Gitiles
Code Review Sign In
192.168.1.100 / T108 / c8c95bbfb63cd52cb22cbf538f33b9fc96a99ee3 / . / package / libs / openssl / Makefile
blob: 4829670f86fe70fad5a039f179ef3b8626cd052f [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1#
2# Copyright (C) 2006-2016 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9
10PKG_NAME:=openssl
11PKG_VERSION:=3.0.16
12PKG_RELEASE:=1
13PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
14
15PKG_BUILD_PARALLEL:=1
16
17PKG_BASE:=$(subst $(space),.,$(wordlist 1,2,$(subst .,$(space),$(PKG_VERSION))))
18PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
19PKG_SOURCE_URL:= \
20 https://www.openssl.org/source/ \
21 https://www.openssl.org/source/old/$(PKG_BASE)/ \
22 https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
23
24PKG_HASH:=57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86
25
26PKG_LICENSE:=Apache-2.0
27PKG_LICENSE_FILES:=LICENSE
28PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
29PKG_CPE_ID:=cpe:/a:openssl:openssl
30PKG_CONFIG_DEPENDS:= \
31 CONFIG_OPENSSL_ENGINE \
32 CONFIG_OPENSSL_ENGINE_BUILTIN \
33 CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG \
34 CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO \
35 CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK \
36 CONFIG_OPENSSL_NO_DEPRECATED \
37 CONFIG_OPENSSL_OPTIMIZE_SPEED \
38 CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
39 CONFIG_OPENSSL_SMALL_FOOTPRINT \
40 CONFIG_OPENSSL_WITH_ARIA \
41 CONFIG_OPENSSL_WITH_ASM \
42 CONFIG_OPENSSL_WITH_ASYNC \
43 CONFIG_OPENSSL_WITH_BLAKE2 \
44 CONFIG_OPENSSL_WITH_CAMELLIA \
45 CONFIG_OPENSSL_WITH_CHACHA_POLY1305 \
46 CONFIG_OPENSSL_WITH_CMS \
47 CONFIG_OPENSSL_WITH_COMPRESSION \
48 CONFIG_OPENSSL_WITH_DTLS \
49 CONFIG_OPENSSL_WITH_EC2M \
50 CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
51 CONFIG_OPENSSL_WITH_IDEA \
52 CONFIG_OPENSSL_WITH_MDC2 \
53 CONFIG_OPENSSL_WITH_NPN \
54 CONFIG_OPENSSL_WITH_PSK \
55 CONFIG_OPENSSL_WITH_RFC3779 \
56 CONFIG_OPENSSL_WITH_SEED \
57 CONFIG_OPENSSL_WITH_SM234 \
58 CONFIG_OPENSSL_WITH_SRP \
59 CONFIG_OPENSSL_WITH_SSE2 \
60 CONFIG_OPENSSL_WITH_TLS13 \
61 CONFIG_OPENSSL_WITH_WHIRLPOOL
62
63include $(INCLUDE_DIR)/package.mk
64include $(INCLUDE_DIR)/openssl-module.mk
65
66ifneq ($(CONFIG_CCACHE),)
67HOSTCC=$(HOSTCC_NOCACHE)
68HOSTCXX=$(HOSTCXX_NOCACHE)
69endif
70
71define Package/openssl/Default
72 TITLE:=Open source SSL toolkit
73 URL:=https://www.openssl.org/
74 SECTION:=libs
75 CATEGORY:=Libraries
76endef
77
78define Package/libopenssl/config
79source "$(SOURCE)/Config.in"
80endef
81
82define Package/openssl/Default/description
83The OpenSSL Project is a collaborative effort to develop a robust,
84commercial-grade, full-featured, and Open Source toolkit implementing the
85Transport Layer Security (TLS) protocol as well as a full-strength
86general-purpose cryptography library.
