diff options
14 files changed, 376 insertions, 476 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index c39e28510f..fe73229915 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -1,72 +1,216 @@ if PACKAGE_libopenssl -config OPENSSL_WITH_EC +comment "Build Options" + +config OPENSSL_OPTIMIZE_SPEED + bool + prompt "Enable optimization for speed instead of size" + select OPENSSL_WITH_ASM + help + Enabling this option increases code size (around 20%) and + performance. The increase in performance and size depends on the + target CPU. EC and AES seem to benefit the most, with EC speed + increased by 20%-50% (mipsel & x86). + AES-GCM is supposed to be 3x faster on x86. YMMV. + +config OPENSSL_WITH_ASM bool default y - prompt "Enable elliptic curve support" + prompt "Compile with optimized assembly code" + depends on !arc + help + Disabling this option will reduce code size and performance. + The increase in performance and size depends on the target + CPU and on the algorithms being optimized. As of 1.1.0i*: -config OPENSSL_WITH_EC2M - bool - depends on OPENSSL_WITH_EC - prompt "Enable ec2m support" + Platform Pkg Inc. Algorithms where assembly is used - ~% Speed Increase + aarch64 174K BN, aes, sha1, sha256, sha512, nist256, poly1305 + arm 152K BN, aes, sha1, sha256, sha512, nist256, poly1305 + i386 183K BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292% + mipsel 1.5K BN+97%, aes+4%, sha1+94%, sha256+60% + mips64 3.7K BN, aes, sha1, sha256, sha512, poly1305 + powerpc 20K BN, aes, sha1, sha256, sha512, poly1305 + x86_64 228K BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228% -config OPENSSL_WITH_SSL3 + * Only most common algorithms shown. Your mileage may vary. + BN (bignum) performance was measured using RSA sign/verify. + +config OPENSSL_WITH_SSE2 bool - default n - prompt "Enable sslv3 support" + default y if !TARGET_x86_legacy && !TARGET_x86_geode + prompt "Enable use of x86 SSE2 instructions" + depends on OPENSSL_WITH_ASM && i386 + help + Use of SSE2 instructions greatly increase performance (up to + 3x faster) with a minimum (~0.2%, or 23KB) increase in package + size, but it will bring no benefit if your hardware does not + support them, such as Geode GX and LX. In this case you may + save 23KB by saying yes here. AMD Geode NX, and Intel + Pentium 4 and above support SSE2. config OPENSSL_WITH_DEPRECATED bool default y - prompt "Include deprecated APIs" + prompt "Include deprecated APIs (See help for a list of packages that need this)" + help + Squid currently requires this. config OPENSSL_NO_DEPRECATED bool default !OPENSSL_WITH_DEPRECATED -config OPENSSL_WITH_DTLS +config OPENSSL_WITH_ERROR_MESSAGES bool - default n - prompt "Enable DTLS support" + prompt "Include error messages" + help + This option aids debugging, but increases package size and + memory usage. -config OPENSSL_WITH_COMPRESSION +comment "Protocol Support" + +config OPENSSL_WITH_DTLS bool - default n - prompt "Enable compression support" + prompt "Enable DTLS support" + help + Datagram Transport Layer Security (DTLS) provides TLS-like security + for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications. config OPENSSL_WITH_NPN bool default y prompt "Enable NPN support" + help + NPN is a TLS extension, obsoleted and replaced with ALPN, + used to negotiate SPDY, and HTTP/2. + +config OPENSSL_WITH_SRP + bool + default y + prompt "Enable SRP support" + help + The Secure Remote Password protocol (SRP) is an augmented + password-authenticated key agreement (PAKE) protocol, specifically + designed to work around existing patents. + +config OPENSSL_WITH_CMS + bool + default y + prompt "Enable CMS (RFC 5652) support" + help + Cryptographic Message Syntax (CMS) is used to digitally sign, + digest, authenticate, or encrypt arbitrary message content. + +comment "Algorithm Selection" + +config OPENSSL_WITH_EC + bool + default y + prompt "Enable elliptic curve support" + help + Elliptic-curve cryptography (ECC) is an approach to public-key + cryptography based on the algebraic structure of elliptic curves + over finite fields. ECC requires smaller keys compared to non-ECC + cryptography to provide equivalent security. + +config OPENSSL_WITH_EC2M + bool + depends on OPENSSL_WITH_EC + prompt "Enable ec2m