OSDN Git Service

b771edfc84cbfcfab517bd12e7fbe30fe51ceb71
[immortalwrt/immortalwrt.git] / package / libs / openssl / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9
10 PKG_NAME:=openssl
11 PKG_BASE:=1.1.1
12 PKG_BUGFIX:=n
13 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
14 PKG_RELEASE:=$(AUTORELEASE)
15 PKG_USE_MIPS16:=0
16
17 PKG_BUILD_PARALLEL:=1
18
19 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
20 PKG_SOURCE_URL:= \
21         http://www.openssl.org/source/ \
22         http://www.openssl.org/source/old/$(PKG_BASE)/ \
23         http://ftp.fi.muni.cz/pub/openssl/source/ \
24         http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
25         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
26         ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
27
28 PKG_HASH:=40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a
29
30 PKG_LICENSE:=OpenSSL
31 PKG_LICENSE_FILES:=LICENSE
32 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
33 PKG_CPE_ID:=cpe:/a:openssl:openssl
34 PKG_CONFIG_DEPENDS:= \
35         CONFIG_OPENSSL_ENGINE \
36         CONFIG_OPENSSL_ENGINE_BUILTIN \
37         CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
38         CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
39         CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
40         CONFIG_OPENSSL_NO_DEPRECATED \
41         CONFIG_OPENSSL_OPTIMIZE_SPEED \
42         CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
43         CONFIG_OPENSSL_WITH_ARIA \
44         CONFIG_OPENSSL_WITH_ASM \
45         CONFIG_OPENSSL_WITH_ASYNC \
46         CONFIG_OPENSSL_WITH_BLAKE2 \
47         CONFIG_OPENSSL_WITH_CAMELLIA \
48         CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
49         CONFIG_OPENSSL_WITH_CMS \
50         CONFIG_OPENSSL_WITH_COMPRESSION \
51         CONFIG_OPENSSL_WITH_DTLS \
52         CONFIG_OPENSSL_WITH_EC2M \
53         CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
54         CONFIG_OPENSSL_WITH_IDEA \
55         CONFIG_OPENSSL_WITH_MDC2 \
56         CONFIG_OPENSSL_WITH_NPN \
57         CONFIG_OPENSSL_WITH_PSK \
58         CONFIG_OPENSSL_WITH_RFC3779 \
59         CONFIG_OPENSSL_WITH_SEED \
60         CONFIG_OPENSSL_WITH_SM234 \
61         CONFIG_OPENSSL_WITH_SRP \
62         CONFIG_OPENSSL_WITH_SSE2 \
63         CONFIG_OPENSSL_WITH_TLS13 \
64         CONFIG_OPENSSL_WITH_WHIRLPOOL
65
66 include $(INCLUDE_DIR)/package.mk
67 include $(INCLUDE_DIR)/openssl-engine.mk
68
69 ifneq ($(CONFIG_CCACHE),)
70 HOSTCC=$(HOSTCC_NOCACHE)
71 HOSTCXX=$(HOSTCXX_NOCACHE)
72 endif
73
74 define Package/openssl/Default
75   TITLE:=Open source SSL toolkit
76   URL:=http://www.openssl.org/
77   SECTION:=libs
78   CATEGORY:=Libraries
79 endef
80
81 define Package/libopenssl/config
82 source "$(SOURCE)/Config.in"
83 endef
84
85 define Package/openssl/Default/description
86 The OpenSSL Project is a collaborative effort to develop a robust,
87 commercial-grade, full-featured, and Open Source toolkit implementing the
88 Transport Layer Security (TLS) protocol as well as a full-strength
89 general-purpose cryptography library.
90 endef
91
92 define Package/libopenssl
93 $(call Package/openssl/Default)
94   SUBMENU:=SSL
95   DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
96            +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
97            +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
98            +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock
99   TITLE+= (libraries)
100   ABI_VERSION:=1.1
101   MENU:=1
102 endef
103
104 define Package/libopenssl/description
105 $(call Package/openssl/Default/description)
106 This package contains the OpenSSL shared libraries, needed by other programs.
107 endef
108
109 define Package/openssl-util
110   $(call Package/openssl/Default)
111   SECTION:=utils
112   CATEGORY:=Utilities
113   DEPENDS:=+libopenssl +libopenssl-conf
114   TITLE+= (utility)
115 endef
116
117 define Package/openssl-util/description
118 $(call Package/openssl/Default/description)
