package/libs/openssl/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9
  10 PKG_NAME:=openssl
  11 PKG_BASE:=1.1.1
  12 PKG_BUGFIX:=m
  13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
  14 PKG_RELEASE:=2
  15 PKG_USE_MIPS16:=0
  16
  17 PKG_BUILD_PARALLEL:=1
  18
  19 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
  20 PKG_SOURCE_URL:= \
  21         http://www.openssl.org/source/ \
  22         http://www.openssl.org/source/old/$(PKG_BASE)/ \
  23         http://ftp.fi.muni.cz/pub/openssl/source/ \
  24         http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
  25         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
  26         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
  27
  28 PKG_HASH:=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
  29
  30 PKG_LICENSE:=OpenSSL
  31 PKG_LICENSE_FILES:=LICENSE
  32 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
  33 PKG_CPE_ID:=cpe:/a:openssl:openssl
  34 PKG_CONFIG_DEPENDS:= \
  35         CONFIG_OPENSSL_ENGINE \
  36         CONFIG_OPENSSL_ENGINE_BUILTIN \
  37         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
  38         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
  39         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
  40         CONFIG_OPENSSL_NO_DEPRECATED \
  41         CONFIG_OPENSSL_OPTIMIZE_SPEED \
  42         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
  43         CONFIG_OPENSSL_WITH_ARIA \
  44         CONFIG_OPENSSL_WITH_ASM \
  45         CONFIG_OPENSSL_WITH_ASYNC \
  46         CONFIG_OPENSSL_WITH_BLAKE2 \
  47         CONFIG_OPENSSL_WITH_CAMELLIA \
  48         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
  49         CONFIG_OPENSSL_WITH_CMS \
  50         CONFIG_OPENSSL_WITH_COMPRESSION \
  51         CONFIG_OPENSSL_WITH_DTLS \
  52         CONFIG_OPENSSL_WITH_EC2M \
  53         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
  54         CONFIG_OPENSSL_WITH_IDEA \
  55         CONFIG_OPENSSL_WITH_MDC2 \
  56         CONFIG_OPENSSL_WITH_NPN \
  57         CONFIG_OPENSSL_WITH_PSK \
  58         CONFIG_OPENSSL_WITH_RFC3779 \
  59         CONFIG_OPENSSL_WITH_SEED \
  60         CONFIG_OPENSSL_WITH_SM234 \
  61         CONFIG_OPENSSL_WITH_SRP \
  62         CONFIG_OPENSSL_WITH_SSE2 \
  63         CONFIG_OPENSSL_WITH_TLS13 \
  64         CONFIG_OPENSSL_WITH_WHIRLPOOL
  65
  66 include $(INCLUDE_DIR)/package.mk
  67 include engine.mk
  68
  69 ifneq ($(CONFIG_CCACHE),)
  70 HOSTCC=$(HOSTCC_NOCACHE)
  71 HOSTCXX=$(HOSTCXX_NOCACHE)
  72 endif
  73
  74 define Package/openssl/Default
  75   TITLE:=Open source SSL toolkit
  76   URL:=http://www.openssl.org/
  77   SECTION:=libs
  78   CATEGORY:=Libraries
  79 endef
  80
  81 define Package/libopenssl/config
  82 source "$(SOURCE)/Config.in"
  83 endef
  84
  85 define Package/openssl/Default/description
  86 The OpenSSL Project is a collaborative effort to develop a robust,
  87 commercial-grade, full-featured, and Open Source toolkit implementing the
  88 Transport Layer Security (TLS) protocol as well as a full-strength
  89 general-purpose cryptography library.
  90 endef
  91
  92 define Package/libopenssl
  93 $(call Package/openssl/Default)
  94   SUBMENU:=SSL
  95   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
  96            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
  97            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
  98            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
  99   TITLE+= (libraries)
 100   ABI_VERSION:=1.1
 101   MENU:=1
 102 endef
 103
 104 define Package/libopenssl/description
 105 $(call Package/openssl/Default/description)
 106 This package contains the OpenSSL shared libraries, needed by other programs.
 107 endef
 108
 109 define Package/openssl-util
 110   $(call Package/openssl/Default)
 111   SECTION:=utils
 112   CATEGORY:=Utilities
 113   DEPENDS:=+libopenssl +libopenssl-conf
 114   TITLE+= (utility)
 115 endef
 116
 117 define Package/openssl-util/description
 118 $(call Package/openssl/Default/description)