support" + help + This option enables the more efficient, yet less common, binary + field elliptic curves. config OPENSSL_WITH_PSK bool default y prompt "Enable PSK support" + help + Build support for Pre-Shared Key based cipher suites. -config OPENSSL_WITH_SRP +comment "Less commonly used build options" + +config OPENSSL_WITH_CAMELLIA bool - default y - prompt "Enable SRP support" + prompt "Enable Camellia cipher support" + help + Camellia is a bock cipher with security levels and processing + abilities comparable to AES. -config OPENSSL_ENGINE_DIGEST +config OPENSSL_WITH_IDEA bool - depends on OPENSSL_ENGINE_CRYPTO - prompt "Digests acceleration support" + prompt "Enable IDEA cipher support" + help + IDEA is a block cipher with 128-bit keys. -config OPENSSL_HARDWARE_SUPPORT +config OPENSSL_WITH_SEED bool - default n - prompt "Enable hardware support" + prompt "Enable SEED cipher support" + help + SEED is a block cipher with 128-bit keys broadly used in + South Korea, but seldom found elsewhere. -config OPENSSL_OPTIMIZE_SPEED +config OPENSSL_WITH_MDC2 bool - default n - prompt "Enable optimization for speed instead of size" + prompt "Enable MDC2 digest support" -endif +config OPENSSL_WITH_WHIRLPOOL + bool + prompt "Enable Whirlpool digest support" + +config OPENSSL_WITH_COMPRESSION + bool + prompt "Enable compression support" + help + TLS compression is not recommended, as it is deemed insecure. + The CRIME attack exploits this weakness. + Even with this option turned on, it is disabled by default, and the + application must explicitly turn it on. + +config OPENSSL_WITH_RFC3779 + bool + prompt "Enable RFC3779 support (BGP)" + help + RFC 3779 defines two X.509 v3 certificate extensions. The first + binds a list of IP address blocks, or prefixes, to the subject of a + certificate. The second binds a list of autonomous system + identifiers to the subject of a certificate. These extensions may be + used to convey the authorization of the subject to use the IP + addresses and autonomous system identifiers contained in the + extensions. + +comment "Engine/Hardware Support" + +config OPENSSL_ENGINE + bool "Enable engine support" + help + This enables alternative cryptography implementations, + most commonly for interfacing with external crypto devices, + or supporting new/alternative ciphers and digests. config OPENSSL_ENGINE_CRYPTO bool - select OPENSSL_HARDWARE_SUPPORT - prompt "Crypto acceleration support" if PACKAGE_libopenssl + select OPENSSL_ENGINE + select PACKAGE_kmod-cryptodev + prompt "Acceleration support through /dev/crypto" + help + This enables use of hardware acceleration through OpenBSD + Cryptodev API (/dev/crypto) interface. + You must install kmod-cryptodev (under Kernel modules, Cryptographic + API modules) for /dev/crypto to show up and use hardware + acceleration; otherwise it falls back to software. + +config OPENSSL_ENGINE_DIGEST + bool + depends on OPENSSL_ENGINE_CRYPTO + prompt "/dev/crypto digest (md5/sha1) acceleration support" + +config OPENSSL_WITH_GOST + bool + prompt "Prepare library for GOST engine" + depends on OPENSSL_ENGINE + help + This option prepares the library to accept engine support + for Russian GOST crypto algorithms. + +endif + diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 71c2c9c028..d9b1de2581 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -15,7 +15,7 @@ PKG_RELEASE:=2 PKG_USE_MIPS16:=0 PKG_BUILD_PARALLEL:=0 - +PKG_BUILD_DEPENDS:=cryptodev-linux PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ @@ -25,24 +25,35 @@ PKG_SOURCE_URL:= \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 +ENGINES_DIR=engines PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE PKG_CPE_ID:=cpe:/a:openssl:openssl PKG_CONFIG_DEPENDS:= \ + CONFIG_OPENSSL_ENGINE \ CONFIG_OPENSSL_ENGINE_CRYPTO \ CONFIG_OPENSSL_ENGINE_DIGEST \ - CONFIG_OPENSSL_WITH_EC \ - CONFIG_OPENSSL_WITH_EC2M \ - CONFIG_OPENSSL_WITH_SSL3 \ - CONFIG_OPENSSL_HARDWARE_SUPPORT \ CONFIG_OPENSSL_NO_DEPRECATED \ - CONFIG_OPENSSL_WITH_DTLS \ + CONFIG_OPENSSL_OPTIMIZE_SPEED \ + CONFIG_OPENSSL_WITH_ASM \ + CONFIG_OPENSSL_WITH_CAMELLIA \ + CONFIG_OPENSSL_WITH_CMS \ CONFIG_OPENSSL_WITH_COMPRESSION \ + CONFIG_OPENSSL_WITH_DTLS \ + CONFIG_OPENSSL_WITH_EC \ + CONFIG_OPENSSL_WITH_EC2M \ + CONFIG_OPENSSL_WITH_ERROR_MESSAGES \ + CONFIG_OPENSSL_WITH_GOST \ + CONFIG_OPENSSL_WITH_IDEA \ + CONFIG_OPENSSL_WITH_MDC2 \ CONFIG_OPENSSL_WITH_NPN \ CONFIG_OPENSSL_WITH_PSK \ + CONFIG_OPENSSL_WITH_RFC3779 \ + CONFIG_OPENSSL_WITH_SEED \ CONFIG_OPENSSL_WITH_SRP \ - CONFIG_OPENSSL_OPTIMIZE_SPEED + CONFIG_OPENSSL_WITH_SSE2 \ + CONFIG_OPENSSL_WITH_WHIRLPOOL include $(INCLUDE_DIR)/package.mk @@ -54,6 +65,8 @@ endif define Package/openssl/Default TITLE:=Open source SSL toolkit URL:=http://www.openssl.org/ + SECTION:=libs + CATEGORY:=Libraries endef define Package/libopenssl/config @@ -62,16 +75,14 @@ endef define Package/openssl/Default/description The OpenSSL Project is a collaborative effort to develop a robust, -commercial-grade, full-featured, and Open Source toolkit implementing the Secure -Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well -as a full-strength general purpose cryptography library. +commercial-grade, full-featured, and Open Source toolkit implementing the +Transport Layer Security (TLS) protocol as well as a full-strength +general-purpose cryptography library. endef define Package/libopenssl $(call Package/openssl/Default) - SECTION:=libs SUBMENU:=SSL - CATEGORY:=Libraries DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib TITLE+= (libraries) ABI_VERSION:=1.0.0 @@ -100,19 +111,35 @@ $(call Package/openssl/Default/description) This package contains the OpenSSL command-line utility. endef +define Package/libopenssl-gost + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=Russian GOST algorithms engine + DEPENDS:=libopenssl +@OPENSSL_WITH_GOST +endef + +define Package/libopenssl-gost/description +This package adds an engine that enables Russian GOST algorithms. +To use it, you need to configure the engine in /etc/ssl/openssl.cnf +See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE +The engine_id is "gost" +endef -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \ - no-whrlpool no-whirlpool no-seed no-jpake -OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats +define Package/libopenssl-padlock + $(call Package/openssl/Default) + SUBMENU:=SSL + TITLE:=VIA Padlock hardware acceleration engine + DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock +endef -ifdef CONFIG_OPENSSL_ENGINE_CRYPTO - OPENSSL_OPTIONS += -DHAVE_CRYPTODEV - ifdef CONFIG_OPENSSL_ENGINE_DIGEST - OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS - endif -else - OPENSSL_OPTIONS += no-engines -endif +define Package/libopenssl-padlock/description +This package adds an engine that enables VIA Padlock hardware acceleration. +To use it, you need to configure it in /etc/ssl/openssl.cnf. +See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE +The engine_id is "padlock" +endef + +OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method ifndef CONFIG_OPENSSL_WITH_EC OPENSSL_OPTIONS += no-ec @@ -122,20 +149,70 @@ ifndef CONFIG_OPENSSL_WITH_EC2M OPENSSL_OPTIONS += no-ec2m endif -ifndef CONFIG_OPENSSL_WITH_SSL3 - OPENSSL_OPTIONS += no-ssl3 no-ssl3-method +ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES + OPENSSL_OPTIONS += no-err +endif + +ifndef CONFIG_OPENSSL_WITH_CAMELLIA + OPENSSL_OPTIONS += no-camellia +endif + +ifndef CONFIG_OPENSSL_WITH_IDEA + OPENSSL_OPTIONS += no-idea +endif + +ifndef CONFIG_OPENSSL_WITH_SEED + OPENSSL_OPTIONS += no-seed endif -ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT - OPENSSL_OPTIONS += no-hw +ifndef CONFIG_OPENSSL_WITH_MDC2 + OPENSSL_OPTIONS += no-mdc2 +endif + +ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL + OPENSSL_OPTIONS += no-whirlpool +endif + +ifndef CONFIG_OPENSSL_WITH_CMS + OPENSSL_OPTIONS += no-cms +endif + +ifdef CONFIG_OPENSSL_WITH_RFC3779 + OPENSSL_OPTIONS += enable-rfc3779 endif ifdef CONFIG_OPENSSL_NO_DEPRECATED OPENSSL_OPTIONS += no-deprecated endif +ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) + TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3 +else + OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT +endif + +ifdef CONFIG_OPENSSL_ENGINE + ifdef CONFIG_OPENSSL_ENGINE_CRYPTO + OPENSSL_OPTIONS += -DHAVE_CRYPTODEV + ifdef CONFIG_OPENSSL_ENGINE_DIGEST + OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS + endif + endif + ifndef CONFIG_PACKAGE_libopenssl-padlock + OPENSSL_OPTIONS += no-hw-padlock + endif +else + OPENSSL_OPTIONS += no-engine +endif + +ifndef CONFIG_OPENSSL_WITH_GOST + OPENSSL_OPTIONS += no-gost +endif + +# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code, +# but openssl util gets built without it ifndef CONFIG_OPENSSL_WITH_DTLS - OPENSSL_OPTIONS += no-dtls + OPENSSL_OPTIONS += no-dtls no-dtls1 endif ifdef CONFIG_OPENSSL_WITH_COMPRESSION @@ -156,27 +233,18 @@ ifndef CONFIG_OPENSSL_WITH_SRP OPENSSL_OPTIONS += no-srp endif -ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) - TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3 +ifndef CONFIG_OPENSSL_WITH_ASM + OPENSSL_OPTIONS += no-asm endif -ifeq ($(CONFIG_x86_64),y) - OPENSSL_TARGET:=linux-x86_64-openwrt - OPENSSL_MAKEFLAGS += LIBDIR=lib -else - OPENSSL_OPTIONS+=no-sse2 - ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y) - OPENSSL_TARGET:=linux-mips-openwrt - else ifeq ($(CONFIG_aarch64),y) - OPENSSL_TARGET:=linux-aarch64-openwrt - else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y) - OPENSSL_TARGET:=linux-armv4-openwrt - else - OPENSSL_TARGET:=linux-generic-openwrt - OPENSSL_OPTIONS+=no-perlasm +ifdef CONFIG_i386 + ifndef CONFIG_OPENSSL_WITH_SSE2 + OPENSSL_OPTIONS += no-sse2 endif endif +OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt + STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5) define Build/Configure @@ -187,11 +255,10 @@ define Build/Configure (cd $(PKG_BUILD_DIR); \ ./Configure $(OPENSSL_TARGET) \ --prefix=/usr \ + --libdir=lib \ --openssldir=/etc/ssl \ $(TARGET_CPPFLAGS) \ - $(TARGET_LDFLAGS) -ldl \ - $(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \ - $(OPENSSL_NO_CIPHERS) \ + $(TARGET_LDFLAGS) \ $(OPENSSL_OPTIONS) \ ) +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ @@ -202,7 +269,7 @@ define Build/Configure depend endef -TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections +TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections define Build/Compile @@ -251,20 +318,33 @@ define Build/InstallDev endef define Package/libopenssl/install + $(INSTALL_DIR) $(1)/etc/ssl/certs + $(INSTALL_DIR) $(1)/etc/ssl/private + chmod 0700 $(1)/etc/ssl/private $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ + $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)) endef define Package/openssl-util/install $(INSTALL_DIR) $(1)/etc/ssl $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ - $(INSTALL_DIR) $(1)/etc/ssl/certs - $(INSTALL_DIR) $(1)/etc/ssl/private - chmod 0700 $(1)/etc/ssl/private $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ endef +define Package/libopenssl-padlock/install + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR) +endef + +define Package/libopenssl-gost/install + $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR) +endef + $(eval $(call BuildPackage,libopenssl)) +$(eval $(call BuildPackage,libopenssl-gost)) +$(eval $(call BuildPackage,libopenssl-padlock)) $(eval $(call BuildPackage,openssl-util)) diff --git a/package/libs/openssl/include/crypto/cryptodev.h b/package/libs/openssl/include/crypto/cryptodev.h deleted file mode 100644 index 7fb9c7dcda..0000000000 --- a/package/libs/openssl/include/crypto/cryptodev.h +++ /dev/null @@ -1,292 +0,0 @@ -/* This is a source compatible implementation with the original API of - * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. - * Placed under public domain */ - -#ifndef L_CRYPTODEV_H -#define L_CRYPTODEV_H - -#include <linux/types.h> -#ifndef __KERNEL__ -#define __user -#endif - -/* API extensions for linux */ -#define CRYPTO_HMAC_MAX_KEY_LEN 512 -#define CRYPTO_CIPHER_MAX_KEY_LEN 64 - -/* All the supported algorithms - */ -enum cryptodev_crypto_op_t { - CRYPTO_DES_CBC = 1, - CRYPTO_3DES_CBC = 2, - CRYPTO_BLF_CBC = 3, - CRYPTO_CAST_CBC = 4, - CRYPTO_SKIPJACK_CBC = 5, - CRYPTO_MD5_HMAC = 6, - CRYPTO_SHA1_HMAC = 7, - CRYPTO_RIPEMD160_HMAC = 8, - CRYPTO_MD5_KPDK = 9, - CRYPTO_SHA1_KPDK = 10, - CRYPTO_RIJNDAEL128_CBC = 11, - CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, - CRYPTO_ARC4 = 12, - CRYPTO_MD5 = 13, - CRYPTO_SHA1 = 14, - CRYPTO_DEFLATE_COMP = 15, - CRYPTO_NULL = 16, - CRYPTO_LZS_COMP = 17, - CRYPTO_SHA2_256_HMAC = 18, - CRYPTO_SHA2_384_HMAC = 19, - CRYPTO_SHA2_512_HMAC = 20, - CRYPTO_AES_CTR = 21, - CRYPTO_AES_XTS = 