119 This package contains the OpenSSL command-line utility.
120 endef
121
122 define Package/libopenssl-conf
123   $(call Package/openssl/Default)
124   SUBMENU:=SSL
125   TITLE:=/etc/ssl/openssl.cnf config file
126   DEPENDS:=libopenssl
127 endef
128
129 define Package/libopenssl-conf/conffiles
130 /etc/ssl/openssl.cnf
131 $(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
132 $(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
133 endef
134
135 define Package/libopenssl-conf/description
136 $(call Package/openssl/Default/description)
137 This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
138 endef
139
140 $(eval $(call Package/openssl/add-engine,afalg))
141 define Package/libopenssl-afalg
142   $(call Package/openssl/Default)
143   $(call Package/openssl/engine/Default)
144   TITLE:=AFALG hardware acceleration engine
145   DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
146              @!OPENSSL_ENGINE_BUILTIN
147 endef
148
149 define Package/libopenssl-afalg/description
150 This package adds an engine that enables hardware acceleration
151 through the AF_ALG kernel interface.
152 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
153 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
154 The engine_id is "afalg"
155 endef
156
157 $(eval $(call Package/openssl/add-engine,devcrypto))
158 define Package/libopenssl-devcrypto
159   $(call Package/openssl/Default)
160   $(call Package/openssl/engine/Default)
161   TITLE:=/dev/crypto hardware acceleration engine
162   DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
163 endef
164
165 define Package/libopenssl-devcrypto/description
166 This package adds an engine that enables hardware acceleration
167 through the /dev/crypto kernel interface.
168 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
169 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
170 The engine_id is "devcrypto"
171 endef
172
173 $(eval $(call Package/openssl/add-engine,padlock))
174 define Package/libopenssl-padlock
175   $(call Package/openssl/Default)
176   $(call Package/openssl/engine/Default)
177   TITLE:=VIA Padlock hardware acceleration engine
178   DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
179              @!OPENSSL_ENGINE_BUILTIN
180 endef
181
182 define Package/libopenssl-padlock/description
183 This package adds an engine that enables VIA Padlock hardware acceleration.
184 See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
185 and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
186 The engine_id is "padlock"
187 endef
188
189 OPENSSL_OPTIONS:= shared
190
191 ifndef CONFIG_OPENSSL_WITH_BLAKE2
192   OPENSSL_OPTIONS += no-blake2
193 endif
194
195 ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
196   OPENSSL_OPTIONS += no-chacha no-poly1305
197 else
198   ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
199     OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
200   endif
201 endif
202
203 ifndef CONFIG_OPENSSL_WITH_ASYNC
204   OPENSSL_OPTIONS += no-async
205 endif
206
207 ifndef CONFIG_OPENSSL_WITH_EC2M
208   OPENSSL_OPTIONS += no-ec2m
209 endif
210
211 ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
212   OPENSSL_OPTIONS += no-err
213 endif
214
215 ifndef CONFIG_OPENSSL_WITH_TLS13
216   OPENSSL_OPTIONS += no-tls1_3
217 endif
218
219 ifndef CONFIG_OPENSSL_WITH_ARIA
220   OPENSSL_OPTIONS += no-aria
221 endif
222
223 ifndef CONFIG_OPENSSL_WITH_SM234
224   OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
225 endif
226
227 ifndef CONFIG_OPENSSL_WITH_CAMELLIA
228   OPENSSL_OPTIONS += no-camellia
229 endif
230
231 ifndef CONFIG_OPENSSL_WITH_IDEA
232   OPENSSL_OPTIONS += no-idea
233 endif
234
235 ifndef CONFIG_OPENSSL_WITH_SEED
236   OPENSSL_OPTIONS += no-seed
237 endif
238
239 ifndef CONFIG_OPENSSL_WITH_MDC2
240   OPENSSL_OPTIONS += no-mdc2
241 endif
242
243 ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
244   OPENSSL_OPTIONS += no-whirlpool
245 endif
246
247 ifndef CONFIG_OPENSSL_WITH_CMS
248   OPENSSL_OPTIONS += no-cms
249 endif
250
251 ifndef CONFIG_OPENSSL_WITH_RFC3779
252   OPENSSL_OPTIONS += no-rfc3779
253 endif
254
255 ifdef CONFIG_OPENSSL_NO_DEPRECATED
256   OPENSSL_OPTIONS += no-deprecated
257 endif
258
259 ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
260   TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
261 else
262   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
263 endif
264
265 ifdef CONFIG_OPENSSL_ENGINE
266   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
267     OPENSSL_OPTIONS += disable-dynamic-engine
268     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
269       OPENSSL_OPTIONS += no-afalgeng
270     endif
271     ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
272       OPENSSL_OPTIONS += enable-devcryptoeng