87endef
88
89define Package/libopenssl
90$(call Package/openssl/Default)
91 SUBMENU:=SSL
92 DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib \
93 +OPENSSL_ENGINE_BUILTIN_AFALG:kmod-crypto-user \
94 +OPENSSL_ENGINE_BUILTIN_DEVCRYPTO:kmod-cryptodev \
95 +OPENSSL_ENGINE_BUILTIN_PADLOCK:kmod-crypto-hw-padlock \
96 +(arm||armeb||mips||mipsel||powerpc||arc):libatomic
97 TITLE+= (libraries)
98 ABI_VERSION:=$(firstword $(subst .,$(space),$(PKG_VERSION)))
99 MENU:=1
100endef
101
102define Package/libopenssl/description
103$(call Package/openssl/Default/description)
104This package contains the OpenSSL shared libraries, needed by other programs.
105endef
106
107define Package/openssl-util
108 $(call Package/openssl/Default)
109 SECTION:=utils
110 CATEGORY:=Utilities
111 DEPENDS:=+libopenssl +libopenssl-conf
112 TITLE+= (utility)
113endef
114
115define Package/openssl-util/description
116$(call Package/openssl/Default/description)
117This package contains the OpenSSL command-line utility.
118endef
119
120define Package/libopenssl-conf
121 $(call Package/openssl/Default)
122 SUBMENU:=SSL
123 TITLE:=/etc/ssl/openssl.cnf config file
124 DEPENDS:=libopenssl
125endef
126
127define Package/libopenssl-conf/conffiles
128/etc/ssl/openssl.cnf
129$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/modules.cnf.d/devcrypto.cnf)
130$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/modules.cnf.d/padlock.cnf)
131endef
132
133define Package/libopenssl-conf/description
134$(call Package/openssl/Default/description)
135This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf.
136endef
137
138ifneq ($(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK)$(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),)
139define Package/libopenssl-conf/postinst
140#!/bin/sh
141
142add_engine_config() {
143 if [ -z "$${IPKG_INSTROOT}" ] && uci -q get "openssl.$$1" >/dev/null; then
144 [ "$$(uci -q get "openssl.$$1.builtin")" = 1 ] && return
145 uci set "openssl.$$1.builtin=1" && uci commit openssl
146 return
147 fi
148}
149
150$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),add_engine_config devcrypto)
151$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),add_engine_config padlock)
152endef
153endif
154
155$(eval $(call Package/openssl/add-provider,legacy))
156define Package/libopenssl-legacy
157 $(call Package/openssl/Default)
158 $(call Package/openssl/module/Default)
159 TITLE:=OpenSSL legacy provider
160endef
161
162define Package/libopenssl-legacy/description
163The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that
164have been deemed legacy. Such algorithms have commonly fallen out of use, have
165been deemed insecure by the cryptography community, or something similar. See
166https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
167endef
168
169$(eval $(call Package/openssl/add-engine,afalg))
170define Package/libopenssl-afalg
171 $(call Package/openssl/Default)
172 $(call Package/openssl/engine/Default)
173 TITLE:=AFALG hardware acceleration engine
174 DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \
175 @!OPENSSL_ENGINE_BUILTIN
176endef
177
178define Package/libopenssl-afalg/description
179This package adds an engine that enables hardware acceleration
180through the AF_ALG kernel interface.
181See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
182and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
183The engine_id is "afalg"
184endef
185
186$(eval $(call Package/openssl/add-engine,devcrypto))
187define Package/libopenssl-devcrypto
188 $(call Package/openssl/Default)
189 $(call Package/openssl/engine/Default)
190 TITLE:=/dev/crypto hardware acceleration engine
191 DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN
192endef
193
194define Package/libopenssl-devcrypto/description
195This package adds an engine that enables hardware acceleration
196through the /dev/crypto kernel interface.