 119 This package contains the OpenSSL command-line utility.
 120 endef
 121
 122 define Package/libopenssl-conf
 123   $(call Package/openssl/Default)
 124   SUBMENU:=SSL
 125   TITLE:=/etc/ssl/openssl.cnf config file
 126   DEPENDS:=libopenssl
 127 endef
 128
 129 define Package/libopenssl-conf/conffiles
 130 /etc/ssl/openssl.cnf
 131 /etc/ssl/engines.cnf.d/engines.cnf
 132 $(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
 133 $(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
 134 endef
 135
 136 define Package/libopenssl-conf/description
 137 $(call Package/openssl/Default/description)
 138 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
 139 endef
 140
 141 $(eval $(call Package/openssl/add-engine,afalg))
 142 define Package/libopenssl-afalg
 143   $(call Package/openssl/Default)
 144   $(call Package/openssl/engine/Default)
 145   TITLE:=AFALG hardware acceleration engine
 146   DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
 147              @!OPENSSL_ENGINE_BUILTIN
 148 endef
 149
 150 define Package/libopenssl-afalg/description
 151 This package adds an engine that enables hardware acceleration
 152 through the AF_ALG kernel interface.
 153 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 154 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 155 The engine_id is "afalg"
 156 endef
 157
 158 $(eval $(call Package/openssl/add-engine,devcrypto))
 159 define Package/libopenssl-devcrypto
 160   $(call Package/openssl/Default)
 161   $(call Package/openssl/engine/Default)
 162   TITLE:=/dev/crypto hardware acceleration engine
 163   DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
 164 endef
 165
 166 define Package/libopenssl-devcrypto/description
 167 This package adds an engine that enables hardware acceleration
 168 through the /dev/crypto kernel interface.
 169 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 170 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 171 The engine_id is "devcrypto"
 172 endef
 173
 174 $(eval $(call Package/openssl/add-engine,padlock))
 175 define Package/libopenssl-padlock
 176   $(call Package/openssl/Default)
 177   $(call Package/openssl/engine/Default)
 178   TITLE:=VIA Padlock hardware acceleration engine
 179   DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
 180              @!OPENSSL_ENGINE_BUILTIN
 181 endef
 182
 183 define Package/libopenssl-padlock/description
 184 This package adds an engine that enables VIA Padlock hardware acceleration.
 185 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 186 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 187 The engine_id is "padlock"
 188 endef
 189
 190 OPENSSL_OPTIONS:= shared
 191
 192 ifndef CONFIG_OPENSSL_WITH_BLAKE2
 193   OPENSSL_OPTIONS += no-blake2
 194 endif
 195
 196 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
 197   OPENSSL_OPTIONS += no-chacha no-poly1305
 198 else
 199   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
 200     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
 201   endif
 202 endif
 203
 204 ifndef CONFIG_OPENSSL_WITH_ASYNC
 205   OPENSSL_OPTIONS += no-async
 206 endif
 207
 208 ifndef CONFIG_OPENSSL_WITH_EC2M
 209   OPENSSL_OPTIONS += no-ec2m
 210 endif
 211
 212 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
 213   OPENSSL_OPTIONS += no-err
 214 endif
 215
 216 ifndef CONFIG_OPENSSL_WITH_TLS13
 217   OPENSSL_OPTIONS += no-tls1_3
 218 endif
 219
 220 ifndef CONFIG_OPENSSL_WITH_ARIA
 221   OPENSSL_OPTIONS += no-aria
 222 endif
 223
 224 ifndef CONFIG_OPENSSL_WITH_SM234
 225   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
 226 endif
 227
 228 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
 229   OPENSSL_OPTIONS += no-camellia
 230 endif
 231
 232 ifndef CONFIG_OPENSSL_WITH_IDEA
 233   OPENSSL_OPTIONS += no-idea
 234 endif
 235
 236 ifndef CONFIG_OPENSSL_WITH_SEED
 237   OPENSSL_OPTIONS += no-seed
 238 endif
 239
 240 ifndef CONFIG_OPENSSL_WITH_MDC2
 241   OPENSSL_OPTIONS += no-mdc2
 242 endif
 243
 244 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
 245   OPENSSL_OPTIONS += no-whirlpool
 246 endif
 247
 248 ifndef CONFIG_OPENSSL_WITH_CMS
 249   OPENSSL_OPTIONS += no-cms
 250 endif
 251
 252 ifndef CONFIG_OPENSSL_WITH_RFC3779
 253   OPENSSL_OPTIONS += no-rfc3779
 254 endif
 255
 256 ifdef CONFIG_OPENSSL_NO_DEPRECATED
 257   OPENSSL_OPTIONS += no-deprecated
 258 endif
 259
 260 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
 261   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
 262 else
 263   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 264 endif
 265
 266 ifdef CONFIG_OPENSSL_ENGINE
 267   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 268     OPENSSL_OPTIONS += disable-dynamic-engine
 269     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
 270       OPENSSL_OPTIONS += no-afalgeng
 271     endif