273     endif
274     ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
275       OPENSSL_OPTIONS += no-hw-padlock
276     endif
277   else
278     ifdef CONFIG_PACKAGE_libopenssl-devcrypto
279       OPENSSL_OPTIONS += enable-devcryptoeng
280     endif
281     ifndef CONFIG_PACKAGE_libopenssl-afalg
282       OPENSSL_OPTIONS += no-afalgeng
283     endif
284     ifndef CONFIG_PACKAGE_libopenssl-padlock
285       OPENSSL_OPTIONS += no-hw-padlock
286     endif
287   endif
288 else
289   OPENSSL_OPTIONS += no-engine
290 endif
291
292 ifndef CONFIG_OPENSSL_WITH_DTLS
293   OPENSSL_OPTIONS += no-dtls
294 endif
295
296 ifdef CONFIG_OPENSSL_WITH_COMPRESSION
297   OPENSSL_OPTIONS += zlib-dynamic
298 else
299   OPENSSL_OPTIONS += no-comp
300 endif
301
302 ifndef CONFIG_OPENSSL_WITH_NPN
303   OPENSSL_OPTIONS += no-nextprotoneg
304 endif
305
306 ifndef CONFIG_OPENSSL_WITH_PSK
307   OPENSSL_OPTIONS += no-psk
308 endif
309
310 ifndef CONFIG_OPENSSL_WITH_SRP
311   OPENSSL_OPTIONS += no-srp
312 endif
313
314 ifndef CONFIG_OPENSSL_WITH_ASM
315   OPENSSL_OPTIONS += no-asm
316 endif
317
318 ifdef CONFIG_i386
319   ifndef CONFIG_OPENSSL_WITH_SSE2
320     OPENSSL_OPTIONS += no-sse2
321   endif
322 endif
323
324 OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
325
326 STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
327
328 define Build/Configure
329         (cd $(PKG_BUILD_DIR); \
330                 ./Configure $(OPENSSL_TARGET) \
331                         --prefix=/usr \
332                         --libdir=lib \
333                         --openssldir=/etc/ssl \
334                         --cross-compile-prefix="$(TARGET_CROSS)" \
335                         $(TARGET_CPPFLAGS) \
336                         $(TARGET_LDFLAGS) \
337                         $(OPENSSL_OPTIONS) && \
338                 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
339         )
340 endef
341
342 TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
343 TARGET_LDFLAGS += -Wl,--gc-sections
344
345 define Build/Compile
346         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
347                 CC="$(TARGET_CC)" \
348                 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
349                 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
350                 $(OPENSSL_MAKEFLAGS) \
351                 all
352         $(MAKE) -C $(PKG_BUILD_DIR) \
353                 CC="$(TARGET_CC)" \
354                 DESTDIR="$(PKG_INSTALL_DIR)" \
355                 $(OPENSSL_MAKEFLAGS) \
356                 install_sw install_ssldirs
357 endef
358
359 define Build/InstallDev
360         $(INSTALL_DIR) $(1)/usr/include
361         $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
362         $(INSTALL_DIR) $(1)/usr/lib/
363         $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
364         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
365         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
366         [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
367 endef
368
369 define Package/libopenssl/install
370         $(INSTALL_DIR) $(1)/etc/ssl/certs
371         $(INSTALL_DIR) $(1)/etc/ssl/private
372         chmod 0700 $(1)/etc/ssl/private
373         $(INSTALL_DIR) $(1)/usr/lib
374         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
375         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
376         $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
377 endef
378
379 define Package/libopenssl-conf/install
380         $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config $(1)/etc/init.d
381         $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
382         $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
383         $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
384         touch $(1)/etc/config/openssl
385         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
386                 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
387                 echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
388         $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
389                 $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
390                 echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
391 endef
392
393 define Package/openssl-util/install
394         $(INSTALL_DIR) $(1)/usr/bin
395         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
396 endef
397
398 $(eval $(call BuildPackage,libopenssl))
399 $(eval $(call BuildPackage,libopenssl-conf))
400 $(eval $(call BuildPackage,libopenssl-afalg))
401 $(eval $(call BuildPackage,libopenssl-devcrypto))
402 $(eval $(call BuildPackage,libopenssl-padlock))
403 $(eval $(call BuildPackage,openssl-util))