2 # Copyright (C) 2006-2016 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR
)/rules.mk
13 PKG_VERSION
:=$(PKG_BASE
)$(PKG_BUGFIX
)
16 ENGINES_DIR
=engines-1.1
20 PKG_SOURCE
:=$(PKG_NAME
)-$(PKG_VERSION
).
tar.gz
22 http
://www.openssl.org
/source
/ \
23 http
://www.openssl.org
/source
/old
/$(PKG_BASE
)/ \
24 http
://ftp.fi.muni.cz
/pub
/openssl
/source
/ \
25 http
://ftp.fi.muni.cz
/pub
/openssl
/source
/old
/$(PKG_BASE
)/ \
26 ftp
://ftp.pca.dfn.de
/pub
/tools
/net
/openssl
/source
/ \
27 ftp
://ftp.pca.dfn.de
/pub
/tools
/net
/openssl
/source
/old
/$(PKG_BASE
)/
29 PKG_HASH
:=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
32 PKG_LICENSE_FILES
:=LICENSE
33 PKG_MAINTAINER
:=Eneas U de Queiroz
<cotequeiroz@gmail.com
>
34 PKG_CPE_ID
:=cpe
:/a
:openssl
:openssl
35 PKG_CONFIG_DEPENDS
:= \
36 CONFIG_OPENSSL_ENGINE \
37 CONFIG_OPENSSL_ENGINE_BUILTIN \
38 CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
39 CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
40 CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
41 CONFIG_OPENSSL_NO_DEPRECATED \
42 CONFIG_OPENSSL_OPTIMIZE_SPEED \
43 CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
44 CONFIG_OPENSSL_WITH_ARIA \
45 CONFIG_OPENSSL_WITH_ASM \
46 CONFIG_OPENSSL_WITH_ASYNC \
47 CONFIG_OPENSSL_WITH_BLAKE2 \
48 CONFIG_OPENSSL_WITH_CAMELLIA \
49 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
50 CONFIG_OPENSSL_WITH_CMS \
51 CONFIG_OPENSSL_WITH_COMPRESSION \
52 CONFIG_OPENSSL_WITH_DTLS \
53 CONFIG_OPENSSL_WITH_EC2M \
54 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
55 CONFIG_OPENSSL_WITH_IDEA \
56 CONFIG_OPENSSL_WITH_MDC2 \
57 CONFIG_OPENSSL_WITH_NPN \
58 CONFIG_OPENSSL_WITH_PSK \
59 CONFIG_OPENSSL_WITH_RFC3779 \
60 CONFIG_OPENSSL_WITH_SEED \
61 CONFIG_OPENSSL_WITH_SM234 \
62 CONFIG_OPENSSL_WITH_SRP \
63 CONFIG_OPENSSL_WITH_SSE2 \
64 CONFIG_OPENSSL_WITH_TLS13 \
65 CONFIG_OPENSSL_WITH_WHIRLPOOL
67 include $(INCLUDE_DIR
)/package.mk
69 ifneq ($(CONFIG_CCACHE
),)
70 HOSTCC
=$(HOSTCC_NOCACHE
)
71 HOSTCXX
=$(HOSTCXX_NOCACHE
)
74 define Package
/openssl
/Default
75 TITLE
:=Open source SSL toolkit
76 URL
:=http
://www.openssl.org
/
81 define Package
/libopenssl
/config
82 source
"$(SOURCE)/Config.in"
85 define Package
/openssl
/Default
/description
86 The OpenSSL Project is a collaborative effort to develop a robust
,
87 commercial-grade
, full-featured
, and Open Source toolkit implementing the
88 Transport Layer Security
(TLS
) protocol
as well
as a full-strength
89 general-purpose cryptography library.
92 define Package
/libopenssl
93 $(call Package
/openssl
/Default
)
95 DEPENDS
:=+OPENSSL_WITH_COMPRESSION
:zlib \
96 +OPENSSL_ENGINE_BUILTIN_AFALG
:kmod-crypto-user \
97 +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
:kmod-cryptodev \
98 +OPENSSL_ENGINE_BUILTIN_PADLOCK
:kmod-crypto-hw-padlock
104 define Package
/libopenssl
/description
105 $(call Package
/openssl
/Default
/description
)
106 This package contains the OpenSSL shared libraries
, needed by other programs.