197See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
198and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
199The engine_id is "devcrypto"
200endef
201
202$(eval $(call Package/openssl/add-engine,padlock))
203define Package/libopenssl-padlock
204 $(call Package/openssl/Default)
205 $(call Package/openssl/engine/Default)
206 TITLE:=VIA Padlock hardware acceleration engine
207 DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \
208 @!OPENSSL_ENGINE_BUILTIN
209endef
210
211define Package/libopenssl-padlock/description
212This package adds an engine that enables VIA Padlock hardware acceleration.
213See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
214and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
215The engine_id is "padlock"
216endef
217
218OPENSSL_OPTIONS:= shared no-tests
219
220ifndef CONFIG_OPENSSL_WITH_BLAKE2
221 OPENSSL_OPTIONS += no-blake2
222endif
223
224ifndef CONFIG_OPENSSL_WITH_CHACHA_POLY1305
225 OPENSSL_OPTIONS += no-chacha no-poly1305
226else
227 ifdef CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM
228 OPENSSL_OPTIONS += -DOPENSSL_PREFER_CHACHA_OVER_GCM
229 endif
230endif
231
232ifndef CONFIG_OPENSSL_WITH_ASYNC
233 OPENSSL_OPTIONS += no-async
234endif
235
236ifndef CONFIG_OPENSSL_WITH_EC2M
237 OPENSSL_OPTIONS += no-ec2m
238endif
239
240ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
241 OPENSSL_OPTIONS += no-err
242endif
243
244ifndef CONFIG_OPENSSL_WITH_TLS13
245 OPENSSL_OPTIONS += no-tls1_3
246endif
247
248ifndef CONFIG_OPENSSL_WITH_ARIA
249 OPENSSL_OPTIONS += no-aria
250endif
251
252ifndef CONFIG_OPENSSL_WITH_SM234
253 OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
254endif
255
256ifndef CONFIG_OPENSSL_WITH_CAMELLIA
257 OPENSSL_OPTIONS += no-camellia
258endif
259
260ifndef CONFIG_OPENSSL_WITH_IDEA
261 OPENSSL_OPTIONS += no-idea
262endif
263
264ifndef CONFIG_OPENSSL_WITH_SEED
265 OPENSSL_OPTIONS += no-seed
266endif
267
268ifndef CONFIG_OPENSSL_WITH_MDC2
269 OPENSSL_OPTIONS += no-mdc2
270endif
271
272ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
273 OPENSSL_OPTIONS += no-whirlpool
274endif
275
276ifndef CONFIG_OPENSSL_WITH_CMS
277 OPENSSL_OPTIONS += no-cms
278endif
279
280ifndef CONFIG_OPENSSL_WITH_RFC3779
281 OPENSSL_OPTIONS += no-rfc3779
282endif
283
284ifdef CONFIG_OPENSSL_NO_DEPRECATED
285 OPENSSL_OPTIONS += no-deprecated
286endif
287
288ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
289 TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
290endif
291
292ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
293 OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
294endif
295
296ifdef CONFIG_OPENSSL_ENGINE
297 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
298 OPENSSL_OPTIONS += disable-dynamic-engine
299 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_AFALG
300 OPENSSL_OPTIONS += no-afalgeng
301 endif
302 ifdef CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
303 OPENSSL_OPTIONS += enable-devcryptoeng
304 endif
305 ifndef CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK
306 OPENSSL_OPTIONS += no-padlockeng
307 endif
308 else
309 ifdef CONFIG_PACKAGE_libopenssl-devcrypto
310 OPENSSL_OPTIONS += enable-devcryptoeng
311 endif
312 ifndef CONFIG_PACKAGE_libopenssl-afalg
313 OPENSSL_OPTIONS += no-afalgeng
314 endif
315 ifndef CONFIG_PACKAGE_libopenssl-padlock
316 OPENSSL_OPTIONS += no-padlockeng
317 endif
318 endif
319else
320 OPENSSL_OPTIONS += no-engine
321endif
322
323ifndef CONFIG_OPENSSL_WITH_DTLS
324 OPENSSL_OPTIONS += no-dtls
325endif
326
327ifdef CONFIG_OPENSSL_WITH_COMPRESSION
328 OPENSSL_OPTIONS += zlib-dynamic
