214   OPENSSL_OPTIONS += no-tls1_3
 215 endif
 216
 217 ifndef CONFIG_OPENSSL_WITH_ARIA
 218   OPENSSL_OPTIONS += no-aria
 219 endif
 220
 221 ifndef CONFIG_OPENSSL_WITH_SM234
 222   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 223 endif
 224
 225 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 226   OPENSSL_OPTIONS += no-camellia
 227 endif
 228
 229 ifndef CONFIG_OPENSSL_WITH_IDEA
 230   OPENSSL_OPTIONS += no-idea
 231 endif
 232
 233 ifndef CONFIG_OPENSSL_WITH_SEED
 234   OPENSSL_OPTIONS += no-seed
 235 endif
 236
 237 ifndef CONFIG_OPENSSL_WITH_MDC2
 238   OPENSSL_OPTIONS += no-mdc2
 239 endif
 240
 241 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 242   OPENSSL_OPTIONS += no-whirlpool
 243 endif
 244
 245 ifndef CONFIG_OPENSSL_WITH_CMS
 246   OPENSSL_OPTIONS += no-cms
 247 endif
 248
 249 ifndef CONFIG_OPENSSL_WITH_RFC3779
 250   OPENSSL_OPTIONS += no-rfc3779
 251 endif
 252
 253 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 254   OPENSSL_OPTIONS += no-deprecated
 255 endif
 256
 257 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 258   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 259 else
 260   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 261 endif
 262
 263 ifdef CONFIG_OPENSSL_ENGINE
 264   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 265     OPENSSL_OPTIONS += disable-dynamic-engine
 266     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 267       OPENSSL_OPTIONS += no-afalgeng
 268     endif
 269     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 270       OPENSSL_OPTIONS += enable-devcryptoeng
 271     endif
 272     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 273       OPENSSL_OPTIONS += no-hw-padlock
 274     endif
 275   else
 276     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 277       OPENSSL_OPTIONS += enable-devcryptoeng
 278     endif
 279     ifndef CONFIG_PACKAGE_libopenssl-afalg
 280       OPENSSL_OPTIONS += no-afalgeng
 281     endif
 282     ifndef CONFIG_PACKAGE_libopenssl-padlock
 283       OPENSSL_OPTIONS += no-hw-padlock
 284     endif
 285   endif
 286 else
 287   OPENSSL_OPTIONS += no-engine
 288 endif
 289
 290 ifndef CONFIG_OPENSSL_WITH_GOST
 291   OPENSSL_OPTIONS += no-gost
 292 endif
 293
 294 ifndef CONFIG_OPENSSL_WITH_DTLS
 295   OPENSSL_OPTIONS += no-dtls
 296 endif
 297
 298 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 299   OPENSSL_OPTIONS += zlib-dynamic
 300 else
 301   OPENSSL_OPTIONS += no-comp
 302 endif
 303
 304 ifndef CONFIG_OPENSSL_WITH_NPN
 305   OPENSSL_OPTIONS += no-nextprotoneg
 306 endif
 307
 308 ifndef CONFIG_OPENSSL_WITH_PSK
 309   OPENSSL_OPTIONS += no-psk
 310 endif
 311
 312 ifndef CONFIG_OPENSSL_WITH_SRP
 313   OPENSSL_OPTIONS += no-srp
 314 endif
 315
 316 ifndef CONFIG_OPENSSL_WITH_ASM
 317   OPENSSL_OPTIONS += no-asm
 318 endif
 319
 320 ifdef CONFIG_i386
 321   ifndef CONFIG_OPENSSL_WITH_SSE2
 322     OPENSSL_OPTIONS += no-sse2
 323   endif
 324 endif
 325
 326 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-librecmc
 327
 328 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 329
 330 define Build/Configure
 331         (cd $(PKG_BUILD_DIR); \
 332                 ./Configure $(OPENSSL_TARGET) \
 333                         --prefix=/usr \
 334                         --libdir=lib \
 335                         --openssldir=/etc/ssl \
 336                         $(TARGET_CPPFLAGS) \
 337                         $(TARGET_LDFLAGS) \
 338                         $(OPENSSL_OPTIONS) && \
 339                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 340         )
 341 endef
 342
 343 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 344 TARGET_LDFLAGS += -Wl,--gc-sections
 345
 346 define Build/Compile
 347         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 348                 CROSS_COMPILE="$(TARGET_CROSS)" \
 349                 CC="$(TARGET_CC)" \
 350                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 351                 LIBRECMC_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 352                 $(OPENSSL_MAKEFLAGS) \
 353                 all
 354         $(MAKE) -C $(PKG_BUILD_DIR) \
 355                 CROSS_COMPILE="$(TARGET_CROSS)" \
 356                 CC="$(TARGET_CC)" \
 357                 DESTDIR="$(PKG_INSTALL_DIR)" \
 358                 $(OPENSSL_MAKEFLAGS) \
 359                 install_sw install_ssldirs
 360 endef
 361
 362 define Build/InstallDev
 363         $(INSTALL_DIR) $(1)/usr/include
 364         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 365         $(INSTALL_DIR) $(1)/usr/lib/
 366         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 367         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 368         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 369         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 370 endef
 371
 372 define Package/libopenssl/install
 373         $(INSTALL_DIR) $(1)/etc/ssl/certs
 374         $(INSTALL_DIR) $(1)/etc/ssl/private
 375         chmod 0700 $(1)/etc/ssl/private
 376         $(INSTALL_DIR) $(1)/usr/lib
 377         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 378         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 379         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 380 endef
 381
 382 define Package/libopenssl-conf/install
 383         $(INSTALL_DIR) $(1)/etc/ssl
 384         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 385 endef
 386
 387 define Package/openssl-util/install
 388         $(INSTALL_DIR) $(1)/usr/bin
 389         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 390 endef
 391
 392 define Package/libopenssl-afalg/install
 393         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 394         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR)
 395 endef
 396
 397 define Package/libopenssl-devcrypto/install
 398         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 399         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR)
 400 endef
 401
 402 define Package/libopenssl-padlock/install
 403         $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
 404         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
 405 endef
 406
 407 $(eval $(call BuildPackage,libopenssl))
 408 $(eval $(call BuildPackage,libopenssl-conf))
 409 $(eval $(call BuildPackage,libopenssl-afalg))
 410 $(eval $(call BuildPackage,libopenssl-devcrypto))
 411 $(eval $(call BuildPackage,libopenssl-padlock))
 412 $(eval $(call BuildPackage,openssl-util))