109 define Package
/openssl-util
110 $(call Package
/openssl
/Default
)
113 DEPENDS
:=+libopenssl
+libopenssl-conf
117 define Package
/openssl-util
/description
118 $(call Package
/openssl
/Default
/description
)
119 This package contains the OpenSSL command-line utility.
122 define Package
/libopenssl-conf
123 $(call Package
/openssl
/Default
)
125 TITLE
:=/etc
/ssl
/openssl.cnf config file
129 define Package
/libopenssl-conf
/conffiles
133 define Package
/libopenssl-conf
/description
134 $(call Package
/openssl
/Default
/description
)
135 This package installs the OpenSSL configuration file
/etc
/ssl
/openssl.cnf.
138 define Package
/libopenssl-afalg
139 $(call Package
/openssl
/Default
)
141 TITLE
:=AFALG hardware acceleration engine
142 DEPENDS
:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \
143 +PACKAGE_libopenssl-afalg
:kmod-crypto-user
+libopenssl-conf @
!OPENSSL_ENGINE_BUILTIN
146 define Package
/libopenssl-afalg
/description
147 This package adds an engine that enables hardware acceleration
148 through the AF_ALG kernel interface.
149 To use it
, you need to enable the engine in
/etc
/ssl
/engines.cnf.d
/engines.cnf.
150 See https
://www.openssl.org
/docs
/man1.1
.1/man5
/config.html
#Engine-Configuration-Module
151 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
152 The engine_id is
"afalg"
155 define Package
/libopenssl-devcrypto
156 $(call Package
/openssl
/Default
)
158 TITLE
:=/dev
/crypto hardware acceleration engine
159 DEPENDS
:=libopenssl @OPENSSL_ENGINE
+PACKAGE_libopenssl-devcrypto
:kmod-cryptodev
+libopenssl-conf \
160 @
!OPENSSL_ENGINE_BUILTIN
163 define Package
/libopenssl-devcrypto
/description
164 This package adds an engine that enables hardware acceleration
165 through the
/dev
/crypto kernel interface.
166 To use it
, you need to enable the engine in
/etc
/ssl
/engines.cnf.d
/engines.cnf. You may
167 configure the engine by editing
/etc
/ssl
/engines.cnf.d
/devcrypto.cnf.
168 See https
://www.openssl.org
/docs
/man1.1
.1/man5
/config.html
#Engine-Configuration-Module
169 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
170 The engine_id is
"devcrypto"
173 define Package
/libopenssl-padlock
174 $(call Package
/openssl
/Default
)
176 TITLE
:=VIA Padlock hardware acceleration engine
177 DEPENDS
:=libopenssl @OPENSSL_ENGINE @TARGET_x86
+PACKAGE_libopenssl-padlock
:kmod-crypto-hw-padlock \
178 +libopenssl-conf @
!OPENSSL_ENGINE_BUILTIN
181 define Package
/libopenssl-padlock
/description
182 This package adds an engine that enables VIA Padlock hardware acceleration.
183 To use it
, you need to enable the engine in
/etc
/ssl
/engines.cnf.d
/engines.cnf.
184 See https
://www.openssl.org
/docs
/man1.1
.1/man5
/config.html
#Engine-Configuration-Module
185 and https
://openwrt.org
/docs
/techref
/hardware
/cryptographic.hardware.accelerators
186 The engine_id is
"padlock"
189 OPENSSL_OPTIONS
:= shared
191 ifndef CONFIG_OPENSSL_WITH_BLAKE2
192 OPENSSL_OPTIONS
+= no-blake2
195 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
196 OPENSSL_OPTIONS
+= no-chacha no-poly1305
198 ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
199 OPENSSL_OPTIONS
+= -DOPENSSL_PREFER_CHACHA_OVER_GCM
203 ifndef CONFIG_OPENSSL_WITH_ASYNC
204 OPENSSL_OPTIONS
+= no-async
207 ifndef CONFIG_OPENSSL_WITH_EC2M
208 OPENSSL_OPTIONS
+= no-ec2m
211 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
