diff options
-rw-r--r-- | package/openssl/Makefile | 12 | ||||
-rw-r--r-- | package/openssl/patches/110-optimize-for-size.patch | 23 | ||||
-rw-r--r-- | package/openssl/patches/150-no_engines.patch | 83 |
3 files changed, 102 insertions, 16 deletions
diff --git a/package/openssl/Makefile b/package/openssl/Makefile index 0558db61d..4028b0e17 100644 --- a/package/openssl/Makefile +++ b/package/openssl/Makefile @@ -4,7 +4,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_VERSION:=0.9.8a -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_MD5SUM:=1d16c727c10185e4d694f87f5e424ee1 PKG_SOURCE_URL:=http://www.openssl.org/source/ \ @@ -17,7 +17,8 @@ PKG_CAT:=zcat PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc2 no-rc5 +OPENSSL_NO_CIPHERS:= no-deprecated no-idea no-md2 no-mdc2 no-rc2 no-rc5 no-sha0 no-sha256 no-sha512 no-dsa no-rmd160 no-aes192 no-cast +OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-krb5 no-threads zlib-dynamic no-engines include $(TOPDIR)/package/rules.mk @@ -26,15 +27,17 @@ $(eval $(call PKG_template,OPENSSL_UTIL,openssl-util,$(PKG_VERSION)-$(PKG_RELEAS $(PKG_BUILD_DIR)/.configured: $(SED) 's,/CFLAG=,/CFLAG= $(TARGET_SOFT_FLOAT) ,g' $(PKG_BUILD_DIR)/Configure + $(SED) s/OPENWRT_OPTIMIZATION_FLAGS/$(BR2_TARGET_OPTIMIZATION)/g $(PKG_BUILD_DIR)/Configure (cd $(PKG_BUILD_DIR); \ PATH=$(TARGET_PATH) \ - ./Configure linux-generic32 \ + ./Configure linux-openwrt \ --prefix=/usr \ --openssldir=/etc/ssl \ -I$(STAGING_DIR)/usr/include \ -L$(STAGING_DIR)/usr/lib -ldl \ + -DOPENSSL_SMALL_FOOTPRINT \ $(OPENSSL_NO_CIPHERS) \ - shared no-asm no-ec no-err no-fips no-hw no-krb5 no-threads zlib-dynamic \ + $(OPENSSL_OPTIONS) \ ) touch $@ @@ -46,7 +49,6 @@ $(PKG_BUILD_DIR)/.built: depend $(MAKE) -C $(PKG_BUILD_DIR) -j1 \ CC="$(TARGET_CC)" \ - CCOPTS="$(TARGET_CFLAGS) -fomit-frame-pointer" \ AR="$(TARGET_CROSS)ar r" \ RANLIB="$(TARGET_CROSS)ranlib" \ all build-shared diff --git a/package/openssl/patches/110-optimize-for-size.patch b/package/openssl/patches/110-optimize-for-size.patch index 38f57dff7..6031c2525 100644 --- a/package/openssl/patches/110-optimize-for-size.patch +++ b/package/openssl/patches/110-optimize-for-size.patch @@ -1,11 +1,12 @@ ---- openssl-0.9.8a/Configure 2006-02-21 20:18:36.000000000 -0800 -+++ openssl-0.9.8a-new/Configure 2006-02-21 20:53:32.000000000 -0800 -@@ -313,7 +313,7 @@ - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic32","gcc:-DTERMIO -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +diff -ur openssl-0.9.8a/Configure openssl-0.9.8a-owrt/Configure +--- openssl-0.9.8a/Configure 2005-08-02 12:59:42.000000000 +0200 ++++ openssl-0.9.8a-owrt/Configure 2006-03-23 14:16:35.000000000 +0100 +@@ -353,6 +353,8 @@ + "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", + "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", ++# OpenWrt targets ++"linux-openwrt","gcc:-DTERMIO OPENWRT_OPTIMIZATION_FLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + #### *BSD [do see comment about ${BSDthreads} above!] + "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/package/openssl/patches/150-no_engines.patch b/package/openssl/patches/150-no_engines.patch new file mode 100644 index 000000000..b928fbcc6 --- /dev/null +++ b/package/openssl/patches/150-no_engines.patch @@ -0,0 +1,83 @@ +diff -udrNP openssl-0.9.8-stable-SNAP-20050703.orig/util/libeay.num openssl-0.9.8-stable-SNAP-20050703/util/libeay.num +--- openssl-0.9.8-stable-SNAP-20050703.orig/util/libeay.num 2005-07-04 00:27:14.653639088 +0200 ++++ openssl-0.9.8-stable-SNAP-20050703/util/libeay.num 2005-07-04 22:50:07.986576664 +0200 +@@ -2071,7 +2071,6 @@ + UI_add_error_string 2633 EXIST::FUNCTION: + KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: + OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: +-ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE + PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: + PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +@@ -2545,7 +2544,6 @@ + AES_set_encrypt_key 3024 EXIST::FUNCTION:AES + OCSP_resp_count 3025 EXIST::FUNCTION: + KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: +-ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + OCSP_onereq_get0_id 3028 EXIST::FUNCTION: + ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE + NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +@@ -2576,7 +2574,6 @@ + i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: + i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: + asn1_enc_save 3054 EXIST::FUNCTION: +-ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES + PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: + PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +@@ -2600,7 +2597,6 @@ + i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: + ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE + AES_options 3074 EXIST::FUNCTION:AES +-ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + OCSP_id_cmp 3076 EXIST::FUNCTION: + OCSP_BASICRESP_new 3077 EXIST::FUNCTION: + OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: +@@ -2667,7 +2663,6 @@ + OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: + i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: + OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: +-ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: + X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: + USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +@@ -2762,8 +2757,6 @@ + DES_read_password 3207 EXIST::FUNCTION:DES + UI_UTIL_read_pw 3208 EXIST::FUNCTION: + UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: +-ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +-ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: + OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: + OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: +@@ -2772,7 +2765,6 @@ + AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES + AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES + AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES +-ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE + _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES + EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES + EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES +@@ -3107,7 +3099,6 @@ + STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION: + STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION: + STORE_parse_attrs_next 3531 EXIST::FUNCTION: +-ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE + EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC + X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: + X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +diff -udrNP openssl-0.9.8-stable-SNAP-20050703.orig/Configure openssl-0.9.8-stable-SNAP-20050703/Configure +--- openssl-0.9.8-stable-SNAP-20050703.orig/Configure 2005-07-04 00:27:11.169168808 +0200 ++++ openssl-0.9.8-stable-SNAP-20050703/Configure 2005-07-05 00:02:12.590136992 +0200 +@@ -1623,6 +1624,11 @@ + close(OUT); + } + ++# ugly hack to disable engines ++if($target eq "mingwx") { ++ system("sed -e s/^LIB/XLIB/g -i engines/Makefile"); ++} ++ + print <<EOF; + + Configured for $target. |