329else
330 OPENSSL_OPTIONS += no-comp
331endif
332
333ifndef CONFIG_OPENSSL_WITH_NPN
334 OPENSSL_OPTIONS += no-nextprotoneg
335endif
336
337ifndef CONFIG_OPENSSL_WITH_PSK
338 OPENSSL_OPTIONS += no-psk
339endif
340
341ifndef CONFIG_OPENSSL_WITH_SRP
342 OPENSSL_OPTIONS += no-srp
343endif
344
345ifndef CONFIG_OPENSSL_WITH_ASM
346 OPENSSL_OPTIONS += no-asm
347endif
348
349ifdef CONFIG_i386
350 ifndef CONFIG_OPENSSL_WITH_SSE2
351 OPENSSL_OPTIONS += no-sse2
352 endif
353endif
354
355OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
356
357STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | $(MKHASH) md5)
358
359define Build/Configure
360 (cd $(PKG_BUILD_DIR); \
361 ./Configure $(OPENSSL_TARGET) \
362 --prefix=/usr \
363 --libdir=lib \
364 --openssldir=/etc/ssl \
365 --cross-compile-prefix="$(TARGET_CROSS)" \
366 $(TARGET_CFLAGS) \
367 $(TARGET_CPPFLAGS) \
368 $(TARGET_LDFLAGS) \
369 $(OPENSSL_OPTIONS) && \
370 { [ -f $(STAMP_CONFIGURED) ] || make clean; } \
371 )
372endef
373
374TARGET_CFLAGS += $(FPIC)
375
376define Build/Compile
377 +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
378 CC="$(TARGET_CC)" \
379 SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
380 OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
381 $(OPENSSL_MAKEFLAGS) \
382 all
383 $(MAKE) -C $(PKG_BUILD_DIR) \
384 CC="$(TARGET_CC)" \
385 DESTDIR="$(PKG_INSTALL_DIR)" \
386 $(OPENSSL_MAKEFLAGS) \
387 install_sw install_ssldirs
388endef
389
390define Build/InstallDev
391 $(INSTALL_DIR) $(1)/usr/include
392 $(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
393 $(INSTALL_DIR) $(1)/usr/lib/
394 $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
395 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
396 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
397 [ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
398endef
399
400define Package/libopenssl/install
401 $(INSTALL_DIR) $(1)/etc/ssl/certs
402 $(INSTALL_DIR) $(1)/etc/ssl/private
403 chmod 0700 $(1)/etc/ssl/private
404 $(INSTALL_DIR) $(1)/usr/lib
405 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
406 $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
407 $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
408endef
409
410define Package/libopenssl-conf/install
411 $(INSTALL_DIR) $(1)/etc/ssl/modules.cnf.d $(1)/etc/config $(1)/etc/init.d
412 $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
413 $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
414 $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
415 touch $(1)/etc/config/openssl
416 $(if $(CONFIG_OPENSSL_ENGINE),,
417 $(SED) 's!engines = engines_sect!#&!' $(1)/etc/ssl/openssl.cnf)
418 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
419 $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/
420 echo -e "config engine 'devcrypto'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)
421 $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
422 $(CP) ./files/padlock.cnf $(1)/etc/ssl/modules.cnf.d/
423 echo -e "\nconfig engine 'padlock'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)
424endef
425
426define Package/openssl-util/install
427 $(INSTALL_DIR) $(1)/usr/bin
428 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
429endef
430
431$(eval $(call BuildPackage,libopenssl))
432$(eval $(call BuildPackage,libopenssl-conf))
433$(eval $(call BuildPackage,libopenssl-afalg))
434$(eval $(call BuildPackage,libopenssl-devcrypto))
435$(eval $(call BuildPackage,libopenssl-legacy))
436$(eval $(call BuildPackage,libopenssl-padlock))
437$(eval $(call BuildPackage,openssl-util))