212 OPENSSL_OPTIONS
+= no-err
215 ifndef CONFIG_OPENSSL_WITH_TLS13
216 OPENSSL_OPTIONS
+= no-tls1_3
219 ifndef CONFIG_OPENSSL_WITH_ARIA
220 OPENSSL_OPTIONS
+= no-aria
223 ifndef CONFIG_OPENSSL_WITH_SM234
224 OPENSSL_OPTIONS
+= no-sm2 no-sm3 no-sm4
227 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
228 OPENSSL_OPTIONS
+= no-camellia
231 ifndef CONFIG_OPENSSL_WITH_IDEA
232 OPENSSL_OPTIONS
+= no-idea
235 ifndef CONFIG_OPENSSL_WITH_SEED
236 OPENSSL_OPTIONS
+= no-seed
239 ifndef CONFIG_OPENSSL_WITH_MDC2
240 OPENSSL_OPTIONS
+= no-mdc2
243 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
244 OPENSSL_OPTIONS
+= no-whirlpool
247 ifndef CONFIG_OPENSSL_WITH_CMS
248 OPENSSL_OPTIONS
+= no-cms
251 ifndef CONFIG_OPENSSL_WITH_RFC3779
252 OPENSSL_OPTIONS
+= no-rfc3779
255 ifdef CONFIG_OPENSSL_NO_DEPRECATED
256 OPENSSL_OPTIONS
+= no-deprecated
259 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED
),y
)
260 TARGET_CFLAGS
:= $(filter-out -O
%,$(TARGET_CFLAGS
)) -O3
262 OPENSSL_OPTIONS
+= -DOPENSSL_SMALL_FOOTPRINT
265 ifdef CONFIG_OPENSSL_ENGINE
266 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
267 OPENSSL_OPTIONS
+= disable-dynamic-engine
268 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
269 OPENSSL_OPTIONS
+= no-afalgeng
271 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
272 OPENSSL_OPTIONS
+= enable-devcryptoeng
274 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
275 OPENSSL_OPTIONS
+= no-hw-padlock
278 ifdef CONFIG_PACKAGE_libopenssl-devcrypto
279 OPENSSL_OPTIONS
+= enable-devcryptoeng
281 ifndef CONFIG_PACKAGE_libopenssl-afalg
282 OPENSSL_OPTIONS
+= no-afalgeng
284 ifndef CONFIG_PACKAGE_libopenssl-padlock
285 OPENSSL_OPTIONS
+= no-hw-padlock
289 OPENSSL_OPTIONS
+= no-engine
292 ifndef CONFIG_OPENSSL_WITH_DTLS
293 OPENSSL_OPTIONS
+= no-dtls
296 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
297 OPENSSL_OPTIONS
+= zlib-dynamic
299 OPENSSL_OPTIONS
+= no-comp
302 ifndef CONFIG_OPENSSL_WITH_NPN
303 OPENSSL_OPTIONS
+= no-nextprotoneg
306 ifndef CONFIG_OPENSSL_WITH_PSK
307 OPENSSL_OPTIONS
+= no-psk
310 ifndef CONFIG_OPENSSL_WITH_SRP
311 OPENSSL_OPTIONS
+= no-srp
314 ifndef CONFIG_OPENSSL_WITH_ASM
315 OPENSSL_OPTIONS
+= no-asm
319 ifndef CONFIG_OPENSSL_WITH_SSE2
320 OPENSSL_OPTIONS
+= no-sse2
324 OPENSSL_TARGET
:=linux-
$(call qstrip
,$(CONFIG_ARCH
))-openwrt
326 STAMP_CONFIGURED
:= $(STAMP_CONFIGURED
)_
$(shell echo
$(OPENSSL_OPTIONS
) |
$(MKHASH
) md5
)
328 define Build
/Configure
329 (cd
$(PKG_BUILD_DIR
); \
330 .
/Configure
$(OPENSSL_TARGET
) \
333 --openssldir
=/etc
/ssl \
334 --cross-compile-prefix
="$(TARGET_CROSS)" \
337 $(OPENSSL_OPTIONS
) && \
338 { [ -f
$(STAMP_CONFIGURED
) ] || make
clean; } \
342 TARGET_CFLAGS
+= $(FPIC
) -ffunction-sections
-fdata-sections
343 TARGET_LDFLAGS
+= -Wl
,--gc-sections
346 +$(MAKE
) $(PKG_JOBS
) -C
$(PKG_BUILD_DIR
) \
348 SOURCE_DATE_EPOCH
=$(SOURCE_DATE_EPOCH
) \
349 OPENWRT_OPTIMIZATION_FLAGS
="$(TARGET_CFLAGS)" \
350 $(OPENSSL_MAKEFLAGS
) \
352 $(MAKE
) -C
$(PKG_BUILD_DIR
) \
354 DESTDIR
="$(PKG_INSTALL_DIR)" \
355 $(OPENSSL_MAKEFLAGS
) \
356 install_sw install_ssldirs
359 define Build
/InstallDev
360 $(INSTALL_DIR
) $(1)/usr
/include
361 $(CP
) $(PKG_INSTALL_DIR
)/usr
/include/openssl
$(1)/usr
/include/
362 $(INSTALL_DIR
) $(1)/usr
/lib
/
363 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/lib
{crypto
,ssl
}.