 272     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
 273       OPENSSL_OPTIONS += enable-devcryptoeng
 274     endif
 275     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
 276       OPENSSL_OPTIONS += no-hw-padlock
 277     endif
 278   else
 279     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
 280       OPENSSL_OPTIONS += enable-devcryptoeng
 281     endif
 282     ifndef CONFIG_PACKAGE_libopenssl-afalg
 283       OPENSSL_OPTIONS += no-afalgeng
 284     endif
 285     ifndef CONFIG_PACKAGE_libopenssl-padlock
 286       OPENSSL_OPTIONS += no-hw-padlock
 287     endif
 288   endif
 289 else
 290   OPENSSL_OPTIONS += no-engine
 291 endif
 292
 293 ifndef CONFIG_OPENSSL_WITH_DTLS
 294   OPENSSL_OPTIONS += no-dtls
 295 endif
 296
 297 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
 298   OPENSSL_OPTIONS += zlib-dynamic
 299 else
 300   OPENSSL_OPTIONS += no-comp
 301 endif
 302
 303 ifndef CONFIG_OPENSSL_WITH_NPN
 304   OPENSSL_OPTIONS += no-nextprotoneg
 305 endif
 306
 307 ifndef CONFIG_OPENSSL_WITH_PSK
 308   OPENSSL_OPTIONS += no-psk
 309 endif
 310
 311 ifndef CONFIG_OPENSSL_WITH_SRP
 312   OPENSSL_OPTIONS += no-srp
 313 endif
 314
 315 ifndef CONFIG_OPENSSL_WITH_ASM
 316   OPENSSL_OPTIONS += no-asm
 317 endif
 318
 319 ifdef CONFIG_i386
 320   ifndef CONFIG_OPENSSL_WITH_SSE2
 321     OPENSSL_OPTIONS += no-sse2
 322   endif
 323 endif
 324
 325 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
 326
 327 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
 328
 329 define Build/Configure
 330         (cd $(PKG_BUILD_DIR); \
 331                 ./Configure $(OPENSSL_TARGET) \
 332                         --prefix=/usr \
 333                         --libdir=lib \
 334                         --openssldir=/etc/ssl \
 335                         --cross-compile-prefix="$(TARGET_CROSS)" \
 336                         $(TARGET_CPPFLAGS) \
 337                         $(TARGET_LDFLAGS) \
 338                         $(OPENSSL_OPTIONS) && \
 339                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
 340         )
 341 endef
 342
 343 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
 344 TARGET_LDFLAGS += -Wl,--gc-sections
 345
 346 define Build/Compile
 347         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 348                 CC="$(TARGET_CC)" \
 349                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 350                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
 351                 $(OPENSSL_MAKEFLAGS) \
 352                 all
 353         $(MAKE) -C $(PKG_BUILD_DIR) \
 354                 CC="$(TARGET_CC)" \
 355                 DESTDIR="$(PKG_INSTALL_DIR)" \
 356                 $(OPENSSL_MAKEFLAGS) \
 357                 install_sw install_ssldirs
 358 endef
 359
 360 define Build/InstallDev
 361         $(INSTALL_DIR) $(1)/usr/include
 362         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
 363         $(INSTALL_DIR) $(1)/usr/lib/
 364         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
 365         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 366         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
 367         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
 368 endef
 369
 370 define Package/libopenssl/install
 371         $(INSTALL_DIR) $(1)/etc/ssl/certs
 372         $(INSTALL_DIR) $(1)/etc/ssl/private
 373         chmod 0700 $(1)/etc/ssl/private
 374         $(INSTALL_DIR) $(1)/usr/lib
 375         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
 376         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
 377         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
 378 endef
 379
 380 define Package/libopenssl-conf/install
 381         $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d
 382         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
 383         $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/
 384         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
 385                 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
 386                 echo devcrypto=devcrypto >> $(1)/etc/ssl/engines.cnf.d/engines.cnf)
 387         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
 388                 $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
 389                 echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf)
 390 endef
 391
 392 define Package/openssl-util/install
 393         $(INSTALL_DIR) $(1)/usr/bin
 394         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
 395 endef
 396
 397 $(eval $(call BuildPackage,libopenssl))
 398 $(eval $(call BuildPackage,libopenssl-conf))
 399 $(eval $(call BuildPackage,libopenssl-afalg))
 400 $(eval $(call BuildPackage,libopenssl-devcrypto))
 401 $(eval $(call BuildPackage,libopenssl-padlock))
 402 $(eval $(call BuildPackage,openssl-util))