22, - CRYPTO_AES_ECB = 23, - CRYPTO_AES_GCM = 50, - - CRYPTO_CAMELLIA_CBC = 101, - CRYPTO_RIPEMD160, - CRYPTO_SHA2_224, - CRYPTO_SHA2_256, - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_SHA2_224_HMAC, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ -}; - -#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) - -/* Values for ciphers */ -#define DES_BLOCK_LEN 8 -#define DES3_BLOCK_LEN 8 -#define RIJNDAEL128_BLOCK_LEN 16 -#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN -#define CAMELLIA_BLOCK_LEN 16 -#define BLOWFISH_BLOCK_LEN 8 -#define SKIPJACK_BLOCK_LEN 8 -#define CAST128_BLOCK_LEN 8 - -/* the maximum of the above */ -#define EALG_MAX_BLOCK_LEN 16 - -/* Values for hashes/MAC */ -#define AALG_MAX_RESULT_LEN 64 - -/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ -#define CRYPTODEV_MAX_ALG_NAME 64 - -#define HASH_MAX_LEN 64 - -/* input of CIOCGSESSION */ -struct session_op { - /* Specify either cipher or mac - */ - __u32 cipher; /* cryptodev_crypto_op_t */ - __u32 mac; /* cryptodev_crypto_op_t */ - - __u32 keylen; - __u8 __user *key; - __u32 mackeylen; - __u8 __user *mackey; - - __u32 ses; /* session identifier */ -}; - -struct session_info_op { - __u32 ses; /* session identifier */ - - /* verbose names for the requested ciphers */ - struct alg_info { - char cra_name[CRYPTODEV_MAX_ALG_NAME]; - char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; - } cipher_info, hash_info; - - __u16 alignmask; /* alignment constraints */ - __u32 flags; /* SIOP_FLAGS_* */ -}; - -/* If this flag is set then this algorithm uses - * a driver only available in kernel (software drivers, - * or drivers based on instruction sets do not set this flag). - * - * If multiple algorithms are involved (as in AEAD case), then - * if one of them is kernel-driver-only this flag will be set. - */ -#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 - -#define COP_ENCRYPT 0 -#define COP_DECRYPT 1 - -/* input of CIOCCRYPT */ -struct crypt_op { - __u32 ses; /* session identifier */ - __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ - __u16 flags; /* see COP_FLAG_* */ - __u32 len; /* length of source data */ - __u8 __user *src; /* source data */ - __u8 __user *dst; /* pointer to output data */ - /* pointer to output data for hash/MAC operations */ - __u8 __user *mac; - /* initialization vector for encryption operations */ - __u8 __user *iv; -}; - -/* input of CIOCAUTHCRYPT */ -struct crypt_auth_op { - __u32 ses; /* session identifier */ - __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ - __u16 flags; /* see COP_FLAG_AEAD_* */ - __u32 len; /* length of source data */ - __u32 auth_len; /* length of auth data */ - __u8 __user *auth_src; /* authenticated-only data */ - - /* The current implementation is more efficient if data are - * encrypted in-place (src==dst). */ - __u8 __user *src; /* data to be encrypted and authenticated */ - __u8 __user *dst; /* pointer to output data. Must have - * space for tag. For TLS this should be at least - * len + tag_size + block_size for padding */ - - __u8 __user *tag; /* where the tag will be copied to. TLS mode - * doesn't use that as tag is copied to dst. - * SRTP mode copies tag there. */ - __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ - - /* initialization vector for encryption operations */ - __u8 __user *iv; - __u32 iv_len; -}; - -/* In plain AEAD mode the following are required: - * flags : 0 - * iv : the initialization vector (12 bytes) - * auth_len: the length of the data to be authenticated - * auth_src: the data to be authenticated - * len : length of data to be encrypted - * src : the data to be encrypted - * dst : space to hold encrypted data. It must have - * at least a size of len + tag_size. - * tag_size: the size of the desired authentication tag or zero to use - * the maximum tag output. - * - * Note tag isn't being used because the Linux AEAD interface - * copies the tag just after data. - */ - -/* In TLS mode (used for CBC ciphers that required padding) - * the following are required: - * flags : COP_FLAG_AEAD_TLS_TYPE - * iv : the initialization vector - * auth_len: the length of the data to be authenticated only - * len : length of data to be encrypted - * auth_src: the data to be authenticated - * src : the data