{a
,so
*} $(1)/usr
/lib
/
364 $(INSTALL_DIR
) $(1)/usr
/lib
/pkgconfig
365 $(CP
) $(PKG_INSTALL_DIR
)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc $(1)/usr
/lib
/pkgconfig
/
366 [ -n
"$(TARGET_LDFLAGS)" ] && $(SED
) 's#$(TARGET_LDFLAGS)##g' $(1)/usr
/lib
/pkgconfig
/{openssl
,libcrypto
,libssl
}.
pc || true
369 define Package
/libopenssl
/install
370 $(INSTALL_DIR
) $(1)/etc
/ssl
/certs
371 $(INSTALL_DIR
) $(1)/etc
/ssl
/private
372 chmod
0700 $(1)/etc
/ssl
/private
373 $(INSTALL_DIR
) $(1)/usr
/lib
374 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libcrypto.so.
* $(1)/usr
/lib
/
375 $(INSTALL_DATA
) $(PKG_INSTALL_DIR
)/usr
/lib
/libssl.so.
* $(1)/usr
/lib
/
376 $(if
$(CONFIG_OPENSSL_ENGINE
),$(INSTALL_DIR
) $(1)/usr
/lib
/$(ENGINES_DIR
))
379 define Package
/libopenssl-conf
/install
380 $(INSTALL_DIR
) $(1)/etc
/ssl
/engines.cnf.d
381 $(CP
) $(PKG_INSTALL_DIR
)/etc
/ssl
/openssl.cnf
$(1)/etc
/ssl
/
382 $(CP
) .
/files
/engines.cnf
$(1)/etc
/ssl
/engines.cnf.d
/
385 define Package
/openssl-util
/install
386 $(INSTALL_DIR
) $(1)/usr
/bin
387 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/bin
/openssl
$(1)/usr
/bin
/
390 define Package
/libopenssl-afalg
/install
391 $(INSTALL_DIR
) $(1)/etc
/ssl
/engines.cnf.d \
392 $(1)/usr
/lib
/$(ENGINES_DIR
)
393 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/lib
/$(ENGINES_DIR
)/afalg.so
$(1)/usr
/lib
/$(ENGINES_DIR
)
394 $(INSTALL_DATA
) .
/files
/afalg.cnf
$(1)/etc
/ssl
/engines.cnf.d
/
397 define Package
/libopenssl-devcrypto
/install
398 $(INSTALL_DIR
) $(1)/etc
/ssl
/engines.cnf.d \
399 $(1)/usr
/lib
/$(ENGINES_DIR
)
400 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/lib
/$(ENGINES_DIR
)/devcrypto.so
$(1)/usr
/lib
/$(ENGINES_DIR
)
401 $(INSTALL_DATA
) .
/files
/devcrypto.cnf
$(1)/etc
/ssl
/engines.cnf.d
/
404 define Package
/libopenssl-padlock
/install
405 $(INSTALL_DIR
) $(1)/etc
/ssl
/engines.cnf.d \
406 $(1)/usr
/lib
/$(ENGINES_DIR
)
407 $(INSTALL_BIN
) $(PKG_INSTALL_DIR
)/usr
/lib
/$(ENGINES_DIR
)/*padlock.so
$(1)/usr
/lib
/$(ENGINES_DIR
)
408 $(INSTALL_DATA
) .
/files
/padlock.cnf
$(1)/etc
/ssl
/engines.cnf.d
/
411 $(eval
$(call BuildPackage
,libopenssl
))
412 $(eval
$(call BuildPackage
,libopenssl-conf
))
413 $(eval
$(call BuildPackage
,libopenssl-afalg
))
414 $(eval
$(call BuildPackage
,libopenssl-devcrypto
))
415 $(eval
$(call BuildPackage
,libopenssl-padlock
))
416 $(eval
$(call BuildPackage
,openssl-util
))