to be encrypted - * dst : space to hold encrypted data (preferably in-place). It must have - * at least a size of len + tag_size + blocksize. - * tag_size: the size of the desired authentication tag or zero to use - * the default mac output. - * - * Note that the padding used is the minimum padding. - */ - -/* In SRTP mode the following are required: - * flags : COP_FLAG_AEAD_SRTP_TYPE - * iv : the initialization vector - * auth_len: the length of the data to be authenticated. This must - * include the SRTP header + SRTP payload (data to be encrypted) + rest - * - * len : length of data to be encrypted - * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. - * src : pointer to the data to be encrypted. - * dst : This is mandatory to be the same as src (in-place only). - * tag_size: the size of the desired authentication tag or zero to use - * the default mac output. - * tag : Pointer to an address where the authentication tag will be copied. - */ - - -/* struct crypt_op flags */ - -#define COP_FLAG_NONE (0 << 0) /* totally no flag */ -#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ -#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ -#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ -#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ -#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the - * TLS protocol rules */ -#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the - * SRTP protocol rules */ -#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. - * should be used in combination - * with COP_FLAG_UPDATE */ - - -/* Stuff for bignum arithmetic and public key - * cryptography - not supported yet by linux - * cryptodev. - */ - -#define CRYPTO_ALG_FLAG_SUPPORTED 1 -#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 -#define CRYPTO_ALG_FLAG_DSA_SHA 4 - -struct crparam { - __u8 *crp_p; - __u32 crp_nbits; -}; - -#define CRK_MAXPARAM 8 - -/* input of CIOCKEY */ -struct crypt_kop { - __u32 crk_op; /* cryptodev_crk_op_t */ - __u32 crk_status; - __u16 crk_iparams; - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -}; - -enum cryptodev_crk_op_t { - CRK_MOD_EXP = 0, - CRK_MOD_EXP_CRT = 1, - CRK_DSA_SIGN = 2, - CRK_DSA_VERIFY = 3, - CRK_DH_COMPUTE_KEY = 4, - CRK_ALGORITHM_ALL -}; - -#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) - -/* features to be queried with CIOCASYMFEAT ioctl - */ -#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) - - -/* ioctl's. Compatible with old linux cryptodev.h - */ -#define CRIOGET _IOWR('c', 101, __u32) -#define CIOCGSESSION _IOWR('c', 102, struct session_op) -#define CIOCFSESSION _IOW('c', 103, __u32) -#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) -#define CIOCKEY _IOWR('c', 105, struct crypt_kop) -#define CIOCASYMFEAT _IOR('c', 106, __u32) -#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) - -/* to indicate that CRIOGET is not required in linux - */ -#define CRIOGET_NOT_NEEDED 1 - -/* additional ioctls for AEAD */ -#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) - -/* additional ioctls for asynchronous operation. - * These are conditionally enabled since version 1.6. - */ -#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) -#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) - -#endif /* L_CRYPTODEV_H */ diff --git a/package/libs/openssl/patches/100-openwrt_targets.patch b/package/libs/openssl/patches/100-openwrt_targets.patch new file mode 100644 index 0000000000..52a51f9f47 --- /dev/null +++ b/package/libs/openssl/patches/100-openwrt_targets.patch @@ -0,0 +1,44 @@ +From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Wed, 26 Sep 2018 16:21:27 -0300 +Subject: Add openwrt targets + +Targets are named: linux-$(CONFIG_ARCH)-openwrt + +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +--- a/Configure ++++ b/Configure +@@ -470,6 +470,32 @@ my %table=( + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + ++# OpenWrt targets ++# from linux-aarch64 ++"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-generic32 ++"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-armv4 ++"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-armv4 ++"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-elf ++"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-mips32 ++"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux64-mips64 ++"linux-mips64-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++# from linux64-mips64 ++"linux-mips64el-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++# from linux-mips32 ++"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-ppc ++"linux-powerpc-openwrt", "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# from linux-x86_64 ++"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++# from linux-generic32 ++"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++ + # Android: linux-* but without pointers to headers and libs. + "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch deleted file mode 100644 index d6d4a21111..0000000000 --- a/package/libs/openssl/patches/110-optimize-for-size.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/Configure -+++ b/Configure -@@ -470,6 +470,13 @@ my %table=( - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -+# OpenWrt targets -+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ - # Android: linux-* but without pointers to headers and libs. - "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/package/libs/openssl/patches/130-perl-path.patch b/package/libs/openssl/patches/110-perl-path.patch index 2dbdc76010..2dbdc76010 100644 --- a/package/libs/openssl/patches/130-perl-path.patch +++ b/package/libs/openssl/patches/110-perl-path.patch diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/120-makefile-dirs.patch index 83c412f444..5bcb316486 100644 --- a/package/libs/openssl/patches/140-makefile-dirs.patch +++ b/package/libs/openssl/patches/120-makefile-dirs.patch @@ -5,7 +5,7 @@ BASEADDR= -DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl apps ++DIRS= crypto ssl engines apps ENGDIRS= ccgost SHLIBDIRS= crypto ssl diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/130-disable_doc_tests.patch index e38d44a768..e38d44a768 100644 --- a/package/libs/openssl/patches/160-disable_doc_tests.patch +++ b/package/libs/openssl/patches/130-disable_doc_tests.patch diff --git a/package/libs/openssl/patches/170-bash_path.patch b/package/libs/openssl/patches/140-bash_path.patch index c29b59afdd..c29b59afdd 100644 --- a/package/libs/openssl/patches/170-bash_path.patch +++ b/package/libs/openssl/patches/140-bash_path.patch diff --git a/package/libs/openssl/patches/180-fix_link_segfault.patch b/package/libs/openssl/patches/150-fix_link_segfault.patch index 3e36beb49c..3e36beb49c 100644 --- a/package/libs/openssl/patches/180-fix_link_segfault.patch +++ b/package/libs/openssl/patches/150-fix_link_segfault.patch diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch deleted file mode 100644 index a518a00496..0000000000 --- a/package/libs/openssl/patches/150-no_engines.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/Configure -+++ b/Configure -@@ -2144,6 +2144,11 @@ EOF - close(OUT); - } - -+# ugly hack to disable engines -+if($target eq "mingwx") { -+ system("sed -e s/^LIB/XLIB/g -i engines/Makefile"); -+} -+ - print <<EOF; - - Configured for $target. ---- a/util/libeay.num -+++ b/util/libeay.num -@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it - UI_add_error_string 2633 EXIST::FUNCTION: - KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: - OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: --ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE - PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: - PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new - AES_set_encrypt_key 3024 EXIST::FUNCTION:AES - OCSP_resp_count 3025 EXIST::FUNCTION: - KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: --ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - OCSP_onereq_get0_id 3028 EXIST::FUNCTION: - ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE - NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2580,7 +2578,6 @@ ASN1_primitive_free - i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: - i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: - asn1_enc_save 3054 EXIST::FUNCTION: --ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES - PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: - PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -@@ -2604,7 +2601,6 @@ asn1_get_choice_selector - i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: - ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE - AES_options 3074 EXIST::FUNCTION:AES --ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - OCSP_id_cmp 3076 EXIST::FUNCTION: - OCSP_BASICRESP_new 3077 EXIST::FUNCTION: - OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -@@ -2671,7 +2667,6 @@ OCSP_CRLID_it - OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: - i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: - OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: --ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: - X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: - USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -@@ -2766,8 +2761,6 @@ DES_read_2passwords - DES_read_password 3207 EXIST::FUNCTION:DES - UI_UTIL_read_pw 3208 EXIST::FUNCTION: - UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: --ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE --ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: - OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: - OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: -@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules - AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES - AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES - AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES --ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES - EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES - EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES -@@ -3111,7 +3103,6 @@ EC_GFp_nist_method - STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: - STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: - STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: --ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE - EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC - X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: - X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: diff --git a/package/libs/openssl/patches/190-remove_timestamp_check.patch b/package/libs/openssl/patches/160-remove_timestamp_check.patch index 424e66063c..424e66063c 100644 --- a/package/libs/openssl/patches/190-remove_timestamp_check.patch +++ b/package/libs/openssl/patches/160-remove_timestamp_check.patch diff --git a/package/libs/openssl/patches/200-parallel_build.patch b/package/libs/openssl/patches/170-parallel_build.patch index 37134e4030..cbe5d51241 100644 --- a/package/libs/openssl/patches/200-parallel_build.patch +++ b/package/libs/openssl/patches/170-parallel_build.patch @@ -92,7 +92,7 @@ fi; \ --- a/crypto/Makefile +++ b/crypto/Makefile -@@ -85,11 +85,11 @@ testapps: +@@ -87,11 +87,11 @@ testapps: @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi subdirs: @@ -106,7 +106,7 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) -@@ -100,7 +100,7 @@ links: +@@ -102,7 +102,7 @@ links: # lib: $(LIB): are splitted to avoid end-less loop lib: $(LIB) @touch lib @@ -115,7 +115,7 @@ $(AR) $(LIB) $(LIBOBJ) test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o $(RANLIB) $(LIB) || echo Never mind. -@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs +@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs fi libs: @@ -124,7 +124,7 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -@@ -120,7 +120,7 @@ install: +@@ -122,7 +122,7 @@ install: (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; diff --git a/package/libs/openssl/patches/180-strip-cflags-from-binary.patch b/package/libs/openssl/patches/180-strip-cflags-from-binary.patch new file mode 100644 index 0000000000..e70bd077d5 --- /dev/null +++ b/package/libs/openssl/patches/180-strip-cflags-from-binary.patch @@ -0,0 +1,21 @@ +From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Wed, 26 Sep 2018 18:04:58 -0300 +Subject: Avoid exposing build directories + +The CFLAGS contain the build directories, and are shown by calling +SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a + +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -57,7 +57,7 @@ top: + all: shared + + buildinf.h: ../Makefile +- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h ++ $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h + + x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ |