From 4237c9d899a7e5dfb9d62644601bcbfa1574ab82 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Wed, 28 Sep 2016 19:04:37 +0200 Subject: remove OpenSSL support I thought some time about this, we have it in parallel some time and it have issues for allmodconfig builds. Anyway I have no fun doing openssl updates twice a week. We just can not support stunnel/ssltunnel anymore. For nodejs we use bundled openssl. I am an old OpenBSD geek anyway, so get rid of OpenSSL. --- docs/adding-packages-manual.txt | 4 +- mk/build.mk | 8 - package/.template/Makefile | 14 +- package/aircrack-ng/Makefile | 12 +- package/asterisk/Makefile | 12 +- package/bind/Makefile | 12 +- package/bitlbee/Makefile | 12 +- package/crda/Makefile | 7 +- package/cryptodev-linux/Makefile | 10 +- package/ctorrent/Makefile | 10 +- package/curl/Makefile | 19 +- package/cyrus-sasl/Makefile | 12 +- package/dillo/Makefile | 12 +- package/dovecot/Makefile | 10 +- package/elinks/Makefile | 11 +- package/elinks/patches/patch-src_network_ssl_ssl_c | 16 + package/fetchmail/Makefile | 11 +- package/fetchmail/patches/patch-config_h_in | 13 + package/fetchmail/patches/patch-configure | 12 - package/fetchmail/patches/patch-configure_ac | 10 + package/fetchmail/patches/patch-fetchmail_c | 15 + package/fetchmail/patches/patch-socket_c | 20 + package/freeradius-client/Makefile | 11 +- package/freeradius-server/Makefile | 12 +- package/freeswitch/Makefile | 12 +- package/git/Makefile | 12 +- package/hostapd/Makefile | 5 +- package/httping/Makefile | 10 +- package/ipsec-tools/Makefile | 11 +- package/irssi/Makefile | 7 +- package/kodi/Makefile | 12 +- package/lftp/Makefile | 11 +- package/libesmtp/Makefile | 12 +- package/libp11/Makefile | 12 +- package/libssh/Makefile | 12 +- package/libssh2/Makefile | 12 +- package/libtorrent/Makefile | 12 +- package/lighttpd/Makefile | 10 +- package/links/Makefile | 7 +- package/lynx/Makefile | 13 +- package/mini_httpd/Makefile | 10 +- package/monit/Makefile | 10 +- package/mosquitto/Makefile | 12 +- package/mutt/Makefile | 7 +- package/neon/Makefile | 12 +- package/nginx/Makefile | 13 +- package/nut/Makefile | 12 +- package/openldap/Makefile | 14 +- package/opensc/Makefile | 12 +- package/opensips/Makefile | 10 +- package/openssh/Makefile | 12 +- package/openssl/Makefile | 130 -- package/openssl/files/cryptodev.h | 288 ---- package/openssl/files/openssl-util.conffiles | 1 - package/openssl/patches/patch-Configure | 11 - package/openssl/patches/patch-Makefile_org | 20 - package/openssl/patches/patch-Makefile_shared | 18 - package/openssl/patches/patch-tools_c_rehash | 13 - package/openssl/patches/patch-util_shlib_wrap_sh | 16 - package/openssl/src/crypto/engine/eng_cryptodev.c | 1496 -------------------- package/openvpn/Makefile | 10 +- package/raddump/Makefile | 12 +- package/rdesktop/Makefile | 12 +- package/sipsak/Makefile | 7 +- package/socat/Makefile | 10 +- package/ssltunnel/Makefile | 38 - package/ssltunnel/patches/patch-client_ntlmauth_c | 11 - package/strongswan/Makefile | 10 +- ..._libstrongswan_plugins_openssl_openssl_plugin_c | 11 + .../strongswan/patches/patch-src_starter_netkey_c | 8 +- package/stunnel/Makefile | 33 - package/stunnel/patches/patch-configure_ac | 21 - package/supl/Makefile | 13 +- package/tinc/Makefile | 12 +- package/tmsnc/Makefile | 11 +- package/tntnet/Makefile | 16 +- package/tor/Makefile | 12 +- package/tvheadend/Makefile | 10 +- package/vtun/Makefile | 12 +- package/wget/Makefile | 12 +- package/wpa_supplicant/Makefile | 8 +- package/xorg-server/Makefile | 13 +- 82 files changed, 236 insertions(+), 2638 deletions(-) create mode 100644 package/elinks/patches/patch-src_network_ssl_ssl_c create mode 100644 package/fetchmail/patches/patch-config_h_in delete mode 100644 package/fetchmail/patches/patch-configure create mode 100644 package/fetchmail/patches/patch-configure_ac create mode 100644 package/fetchmail/patches/patch-fetchmail_c create mode 100644 package/fetchmail/patches/patch-socket_c delete mode 100644 package/openssl/Makefile delete mode 100644 package/openssl/files/cryptodev.h delete mode 100644 package/openssl/files/openssl-util.conffiles delete mode 100644 package/openssl/patches/patch-Configure delete mode 100644 package/openssl/patches/patch-Makefile_org delete mode 100644 package/openssl/patches/patch-Makefile_shared delete mode 100644 package/openssl/patches/patch-tools_c_rehash delete mode 100644 package/openssl/patches/patch-util_shlib_wrap_sh delete mode 100644 package/openssl/src/crypto/engine/eng_cryptodev.c delete mode 100644 package/ssltunnel/Makefile delete mode 100644 package/ssltunnel/patches/patch-client_ntlmauth_c create mode 100644 package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c delete mode 100644 package/stunnel/Makefile delete mode 100644 package/stunnel/patches/patch-configure_ac diff --git a/docs/adding-packages-manual.txt b/docs/adding-packages-manual.txt index be79afb30..862662987 100644 --- a/docs/adding-packages-manual.txt +++ b/docs/adding-packages-manual.txt @@ -23,8 +23,8 @@ scripts. 09: PKG_HASH:= 62333167b79afb0b25a843513288c67b59547acf653e8fbe62ee64e71ebd1587 10: PKG_DESCR:= foo library 11: PKG_SECTION:= libs -12: PKG_BUILDDEP:= openssl -13: PKG_DEPENDS:= libopenssl +12: PKG_BUILDDEP:= libressl +13: PKG_DEPENDS:= libressl 14: PKG_URL:= http://www.libfoo.org/ 15: PKG_SITES:= http://download.libfoo.org/ 16: diff --git a/mk/build.mk b/mk/build.mk index af2e2e42e..ba7c0328b 100644 --- a/mk/build.mk +++ b/mk/build.mk @@ -28,14 +28,6 @@ DEFCONFIG= ADK_DEBUG=n \ ADK_PACKAGE_BASE_FILES=y \ ADK_PACKAGE_KEXECINIT=n \ ADK_PACKAGE_CLASSPATH=n \ - ADK_PACKAGE_OPENSSL=n \ - ADK_PACKAGE_AUFS_UTIL=n \ - ADK_PACKAGE_LIBOPENSSL=n \ - ADK_PACKAGE_LIBOPENSSL_DEV=n \ - ADK_PACKAGE_LIBOPENSSL_WITH_CRYPTODEV=n \ - ADK_PACKAGE_OPENSSL_PKCS11=n \ - ADK_PACKAGE_OPENSSL_UTIL=n \ - ADK_PACKAGE_SSLTUNNEL=n \ ADK_PACKAGE_LM_SENSORS_DETECT=n \ ADK_PACKAGE_CRYPTINIT=n \ ADK_STATIC_TOOLCHAIN=n \ diff --git a/package/.template/Makefile b/package/.template/Makefile index f60be74bb..2c54be734 100644 --- a/package/.template/Makefile +++ b/package/.template/Makefile @@ -36,20 +36,20 @@ PKG_SITES:= add download url without package name # flavour description #PKGFD_WITH_SSL:= enable SSL support # flavour runtime dependency, package name -#PKGFS_WITH_SSL:= libopenssl +#PKGFS_WITH_SSL:= libressl # flavour build time dependency, package dir -#PKGFB_WITH_SSL:= openssl +#PKGFB_WITH_SSL:= libressl # define your choices for your package here, f.e. different SSL implementations -#PKG_CHOICES_PKGNAME:= WITH_OPENSSL WITH_GNUTLS +#PKG_CHOICES_PKGNAME:= WITH_LIBRESSL WITH_GNUTLS # package description for each choice -#PKGCD_WITH_OPENSSL:= SSL support via OpenSSL library -#PKGCD_WITH_GNUTLS:= SSL support via GNUTLS library +#PKGCD_WITH_LIBRESSL:= ssl support via libressl library +#PKGCD_WITH_GNUTLS:= ssl support via gnutls library # package build time dependencies -#PKGCB_WITH_OPENSSL:= openssl +#PKGCB_WITH_LIBRESSL:= libressl #PKGCB_WITH_GNUTLS:= gnutls # package runtime dependencies -#PKGCS_WITH_OPENSSL:= libopenssl +#PKGCS_WITH_LIBRESSL:= libressl #PKGCS_WITH_GNUTLS:= libgnutls # if downloaded package is not ending with .tar.xz use following diff --git a/package/aircrack-ng/Makefile b/package/aircrack-ng/Makefile index ee83a9641..fcf618885 100644 --- a/package/aircrack-ng/Makefile +++ b/package/aircrack-ng/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9 PKG_DESCR:= set of tools for auditing wireless networks PKG_SECTION:= net/wifi -PKG_DEPENDS:= libpcap libnl -PKG_BUILDDEP:= libpcap libnl +PKG_DEPENDS:= libpcap libnl libressl +PKG_BUILDDEP:= libpcap libnl libressl PKG_NEEDS:= threads PKG_URL:= http://www.aircrack-ng.org/ PKG_SITES:= http://download.aircrack-ng.org/ # do not build parallel, otherwise libosdep.a may not be ready when compiling airtun-ng PKG_NOPARALLEL:= 1 -PKG_CHOICES_AIRCRACK_NG:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}-rc2.tar.gz WRKDIST= ${WRKDIR}/${PKG_NAME}-${PKG_VERSION}-rc2 diff --git a/package/asterisk/Makefile b/package/asterisk/Makefile index 27eb3b924..3367cce94 100644 --- a/package/asterisk/Makefile +++ b/package/asterisk/Makefile @@ -9,21 +9,13 @@ PKG_RELEASE:= 2 PKG_HASH:= 7b3d84a3403fce590377808eaa4b08b6320666ca0e37eba0ad578b66211b13c8 PKG_DESCR:= open source pbx PKG_SECTION:= net/voip -PKG_DEPENDS:= libncurses libcurl -PKG_BUILDDEP:= ncurses zlib curl popt +PKG_DEPENDS:= libncurses libcurl libressl +PKG_BUILDDEP:= ncurses zlib curl popt libressl PKG_NEEDS:= threads c++ PKG_URL:= http://www.asterisk.org/ PKG_SITES:= http://downloads.asterisk.org/pub/telephony/asterisk/releases/ PKG_NOPARALLEL:= 1 -PKG_CHOICES_ASTERISK:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_LIBC_DEPENDS:= uclibc-ng glibc diff --git a/package/bind/Makefile b/package/bind/Makefile index 0646631df..0a2852fcc 100644 --- a/package/bind/Makefile +++ b/package/bind/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= f8d412b38d5ac390275b943bde69f4608f67862a45487ec854b30e4448fcb056 PKG_DESCR:= dns server PKG_SECTION:= net/dns -PKG_DEPENDS:= libxml2 -PKG_BUILDDEP:= libxml2 +PKG_DEPENDS:= libxml2 libressl +PKG_BUILDDEP:= libxml2 libressl PKG_NEEDS:= c++ PKG_URL:= https://www.isc.org/software/bind/ PKG_SITES:= ftp://ftp.isc.org/isc/bind9/${PKG_VERSION}/ PKG_LIBNAME:= libbind PKG_OPTS:= dev -PKG_CHOICES_LIBBIND:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_SUBPKGS:= LIBBIND BIND_SERVER BIND_NSUPDATE BIND_RNDC BIND_CHECK BIND_DNSSEC BIND_HOST BIND_DIG diff --git a/package/bitlbee/Makefile b/package/bitlbee/Makefile index 02f85f299..59ede8f3d 100644 --- a/package/bitlbee/Makefile +++ b/package/bitlbee/Makefile @@ -9,19 +9,11 @@ PKG_RELEASE:= 1 PKG_HASH:= 408a737b35db4b9c407e3db09b2d2e7b528836a68e2d783373254b78812bf608 PKG_DESCR:= irc gateway to im chat networks PKG_SECTION:= app/chat -PKG_DEPENDS:= glib -PKG_BUILDDEP:= glib +PKG_DEPENDS:= glib libressl +PKG_BUILDDEP:= glib libressl PKG_URL:= http://www.bitlbee.org/ PKG_SITES:= http://get.bitlbee.org/src/ -PKG_CHOICES_BITLBEE:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz include ${ADK_TOPDIR}/mk/package.mk diff --git a/package/crda/Makefile b/package/crda/Makefile index 5f887d677..c63608b6e 100644 --- a/package/crda/Makefile +++ b/package/crda/Makefile @@ -21,10 +21,7 @@ PKGFD_WITH_UDEV:= install shipped udev rules PKGFS_WITH_UDEV:= udev PKGFB_WITH_UDEV:= eudev -PKG_CHOICES_CRDA:= WITH_LIBRESSL WITH_OPENSSL WITH_GCRYPT -PKGCD_WITH_OPENSSL:= ssl support via openssl library -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl +PKG_CHOICES_CRDA:= WITH_LIBRESSL WITH_GCRYPT PKGCD_WITH_LIBRESSL:= ssl support via libressl library PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl @@ -39,7 +36,7 @@ $(eval $(call PKG_template,CRDA,crda,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS CONFIG_STYLE:= manual ALL_TARGET:= all_noverify -ifneq ($(ADK_PACKAGE_CRDA_WITH_OPENSSL)$(ADK_PACKAGE_CRDA_WITH_LIBRESSL),) +ifneq ($(ADK_PACKAGE_CRDA_WITH_LIBRESSL),) XAKE_FLAGS+= USE_OPENSSL=1 endif diff --git a/package/cryptodev-linux/Makefile b/package/cryptodev-linux/Makefile index 6998ac1a1..cb3c76085 100644 --- a/package/cryptodev-linux/Makefile +++ b/package/cryptodev-linux/Makefile @@ -9,18 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= 67fabde9fb67b286a96c4f45b594b0eccd0f761b495705c18f2ae9461b831376 PKG_DESCR:= device that allows access to kernel cryptographic drivers PKG_SECTION:= app/crypto +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_KDEPENDS:= crypto-aead crypto-algapi crypto-manager PKG_URL:= http://home.gna.org/cryptodev-linux/ PKG_SITES:= http://download.gna.org/cryptodev-linux/ -PKG_CHOICES_CRYPTODEV_LINUX:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz include $(ADK_TOPDIR)/mk/package.mk diff --git a/package/ctorrent/Makefile b/package/ctorrent/Makefile index ea4f1d040..eadf6779b 100755 --- a/package/ctorrent/Makefile +++ b/package/ctorrent/Makefile @@ -9,20 +9,14 @@ PKG_RELEASE:= 2 PKG_HASH:= c87366c91475931f75b924119580abd06a7b3cb3f00fef47346552cab1e24863 PKG_DESCR:= console-based bittorrent client PKG_SECTION:= app/p2p +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_NEEDS:= c++ PKG_URL:= http://www.rahul.net/dholmes/ctorrent PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=dtorrent/} DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_CTORRENT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,CTORRENT,ctorrent,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/curl/Makefile b/package/curl/Makefile index 803bc57dd..776130f1e 100644 --- a/package/curl/Makefile +++ b/package/curl/Makefile @@ -27,20 +27,17 @@ PKGSS_LIBCURL:= zlib PKG_FLAVOURS_CURL:= WITH_IPV6 PKGFD_WITH_IPV6:= enable ipv6 support -PKG_CHOICES_CURL:= WITHOUT_SSL WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL WITH_WOLFSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_CURL:= WITH_LIBRESSL WITH_GNUTLS WITH_WOLFSSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl ca-certificates libgmp PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates libgmp -PKGCB_WITH_OPENSSL:= openssl PKGCD_WITH_GNUTLS:= use gnutls for crypto PKGCS_WITH_GNUTLS:= libgnutls ca-certificates libgmp PKGCB_WITH_GNUTLS:= gnutls PKGCD_WITH_WOLFSSL:= use wolfssl for crypto PKGCS_WITH_WOLFSSL:= wolfssl ca-certificates PKGCB_WITH_WOLFSSL:= wolfssl +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/host.mk include ${ADK_TOPDIR}/mk/package.mk @@ -49,12 +46,7 @@ $(eval $(call HOST_template,CURL,curl,${PKG_VERSION}-${PKG_RELEASE})) $(eval $(call PKG_template,CURL,curl,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) $(eval $(call PKG_template,LIBCURL,libcurl,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_LIBCURL},${PKGSD_LIBCURL},${PKGSC_LIBCURL},${PKG_OPTS})) -ifeq (${ADK_PACKAGE_CURL_WITHOUT_SSL},y) -CONFIGURE_ARGS+= --without-ssl \ - --without-gnutls \ - --without-axtls -endif -ifeq (${ADK_PACKAGE_CURL_WITH_OPENSSL},y) +ifeq (${ADK_PACKAGE_CURL_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-ssl="${STAGING_TARGET_DIR}/usr" \ --without-gnutls \ --without-axtls @@ -70,6 +62,11 @@ CONFIGURE_ARGS+= --with-cyassl="${STAGING_TARGET_DIR}/usr" \ --without-gnutls \ --without-axtls endif +ifeq (${ADK_PACKAGE_CURL_WITHOUT_SSL},y) +CONFIGURE_ARGS+= --without-ssl \ + --without-gnutls \ + --without-axtls +endif CONFIGURE_ENV+= curl_typeof_curl_socklen_t=socklen_t CONFIGURE_ARGS+= --enable-cookies \ diff --git a/package/cyrus-sasl/Makefile b/package/cyrus-sasl/Makefile index 111f9d962..a761f2e59 100644 --- a/package/cyrus-sasl/Makefile +++ b/package/cyrus-sasl/Makefile @@ -9,20 +9,14 @@ PKG_RELEASE:= 2 PKG_HASH:= 8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 PKG_DESCR:= general purpose authentication library PKG_SECTION:= libs/crypto +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://cyrusimap.org/ PKG_SITES:= ftp://ftp.cyrusimap.org/cyrus-sasl/ -PKG_NOPARALLEL:= 1 PKG_LIBNAME:= libsasl2 PKG_OPTS:= dev -PKG_CHOICES_CYRUS_SASL:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - +PKG_NOPARALLEL:= 1 DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz diff --git a/package/dillo/Makefile b/package/dillo/Makefile index df38efc1e..ecf4954d4 100644 --- a/package/dillo/Makefile +++ b/package/dillo/Makefile @@ -9,20 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= db1be16c1c5842ebe07b419aa7c6ef11a45603a75df2877f99635f4f8345148b PKG_DESCR:= small graphical web browser PKG_SECTION:= x11/apps -PKG_DEPENDS:= libfltk libxi libpng zlib libjpeg-turbo -PKG_BUILDDEP:= fltk libXi libjpeg-turbo libpng zlib +PKG_DEPENDS:= libfltk libxi libpng zlib libjpeg-turbo libressl +PKG_BUILDDEP:= fltk libXi libjpeg-turbo libpng zlib libressl PKG_NEEDS:= threads cxx PKG_URL:= http://www.dillo.org/ PKG_SITES:= http://www.dillo.org/download/ -PKG_CHOICES_DILLO:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_HOST_DEPENDS:= !cygwin PKG_ARCH_DEPENDS:= x86 x86_64 mips arm diff --git a/package/dovecot/Makefile b/package/dovecot/Makefile index e39a25b78..18d8d25c0 100644 --- a/package/dovecot/Makefile +++ b/package/dovecot/Makefile @@ -9,17 +9,11 @@ PKG_RELEASE:= 1 PKG_HASH:= d8d9f32c846397f7c22749a84c5cf6f59c55ff7ded3dc9f07749a255182f9667 PKG_DESCR:= minimal and secure imap server PKG_SECTION:= net/mail +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://www.dovecot.org/ PKG_SITES:= http://www.dovecot.org/releases/2.2/ -PKG_CHOICES_DOVECOT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - DISTFILES:= $(PKG_NAME)-$(PKG_VERSION).tar.gz include $(ADK_TOPDIR)/mk/package.mk diff --git a/package/elinks/Makefile b/package/elinks/Makefile index 5e7f0b719..23d5c25fd 100644 --- a/package/elinks/Makefile +++ b/package/elinks/Makefile @@ -11,6 +11,7 @@ PKG_DESCR:= advanced text web browser PKG_SECTION:= app/browser PKG_URL:= http://elinks.or.cz/ PKG_SITES:= http://elinks.or.cz/download/ + PKG_NOPARALLEL:= 1 DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz @@ -18,14 +19,11 @@ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_FLAVOURS_ELINKS:= WITH_IPV6 PKGFD_WITH_IPV6:= enable IPv6 support -PKG_CHOICES_ELINKS:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_ELINKS:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk @@ -63,9 +61,6 @@ else CONFIGURE_ARGS+= --disable-ipv6 endif -ifeq ($(ADK_PACKAGE_ELINKS_WITH_OPENSSL),y) -CONFIGURE_ARGS+= --with-openssl='${STAGING_TARGET_DIR}/usr' -endif ifeq ($(ADK_PACKAGE_ELINKS_WITH_LIBRESSL),y) CONFIGURE_ARGS+= --with-openssl='${STAGING_TARGET_DIR}/usr' endif diff --git a/package/elinks/patches/patch-src_network_ssl_ssl_c b/package/elinks/patches/patch-src_network_ssl_ssl_c new file mode 100644 index 000000000..f55f43ba4 --- /dev/null +++ b/package/elinks/patches/patch-src_network_ssl_ssl_c @@ -0,0 +1,16 @@ +--- elinks-0.11.7.orig/src/network/ssl/ssl.c 2009-08-22 13:15:08.000000000 +0200 ++++ elinks-0.11.7/src/network/ssl/ssl.c 2016-09-30 18:47:20.022831750 +0200 +@@ -49,11 +49,8 @@ init_openssl(struct module *module) + * cannot initialize the PRNG and so every attempt to use SSL fails. + * It's actually an OpenSSL FAQ, and according to them, it's up to the + * application coders to seed the RNG. -- William Yodlowsky */ +- if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) < 0) { +- /* Not an EGD, so read and write to it */ +- if (RAND_load_file(f_randfile, -1)) +- RAND_write_file(f_randfile); +- } ++ if (RAND_load_file(f_randfile, -1)) ++ RAND_write_file(f_randfile); + + SSLeay_add_ssl_algorithms(); + context = SSL_CTX_new(SSLv23_client_method()); diff --git a/package/fetchmail/Makefile b/package/fetchmail/Makefile index bd981b9ee..16504d91d 100644 --- a/package/fetchmail/Makefile +++ b/package/fetchmail/Makefile @@ -12,24 +12,19 @@ PKG_SECTION:= net/mail PKG_URL:= http://www.fetchmail.info PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=fetchmail/} -PKG_CHOICES_FETCHMAIL:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_FETCHMAIL:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,FETCHMAIL,fetchmail,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) +AUTOTOOL_STYLE:= autoreconf CONFIGURE_ARGS+= --without-hesiod -ifeq (${ADK_PACKAGE_FETCHMAIL_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-ssl='${STAGING_TARGET_DIR}/usr' -endif ifeq (${ADK_PACKAGE_FETCHMAIL_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-ssl='${STAGING_TARGET_DIR}/usr' endif diff --git a/package/fetchmail/patches/patch-config_h_in b/package/fetchmail/patches/patch-config_h_in new file mode 100644 index 000000000..ec8b9c74e --- /dev/null +++ b/package/fetchmail/patches/patch-config_h_in @@ -0,0 +1,13 @@ +--- fetchmail-6.3.26.orig/config.h.in 2013-04-23 23:36:55.000000000 +0200 ++++ fetchmail-6.3.26/config.h.in 2016-09-29 16:00:20.679625413 +0200 +@@ -53,6 +53,10 @@ + if you don't. */ + #undef HAVE_DECL_SSLV2_CLIENT_METHOD + ++/* Define to 1 if you have the declaration of `SSLv3_client_method', and to 0 ++ if you don't. */ ++#undef HAVE_DECL_SSLV3_CLIENT_METHOD ++ + /* Define to 1 if you have the declaration of `strerror', and to 0 if you + don't. */ + #undef HAVE_DECL_STRERROR diff --git a/package/fetchmail/patches/patch-configure b/package/fetchmail/patches/patch-configure deleted file mode 100644 index e5dc5ce44..000000000 --- a/package/fetchmail/patches/patch-configure +++ /dev/null @@ -1,12 +0,0 @@ ---- fetchmail-6.3.9.orig/configure 2008-11-16 15:18:49.000000000 +0100 -+++ fetchmail-6.3.9/configure 2009-06-12 22:27:25.000000000 +0200 -@@ -13176,9 +13176,6 @@ then - { echo "$as_me:$LINENO: Enabling OpenSSL support in $with_ssl." >&5 - echo "$as_me: Enabling OpenSSL support in $with_ssl." >&6;} - test "$with_ssl" != "/usr" && CFLAGS="$CFLAGS -I$with_ssl/include" -- ### In Red Hat 9, this file includes a reference to , so we -- ### force the Kerberos direcory onto the include path so it will build. -- CFLAGS="$CFLAGS -I/usr/kerberos/include" - ### OpenBSD comes with ssl headers - else - { { echo "$as_me:$LINENO: error: SSL support enabled, but OpenSSL not found" >&5 diff --git a/package/fetchmail/patches/patch-configure_ac b/package/fetchmail/patches/patch-configure_ac new file mode 100644 index 000000000..7126bbc5f --- /dev/null +++ b/package/fetchmail/patches/patch-configure_ac @@ -0,0 +1,10 @@ +--- fetchmail-6.3.26.orig/configure.ac 2013-04-23 22:51:10.000000000 +0200 ++++ fetchmail-6.3.26/configure.ac 2016-09-29 16:00:20.683625569 +0200 +@@ -803,6 +803,7 @@ fi + + case "$LIBS" in *-lssl*) + AC_CHECK_DECLS([SSLv2_client_method],,,[#include ]) ++ AC_CHECK_DECLS([SSLv3_client_method],,,[#include ]) + ;; + esac + diff --git a/package/fetchmail/patches/patch-fetchmail_c b/package/fetchmail/patches/patch-fetchmail_c new file mode 100644 index 000000000..160afa85d --- /dev/null +++ b/package/fetchmail/patches/patch-fetchmail_c @@ -0,0 +1,15 @@ +--- fetchmail-6.3.26.orig/fetchmail.c 2013-04-23 22:00:45.000000000 +0200 ++++ fetchmail-6.3.26/fetchmail.c 2016-09-29 16:00:20.683625569 +0200 +@@ -263,6 +263,12 @@ int main(int argc, char **argv) + #ifdef SSL_ENABLE + "+SSL" + #endif ++#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0 ++ "-SSLv2" ++#endif ++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0 ++ "-SSLv3" ++#endif + #ifdef OPIE_ENABLE + "+OPIE" + #endif /* OPIE_ENABLE */ diff --git a/package/fetchmail/patches/patch-socket_c b/package/fetchmail/patches/patch-socket_c new file mode 100644 index 000000000..54f6ff27a --- /dev/null +++ b/package/fetchmail/patches/patch-socket_c @@ -0,0 +1,20 @@ +--- fetchmail-6.3.26.orig/socket.c 2013-04-23 22:00:45.000000000 +0200 ++++ fetchmail-6.3.26/socket.c 2016-09-29 16:00:20.683625569 +0200 +@@ -910,11 +910,16 @@ int SSLOpen(int sock, char *mycert, char + #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 + _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); + #else +- report(stderr, GT_("Your operating system does not support SSLv2.\n")); ++ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n")); + return -1; + #endif + } else if(!strcasecmp("ssl3",myproto)) { ++#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0 + _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); ++#else ++ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); ++ return -1; ++#endif + } else if(!strcasecmp("tls1",myproto)) { + _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); + } else if (!strcasecmp("ssl23",myproto)) { diff --git a/package/freeradius-client/Makefile b/package/freeradius-client/Makefile index 29cfa0ee2..c49a1e0b5 100644 --- a/package/freeradius-client/Makefile +++ b/package/freeradius-client/Makefile @@ -9,18 +9,11 @@ PKG_RELEASE:= 2 PKG_HASH:= 478bfb7ec00789af150acf6a231bc9b0731d06353c7fe36a8fd6d4d83e42a07f PKG_DESCR:= radius client PKG_SECTION:= net/radius -PKG_DEPENDS:= libfreeradius-client +PKG_DEPENDS:= libfreeradius-client libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://www.freeradius.org/ PKG_SITES:= ftp://ftp.freeradius.org/pub/radius/ -PKG_CHOICES_FREERADIUS_CLIENT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_SUBPKGS:= FREERADIUS_CLIENT LIBFREERADIUS_CLIENT diff --git a/package/freeradius-server/Makefile b/package/freeradius-server/Makefile index 4698d5a51..d2f0a264e 100644 --- a/package/freeradius-server/Makefile +++ b/package/freeradius-server/Makefile @@ -9,20 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= b97b72915315f2dcd34001af2c1737947f91ad9104a40408b92b030356e25d59 PKG_DESCR:= flexible radius server PKG_SECTION:= net/radius -PKG_DEPENDS:= libltdl libpcre libtalloc -PKG_BUILDDEP:= libtool pcre talloc +PKG_DEPENDS:= libltdl libpcre libtalloc libressl +PKG_BUILDDEP:= libtool pcre talloc libressl PKG_NEEDS:= threads PKG_URL:= http://www.freeradius.org/ PKG_SITES:= ftp://ftp.freeradius.org/pub/radius/ -PKG_CHOICES_FREERADIUS_SERVER:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_SUBPKGS:= FREERADIUS_SERVER FREERADIUS_DEMOCERTS FREERADIUS_MOD_CHAP FREERADIUS_MOD_DETAIL diff --git a/package/freeswitch/Makefile b/package/freeswitch/Makefile index d1c1cbd24..15576c1a8 100644 --- a/package/freeswitch/Makefile +++ b/package/freeswitch/Makefile @@ -10,20 +10,12 @@ PKG_HASH:= b7beaaac29dc0a58cc34cfd402bf1c7e8ca06975722fd8ddb2983cbed17dd6e4 PKG_DESCR:= cross-platform telephony platform PKG_SECTION:= net/voip PKG_DEPENDS:= libpcre libcurl zlib libjpeg-turbo libsqlite +PKG_DEPENDS+= libressl PKG_BUILDDEP:= util-linux zlib libjpeg-turbo sqlite curl pcre -PKG_BUILDDEP+= speex +PKG_BUILDDEP+= speex libressl PKG_URL:= http://www.freeswitch.org/ PKG_SITES:= http://files.freeswitch.org/freeswitch-releases/ -PKG_CHOICES_FREESWITCH:=WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,FREESWITCH,freeswitch,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) diff --git a/package/git/Makefile b/package/git/Makefile index 4822ed34f..c44630369 100644 --- a/package/git/Makefile +++ b/package/git/Makefile @@ -9,20 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= c73364ac00ae85ffc6cfb12ca2700bb0edf30f63262be97be4039be594ff29e7 PKG_DESCR:= fast version control system PKG_SECTION:= dev/scm -PKG_BUILDDEP:= curl expat -PKG_DEPENDS:= libcurl libexpat +PKG_BUILDDEP:= curl expat libressl +PKG_DEPENDS:= libcurl libexpat libressl PKG_NEEDS:= threads rt PKG_URL:= http://git-scm.com/ PKG_SITES:= https://www.kernel.org/pub/software/scm/git/ -PKG_CHOICES_GIT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,GIT,git,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/hostapd/Makefile b/package/hostapd/Makefile index 8380937de..22cfeba7d 100644 --- a/package/hostapd/Makefile +++ b/package/hostapd/Makefile @@ -17,10 +17,7 @@ PKG_SITES:= http://hostap.epitest.fi/releases/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_SUBPKGS:= HOSTAPD HOSTAPD_UTILS -PKG_CHOICES_HOSTAPD:= WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl +PKG_CHOICES_HOSTAPD:= WITH_LIBRESSL WITH_GNUTLS PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl PKGCB_WITH_LIBRESSL:= libressl diff --git a/package/httping/Makefile b/package/httping/Makefile index f33a18582..f6ed4f4df 100644 --- a/package/httping/Makefile +++ b/package/httping/Makefile @@ -9,18 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= dab59f02b08bfbbc978c005bb16d2db6fe21e1fc841fde96af3d497ddfc82084 PKG_DESCR:= like ping but for http-requests PKG_SECTION:= net/http +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_SITES:= http://www.vanheusden.com/httping/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tgz -PKG_CHOICES_HTTPING:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,HTTPING,httping,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/ipsec-tools/Makefile b/package/ipsec-tools/Makefile index 6191d4f56..c109ac377 100644 --- a/package/ipsec-tools/Makefile +++ b/package/ipsec-tools/Makefile @@ -9,21 +9,14 @@ PKG_RELEASE:= 2 PKG_HASH:= 8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d PKG_DESCR:= ipsec management tools PKG_SECTION:= net/security +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= flex libressl PKG_KDEPENDS:= net-key -PKG_BUILDDEP:= flex PKG_URL:= http://ipsec-tools.sourceforge.net/ PKG_SITES:= $(MASTER_SITE_SOURCEFORGE:=ipsec-tools/) DISTFILES:= $(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_CHOICES_IPSEC_TOOLS:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_FLAVOURS_IPSEC_TOOLS:= WITH_IPV6 PKGFD_WITH_IPV6:= enable ipv6 support diff --git a/package/irssi/Makefile b/package/irssi/Makefile index 415935d4b..1559bab55 100644 --- a/package/irssi/Makefile +++ b/package/irssi/Makefile @@ -14,14 +14,11 @@ PKG_BUILDDEP:= glib ncurses PKG_URL:= http://www.irssi.org/ PKG_SITES:= https://github.com/irssi/irssi/releases/download/$(PKG_VERSION)/ -PKG_CHOICES_IRSSI:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_IRSSI:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl +PKGCD_WITHOUT_SSL:= use no ssl PKG_FLAVOURS_IRSSI:= WITH_IPV6 PKGFD_WITH_IPV6:= enable ipv6 support diff --git a/package/kodi/Makefile b/package/kodi/Makefile index 4ceaa5352..0686adff3 100644 --- a/package/kodi/Makefile +++ b/package/kodi/Makefile @@ -9,7 +9,7 @@ PKG_RELEASE:= 1 PKG_HASH:= 7d82c8aff2715c83deecdf10c566e26105bec0473af530a1356d4c747ebdfd10 PKG_DESCR:= software media player PKG_SECTION:= mm/video -PKG_DEPENDS:= boost python2 libsquish libbluray +PKG_DEPENDS:= boost python2 libsquish libbluray libressl PKG_DEPENDS+= libass libmpeg2 libmad libdbus libglew mesa PKG_DEPENDS+= libjpeg-turbo libogg libvorbis libmodplug libcurl PKG_DEPENDS+= libflac libbz2 libtiff liblzo libnettle librtmp @@ -27,7 +27,7 @@ PKG_BUILDDEP+= eudev alsa-lib glib glu libmodplug libgtk2 PKG_BUILDDEP+= libgpg-error dbus libxslt libvorbis libbluray PKG_BUILDDEP+= swig-host liblzo-host libpng-host libjpeg-turbo-host PKG_BUILDDEP+= zip-host unzip-host giflib-host libsquish libdcadec -PKG_BUILDDEP+= libcrossguid +PKG_BUILDDEP+= libcrossguid libressl PKG_NEEDS:= threads rt c++ PKG_URL:= http://kodi.tv/ PKG_SITES:= https://github.com/xbmc/xbmc/archive/ @@ -37,14 +37,6 @@ PKG_CFLINE_KODI:= select ADK_PACKAGE_GPU_VIV_BIN_MX6Q if ADK_TARGET_SYSTEM_SOLID DISTFILES:= $(PKG_VERSION)-Jarvis.tar.gz WRKDIST= ${WRKDIR}/xbmc-$(PKG_VERSION)-Jarvis -PKG_CHOICES_KODI:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCS_WITH_LIBRESSL:= libressl -PKGCB_WITH_LIBRESSL:= libressl - PKG_FLAVOURS_KODI:= WITH_SMB WITH_NFS WITH_SSH WITH_AVAHI WITH_CEC PKG_FLAVOURS_KODI+= WITH_WEBSERVER WITH_LIRC diff --git a/package/lftp/Makefile b/package/lftp/Makefile index 22cc3b5a0..683e7a612 100644 --- a/package/lftp/Makefile +++ b/package/lftp/Makefile @@ -16,17 +16,14 @@ PKG_NEEDS:= c++ PKG_URL:= http://lftp.yar.ru/ PKG_SITES:= http://lftp.yar.ru/ftp/ -PKG_CHOICES_LFTP:= WITHOUT_SSL WITH_GNUTLS WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates -PKGCB_WITH_OPENSSL:= openssl +PKG_CHOICES_LFTP:= WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl ca-certificates PKGCB_WITH_LIBRESSL:= libressl PKGCD_WITH_GNUTLS:= use gnutls for crypto PKGCS_WITH_GNUTLS:= libgnutls ca-certificates PKGCB_WITH_GNUTLS:= gnutls +PKGCD_WITHOUT_SSL:= use no ssl include $(ADK_TOPDIR)/mk/package.mk @@ -44,10 +41,6 @@ ifeq (${ADK_PACKAGE_LFTP_WITH_GNUTLS},y) CONFIGURE_ARGS+= --without-openssl \ --with-gnutls endif -ifeq (${ADK_PACKAGE_LFTP_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-openssl="$(STAGING_TARGET_DIR)/usr" \ - --without-gnutls -endif ifeq (${ADK_PACKAGE_LFTP_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-openssl="$(STAGING_TARGET_DIR)/usr" \ --without-gnutls diff --git a/package/libesmtp/Makefile b/package/libesmtp/Makefile index 0b1129bdc..4b7474cd5 100644 --- a/package/libesmtp/Makefile +++ b/package/libesmtp/Makefile @@ -15,14 +15,11 @@ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.bz2 -PKG_CHOICES_LIBESMTP:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_LIBESMTP:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCS_WITH_LIBRESSL:= libressl +PKGCD_WITHOUT_SSL:= use no ssl include $(ADK_TOPDIR)/mk/package.mk @@ -30,9 +27,6 @@ $(eval $(call PKG_template,LIBESMTP,libesmtp,$(PKG_VERSION)-${PKG_RELEASE},${PKG AUTOTOOL_STYLE:= autoreconf -ifeq (${ADK_PACKAGE_LIBESMTP_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-openssl -endif ifeq (${ADK_PACKAGE_LIBESMTP_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-openssl endif diff --git a/package/libp11/Makefile b/package/libp11/Makefile index 937cad5cc..19681c0ba 100644 --- a/package/libp11/Makefile +++ b/package/libp11/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= a4121015503ade98074b5e2a2517fc8a139f8b28aed10021db2bb77283f40691 PKG_DESCR:= library implementing a small layer on top of pkcs11 api PKG_SECTION:= libs/crypto -PKG_DEPENDS:= libltdl -PKG_BUILDDEP:= libtool +PKG_DEPENDS:= libltdl libressl +PKG_BUILDDEP:= libtool libressl PKG_URL:= https://github.com/OpenSC/libp11/wiki PKG_SITES:= http://sourceforge.net/projects/opensc/files/libp11/ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_LIBP11:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,LIBP11,libp11,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) diff --git a/package/libssh/Makefile b/package/libssh/Makefile index b086a893e..e3a5896ba 100644 --- a/package/libssh/Makefile +++ b/package/libssh/Makefile @@ -9,20 +9,12 @@ PKG_RELEASE:= 1 PKG_HASH:= 26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98 PKG_DESCR:= secure shell library PKG_SECTION:= libs/crypto -PKG_DEPENDS:= zlib -PKG_BUILDDEP:= cmake-host zlib +PKG_DEPENDS:= zlib libressl +PKG_BUILDDEP:= cmake-host zlib libressl PKG_URL:= http://www.libssh.org/ PKG_SITES:= https://red.libssh.org/attachments/download/195/ PKG_OPTS:= dev -PKG_CHOICES_LIBSSH:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCS_WITH_LIBRESSL:= libressl -PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,LIBSSH,libssh,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION),$(PKG_OPTS))) diff --git a/package/libssh2/Makefile b/package/libssh2/Makefile index a6286ccdf..e394484ff 100644 --- a/package/libssh2/Makefile +++ b/package/libssh2/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= e4561fd43a50539a8c2ceb37841691baf03ecb7daf043766da1b112e4280d584 PKG_DESCR:= client-side c library implementing ssh2 protocol PKG_SECTION:= libs/crypto -PKG_BUILDDEP:= zlib -PKG_DEPENDS:= zlib +PKG_BUILDDEP:= zlib libressl +PKG_DEPENDS:= zlib libressl PKG_URL:= http://www.libssh2.org/ PKG_SITES:= http://www.libssh2.org/download/ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_LIBSSH2:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,LIBSSH2,libssh2,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) diff --git a/package/libtorrent/Makefile b/package/libtorrent/Makefile index ba4a09ec4..6035637e4 100644 --- a/package/libtorrent/Makefile +++ b/package/libtorrent/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= 2838a08c96edfd936aff8fbf99ecbb930c2bfca3337dd1482eb5fccdb80d5a04 PKG_DESCR:= bittorrent library PKG_SECTION:= libs/net -PKG_DEPENDS:= libsigc++ zlib -PKG_BUILDDEP:= libsigc++ zlib gettext-tiny +PKG_DEPENDS:= libsigc++ zlib libressl +PKG_BUILDDEP:= libsigc++ zlib libressl gettext-tiny PKG_URL:= https://rakshasa.github.io/rtorrent/ PKG_SITES:= http://rtorrent.net/downloads/ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_LIBTORRENT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,LIBTORRENT,libtorrent,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) diff --git a/package/lighttpd/Makefile b/package/lighttpd/Makefile index acc34bf3a..628927d0f 100644 --- a/package/lighttpd/Makefile +++ b/package/lighttpd/Makefile @@ -15,14 +15,11 @@ PKG_SITES:= http://download.lighttpd.net/lighttpd/releases-1.4.x/ PKG_FLAVOURS_LIGHTTPD:= WITH_IPV6 PKGFD_WITH_IPV6:= enable ipv6 support -PKG_CHOICES_LIGHTTPD:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_LIGHTTPD:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl PKG_SUBPKGS:= LIGHTTPD LIGHTTPD_MOD_ALIAS LIGHTTPD_MOD_AUTH PKG_SUBPKGS+= LIGHTTPD_MOD_CGI LIGHTTPD_MOD_DIRLIST LIGHTTPD_MOD_EVASIVE LIGHTTPD_MOD_EXPIRE LIGHTTPD_MOD_FASTCGI @@ -147,9 +144,6 @@ else CONFIGURE_ARGS+= --disable-ipv6 endif -ifeq ($(ADK_PACKAGE_LIGHTTPD_WITH_OPENSSL),y) -CONFIGURE_ARGS+= --with-openssl -endif ifeq ($(ADK_PACKAGE_LIGHTTPD_WITH_LIBRESSL),y) CONFIGURE_ARGS+= --with-openssl endif diff --git a/package/links/Makefile b/package/links/Makefile index 07b36e4a6..62aaf4edb 100644 --- a/package/links/Makefile +++ b/package/links/Makefile @@ -16,14 +16,11 @@ PKG_SITES:= http://links.twibright.com/download/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_LINKS:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_LINKS:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl +PKGCD_WITHOUT_SSL:= use no ssl PKG_FLAVOURS_LINKS:= WITH_DIRECTFB PKGFD_WITH_DIRECTFB:= enable DirectFB video output support diff --git a/package/lynx/Makefile b/package/lynx/Makefile index 9a547e20e..9ddd4657e 100644 --- a/package/lynx/Makefile +++ b/package/lynx/Makefile @@ -9,8 +9,8 @@ PKG_RELEASE:= 2 PKG_HASH:= 234c9dc77d4c4594ad6216d7df4d49eae3019a3880e602f39721b35b97fbc408 PKG_DESCR:= text browser PKG_SECTION:= app/browser -PKG_DEPENDS:= libncurses zlib -PKG_BUILDDEP:= ncurses zlib +PKG_DEPENDS:= libncurses zlib libressl +PKG_BUILDDEP:= ncurses zlib libressl PKG_URL:= http://lynx.isc.org/ PKG_SITES:= http://lynx.isc.org/${PKG_NAME}${PKG_VERSION}/ PKG_NOPARALLEL:= 1 @@ -18,20 +18,13 @@ PKG_NOPARALLEL:= 1 DISTFILES:= ${PKG_NAME}${PKG_VERSION}.tar.gz WRKDIST= ${WRKDIR}/lynx2-8-8 -PKG_CHOICES_LYNX:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,LYNX,lynx,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) TARGET_CPPFLAGS+= -I${STAGING_TARGET_DIR}/include/openssl TARGET_CPPFLAGS+= -DUSE_OPENSSL_INCL -DUSE_X509_SUPPORT + CONFIGURE_ENV+= ac_cv_path_TELNET=telnet \ ac_cv_path_TN3270=tn3270 \ ac_cv_path_RLOGIN=rlogin \ diff --git a/package/mini_httpd/Makefile b/package/mini_httpd/Makefile index e82d568d1..1eb7afc68 100644 --- a/package/mini_httpd/Makefile +++ b/package/mini_httpd/Makefile @@ -8,6 +8,8 @@ PKG_VERSION:= 1.19 PKG_RELEASE:= 10 PKG_HASH:= f7f36533b1338ea16d916ea525ea7006ab38fdd3544ac7df93a4688a8e270241 PKG_DESCR:= small webserver with ssl +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_SECTION:= net/http PKG_URL:= http://www.acme.com/software/mini_httpd/ PKG_SITES:= http://www.acme.com/software/mini_httpd/ @@ -15,14 +17,6 @@ PKG_SITES:= http://www.acme.com/software/mini_httpd/ DISTFILES:= mini_httpd-${PKG_VERSION}.tar.gz WRKDIST= ${WRKDIR}/mini_httpd-${PKG_VERSION} -PKG_CHOICES_MINI_HTTPD:=WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,MINI_HTTPD,mini-httpd,${PKG_VERSION}-${PKG_RELEASE},,${PKG_DESCR},${PKG_SECTION})) diff --git a/package/monit/Makefile b/package/monit/Makefile index 49caad36e..defed1992 100644 --- a/package/monit/Makefile +++ b/package/monit/Makefile @@ -9,20 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= befcd54365502bce4ffd6d1b0c345d5b689c9f7cb3a35a462ba7dcffcf6f62b8 PKG_DESCR:= utility for system services monitoring PKG_SECTION:= sys/misc +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_NEEDS:= threads PKG_URL:= http://mmonit.com/monit/ PKG_SITES:= https://mmonit.com/monit/dist/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_MONIT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,MONIT,monit,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/mosquitto/Makefile b/package/mosquitto/Makefile index 2945d41e4..dbf3d8a3b 100644 --- a/package/mosquitto/Makefile +++ b/package/mosquitto/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= 1df3ae07de40b80a74cd37a7b026895c544cdd3b42c9e0719ae91623aa98c58b PKG_DESCR:= mqtt broker PKG_SECTION:= net/misc -PKG_DEPENDS:= c-ares -PKG_BUILDDEP:= cmake-host c-ares +PKG_DEPENDS:= c-ares libressl +PKG_BUILDDEP:= cmake-host c-ares libressl PKG_NEEDS:= threads rt PKG_URL:= http://mosquitto.org PKG_SITES:= http://mosquitto.org/files/source/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_MOSQUITTO:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,MOSQUITTO,mosquitto,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) diff --git a/package/mutt/Makefile b/package/mutt/Makefile index 397e405d2..da2546666 100644 --- a/package/mutt/Makefile +++ b/package/mutt/Makefile @@ -14,14 +14,11 @@ PKG_BUILDDEP:= ncurses PKG_URL:= http://www.mutt.org/ PKG_SITES:= ftp://ftp.mutt.org/pub/mutt/ -PKG_CHOICES_MUTT:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_MUTT:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz diff --git a/package/neon/Makefile b/package/neon/Makefile index 68aa18e19..936a1e030 100644 --- a/package/neon/Makefile +++ b/package/neon/Makefile @@ -9,8 +9,8 @@ PKG_RELEASE:= 1 PKG_HASH:= 00c626c0dc18d094ab374dbd9a354915bfe4776433289386ed489c2ec0845cdd PKG_DESCR:= http and webdav library PKG_SECTION:= libs/misc -PKG_DEPENDS:= libxml2 zlib -PKG_BUILDDEP:= libxml2 zlib +PKG_DEPENDS:= libxml2 zlib libressl +PKG_BUILDDEP:= libxml2 zlib libressl PKG_NEEDS:= threads PKG_URL:= http://webdav.org/neon/ PKG_SITES:= http://webdav.org/neon/ @@ -18,14 +18,6 @@ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_NEON:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,NEON,neon,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) diff --git a/package/nginx/Makefile b/package/nginx/Makefile index 3e6b44ccf..0b99d462e 100644 --- a/package/nginx/Makefile +++ b/package/nginx/Makefile @@ -17,21 +17,19 @@ PKG_SITES:= http://nginx.org/download/ DISTFILES:= $(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_CHOICES_NGINX:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_NGINX:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,NGINX,nginx,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) -CONFIG_STYLE:= minimal TARGET_CFLAGS+= -fPIC + +CONFIG_STYLE:= minimal CONFIGURE_ENV+= ngx_force_gcc_have_atomic=yes \ ngx_force_have_libatomic=no CONFIGURE_ARGS:= --prefix=/srv/www \ @@ -51,9 +49,6 @@ CONFIGURE_ARGS:= --prefix=/srv/www \ --http-scgi-temp-path=/var/lib/nginx/uwsgi \ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi -ifeq ($(ADK_PACKAGE_NGINX_WITH_OPENSSL),y) -CONFIGURE_ARGS+= --with-http_ssl_module -endif ifeq ($(ADK_PACKAGE_NGINX_WITH_LIBRESSL),y) CONFIGURE_ARGS+= --with-http_ssl_module endif diff --git a/package/nut/Makefile b/package/nut/Makefile index fa9152eba..e44867f7f 100644 --- a/package/nut/Makefile +++ b/package/nut/Makefile @@ -22,14 +22,11 @@ PKGFD_WITH_USB:= enable usb support PKGFS_WITH_USB:= libusb libusb-compat PKGFB_WITH_USB:= libusb libusb-compat -PKG_CHOICES_NUT:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_NUT:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk @@ -87,11 +84,6 @@ CONFIGURE_ARGS+= --with-linux-hiddev=${LINUX_DIR}/include/linux/hiddev.h \ --with-group=0 \ --with-user=0 -ifeq (${ADK_PACKAGE_NUT_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-ssl -CONFIGURE_ENV+= CPPFLAGS="${TARGET_CPPFLAGS} ${TARGET_LDFLAGS}" -MAKE_FLAGS+= SSL_CFLAGS="${TARGET_CPPFLAGS}" SSL_LDFLAGS="${TARGET_LDFLAGS} -lssl -lcrypto" -endif ifeq (${ADK_PACKAGE_NUT_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-ssl CONFIGURE_ENV+= CPPFLAGS="${TARGET_CPPFLAGS} ${TARGET_LDFLAGS}" diff --git a/package/openldap/Makefile b/package/openldap/Makefile index cb24e0f05..be90bd601 100644 --- a/package/openldap/Makefile +++ b/package/openldap/Makefile @@ -9,8 +9,8 @@ PKG_RELEASE:= 1 PKG_HASH:= d7de6bf3c67009c95525dde3a0212cc110d0a70b92af2af8e3ee800e81b88400 PKG_DESCR:= ldap client libraries PKG_SECTION:= libs/misc -PKG_DEPENDS:= libsasl2 libdb libuuid libncurses -PKG_BUILDDEP:= cyrus-sasl db util-linux +PKG_DEPENDS:= libsasl2 libdb libuuid libncurses libressl +PKG_BUILDDEP:= cyrus-sasl db util-linux libressl PKG_NEEDS:= threads c++ PKG_URL:= http://www.openldap.org/ PKG_SITES:= ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/ @@ -19,14 +19,6 @@ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tgz -PKG_CHOICES_CTORRENT:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_SUBPKGS:= LIBOPENLDAP OPENLDAP_UTILS OPENLDAP_SLAPD PKGSD_OPENLDAP_UTILS:= ldap utilities PKGSS_OPENLDAP_UTILS:= libopenldap @@ -44,6 +36,7 @@ $(eval $(call PKG_template,LIBOPENLDAP,libopenldap,${PKG_VERSION}-${PKG_RELEASE} $(eval $(call PKG_template,OPENLDAP_UTILS,openldap-utils,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENLDAP_UTILS},${PKGSD_OPENLDAP_UTILS},${PKGSC_OPENLDAP_UTILS})) $(eval $(call PKG_template,OPENLDAP_SLAPD,openldap-slapd,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENLDAP_SLAPD},${PKGSD_OPENLDAP_SLAPD},${PKGSC_OPENLDAP_SLAPD})) +CONFIGURE_ENV+= ac_cv_func_memcmp_working=yes CONFIGURE_ARGS+= --enable-slapd \ --libexecdir=/usr/sbin \ --enable-bdb \ @@ -65,7 +58,6 @@ else CONFIGURE_ARGS+= --disable-ipv6 endif -CONFIGURE_ENV+= ac_cv_func_memcmp_working=yes XAKE_FLAGS+= STRIP="" CPPFLAGS="-D_GNU_SOURCE" libopenldap-install: diff --git a/package/opensc/Makefile b/package/opensc/Makefile index 923158611..863074bee 100644 --- a/package/opensc/Makefile +++ b/package/opensc/Makefile @@ -9,8 +9,8 @@ PKG_RELEASE:= 1 PKG_HASH:= 7c8600a37d11f82410699ee5c60bfebc46f6714d0d87b4125dd99215c87d4db8 PKG_DESCR:= utilities to access smart cards PKG_SECTION:= app/crypto -PKG_BUILDDEP:= openct pcsc-lite readline -PKG_DEPENDS:= libopensc libopenct pcsc-lite libreadline +PKG_BUILDDEP:= openct pcsc-lite readline libressl +PKG_DEPENDS:= libopensc libopenct pcsc-lite libreadline libressl PKG_URL:= https://github.com/OpenSC/OpenSC/wiki PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=opensc/} PKG_LIBNAME:= libopensc @@ -18,14 +18,6 @@ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_OPENSC:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_SUBPKGS:= OPENSC LIBOPENSC PKGSD_LIBOPENSC:= opensc library PKGSC_LIBOPENSC:= libs/crypto diff --git a/package/opensips/Makefile b/package/opensips/Makefile index 6269f74d9..d46553821 100644 --- a/package/opensips/Makefile +++ b/package/opensips/Makefile @@ -9,19 +9,13 @@ PKG_RELEASE:= 1 PKG_HASH:= bbf31ea3544ce0d0f0aa346e9aa023f3208119f8aee34f3188329fd53a87ddc5 PKG_DESCR:= high-performance, configurable, free sip server PKG_SECTION:= net/voip +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://opensips.org/ PKG_SITES:= http://opensips.org/pub/opensips/$(PKG_VERSION)/ DISTFILES:= $(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_CHOICES_OPENSIPS:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_SUBPKGS:= OPENSIPS OPENSIPS_MOD_ACCOUNTING OPENSIPS_MOD_AUTH PKG_SUBPKGS+= OPENSIPS_MOD_AUTH_DB OPENSIPS_MOD_AVPOPS OPENSIPS_MOD_DISPATCHER PKG_SUBPKGS+= OPENSIPS_MOD_DIVERSION OPENSIPS_MOD_FLATSTORE OPENSIPS_MOD_GFLAGS diff --git a/package/openssh/Makefile b/package/openssh/Makefile index 75acd9d42..d6e5b65e0 100644 --- a/package/openssh/Makefile +++ b/package/openssh/Makefile @@ -9,8 +9,8 @@ PKG_RELEASE:= 1 PKG_HASH:= 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc PKG_DESCR:= secure shell implementation PKG_SECTION:= net/security -PKG_BUILDDEP:= zlib -PKG_DEPENDS:= zlib +PKG_BUILDDEP:= zlib libressl +PKG_DEPENDS:= zlib libressl PKG_NEEDS:= threads PKG_URL:= http://www.openssh.com/ PKG_SITES:= http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ @@ -36,14 +36,6 @@ PKGFD_WITH_KRB5:= enable kerberos 5 support PKGFS_WITH_KRB5:= libkrb5 libcom-err PKGFB_WITH_KRB5:= krb5 -PKG_CHOICES_OPENSSH:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= with libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= with openssl -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,OPENSSH,openssh,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/openssl/Makefile b/package/openssl/Makefile deleted file mode 100644 index c7d0e5bb7..000000000 --- a/package/openssl/Makefile +++ /dev/null @@ -1,130 +0,0 @@ -# This file is part of the OpenADK project. OpenADK is copyrighted -# material, please see the LICENCE file in the top-level directory. - -include ${ADK_TOPDIR}/rules.mk - -PKG_NAME:= openssl -PKG_VERSION:= 1.0.2j -PKG_RELEASE:= 1 -PKG_HASH:= e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 -PKG_DESCR:= secure socket layer libraries -PKG_SECTION:= libs/crypto -PKG_DEPENDS:= zlib -PKG_BUILDDEP:= zlib -PKG_URL:= http://www.openssl.org/ -PKG_SITES:= http://www.openssl.org/source/ -PKG_LIBNAME:= libopenssl -PKG_OPTS:= dev -PKG_NOPARALLEL:= 1 - -DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz - -PKG_SUBPKGS:= LIBOPENSSL OPENSSL_UTIL -PKGSD_OPENSSL_UTIL:= openssl command line tool -PKGSC_OPENSSL_UTIL:= app/crypto -PKGSS_OPENSSL_UTIL:= libopenssl - -PKG_FLAVOURS_LIBOPENSSL:= WITH_CRYPTODEV -PKGFD_WITH_CRYPTODEV:= enable support for cryptodev-linux - -include ${ADK_TOPDIR}/mk/host.mk -include ${ADK_TOPDIR}/mk/package.mk - -$(eval $(call HOST_template,OPENSSL,openssl,${PKG_VERSION}-${PKG_RELEASE})) -$(eval $(call PKG_template,LIBOPENSSL,libopenssl,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},$(PKG_OPTS))) -$(eval $(call PKG_template,OPENSSL_UTIL,openssl-util,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_OPENSSL_UTIL},${PKGSD_OPENSSL_UTIL},${PKGSC_OPENSSL_UTIL})) - -ifeq ($(ADK_TARGET_USE_STATIC_LIBS),y) -OPENSSL_OPTIONS:= no-shared zlib no-dso -else -OPENSSL_OPTIONS:= shared zlib-dynamic -ALL_TARGET+= build-shared -TARGET_CFLAGS+= -ldl -endif - -OPENSSL_OPTIONS+= threads no-err no-krb5 no-engines no-rc5 no-sha0 no-smime no-aes192 - -HOST_STYLE:= manual -CONFIG_STYLE:= manual -BUILD_STYLE:= manual - -INSTALL_TARGET:= install_sw -FAKE_FLAGS+= INSTALL_PREFIX=${WRKINST} - -ifneq ($(ADK_PACKAGE_LIBOPENSSL_WITH_CRYPTODEV),) -OPENSSL_OPTIONS+= -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -endif - -ifeq ($(ADK_TARGET_ARCH_MICROBLAZE),y) -TARGET_CFLAGS:= $(subst g3,g,$(TARGET_CFLAGS)) -endif -ifeq ($(ADK_TARGET_ARCH_XTENSA),y) -TARGET_CFLAGS:= $(subst g3,g,$(TARGET_CFLAGS)) -endif -ifeq ($(ADK_TARGET_ARCH_PPC),y) -TARGET_CFLAGS:= $(subst g3,g,$(TARGET_CFLAGS)) -endif - -CONFIG:= linux-generic32 -ifeq ($(ADK_TARGET_ARCH_X86_64),y) -CONFIG:= linux-x86_64 -endif - -ifneq (,$(filter CYGWIN%,${OS_FOR_BUILD})) -HOSTCONFIG:= Cygwin-x86_64 -endif -ifeq ($(OS_FOR_BUILD),Darwin) -HOSTCONFIG:= darwin64-x86_64-cc -endif - -host-configure: -ifeq ($(HOSTCONFIG),) - (cd $(WRKBUILD); ./config --prefix='$(STAGING_HOST_DIR)/usr' -fPIC -ldl) -else - (cd $(WRKBUILD); ./Configure $(HOSTCONFIG) --prefix='$(STAGING_HOST_DIR)/usr') -endif - -host-build: - (cd $(WRKBUILD); make) - -openssl-hostinstall: - (cd $(WRKBUILD); make install) - -post-extract: - -mkdir -p $(STAGING_TARGET_DIR)/usr/include/crypto - $(CP) ./files/cryptodev.h $(STAGING_TARGET_DIR)/usr/include/crypto/ - -do-configure: - (cd $(WRKBUILD); \ - PATH='$(TARGET_PATH)' \ - ./Configure $(CONFIG) \ - --prefix=/usr \ - --openssldir=/etc/ssl \ - -I$(STAGING_TARGET_DIR)/usr/include \ - -L$(STAGING_TARGET_DIR)/usr/lib \ - -DOPENSSL_SMALL_FOOTPRINT \ - $(OPENSSL_OPTIONS) \ - ); - $(SED) "s:-O[0-9]:$(TARGET_CFLAGS) -fPIC:" $(WRKBUILD)/Makefile - -do-build: - $(MAKE) -C $(WRKBUILD) \ - CC="$(TARGET_CC)" \ - AR="$(TARGET_CROSS)ar r" \ - RANLIB="$(TARGET_CROSS)ranlib" \ - $(ALL_TARGET) - -libopenssl-install: - ${INSTALL_DIR} ${IDIR_LIBOPENSSL}/usr/lib - ${CP} ${WRKINST}/usr/lib*/lib*.so* ${IDIR_LIBOPENSSL}/usr/lib - chmod 644 ${IDIR_LIBOPENSSL}/usr/lib/lib*.so* - -openssl-util-install: - ${INSTALL_DIR} ${IDIR_OPENSSL_UTIL}/usr/bin - ${CP} ${WRKINST}/usr/bin/openssl ${IDIR_OPENSSL_UTIL}/usr/bin - ${INSTALL_DIR} ${IDIR_OPENSSL_UTIL}/etc/ssl/{,certs,private} - ${CP} ${WRKSRC}/apps/openssl.cnf ${IDIR_OPENSSL_UTIL}/etc/ssl/ - chmod 0700 ${IDIR_OPENSSL_UTIL}/etc/ssl/private - -include ${ADK_TOPDIR}/mk/host-bottom.mk -include ${ADK_TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openssl/files/cryptodev.h b/package/openssl/files/cryptodev.h deleted file mode 100644 index 00193a446..000000000 --- a/package/openssl/files/cryptodev.h +++ /dev/null @@ -1,288 +0,0 @@ -/* This is a source compatible implementation with the original API of - * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. - * Placed under public domain */ - -#ifndef L_CRYPTODEV_H -#define L_CRYPTODEV_H - -#include -#ifndef __KERNEL__ -#define __user -#endif - -/* API extensions for linux */ -#define CRYPTO_HMAC_MAX_KEY_LEN 512 -#define CRYPTO_CIPHER_MAX_KEY_LEN 64 - -/* All the supported algorithms - */ -enum cryptodev_crypto_op_t { - CRYPTO_DES_CBC = 1, - CRYPTO_3DES_CBC = 2, - CRYPTO_BLF_CBC = 3, - CRYPTO_CAST_CBC = 4, - CRYPTO_SKIPJACK_CBC = 5, - CRYPTO_MD5_HMAC = 6, - CRYPTO_SHA1_HMAC = 7, - CRYPTO_RIPEMD160_HMAC = 8, - CRYPTO_MD5_KPDK = 9, - CRYPTO_SHA1_KPDK = 10, - CRYPTO_RIJNDAEL128_CBC = 11, - CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, - CRYPTO_ARC4 = 12, - CRYPTO_MD5 = 13, - CRYPTO_SHA1 = 14, - CRYPTO_DEFLATE_COMP = 15, - CRYPTO_NULL = 16, - CRYPTO_LZS_COMP = 17, - CRYPTO_SHA2_256_HMAC = 18, - CRYPTO_SHA2_384_HMAC = 19, - CRYPTO_SHA2_512_HMAC = 20, - CRYPTO_AES_CTR = 21, - CRYPTO_AES_XTS = 22, - CRYPTO_AES_ECB = 23, - CRYPTO_AES_GCM = 50, - - CRYPTO_CAMELLIA_CBC = 101, - CRYPTO_RIPEMD160, - CRYPTO_SHA2_256, - CRYPTO_SHA2_384, - CRYPTO_SHA2_512, - CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ -}; - -#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) - -/* Values for ciphers */ -#define DES_BLOCK_LEN 8 -#define DES3_BLOCK_LEN 8 -#define RIJNDAEL128_BLOCK_LEN 16 -#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN -#define CAMELLIA_BLOCK_LEN 16 -#define BLOWFISH_BLOCK_LEN 8 -#define SKIPJACK_BLOCK_LEN 8 -#define CAST128_BLOCK_LEN 8 - -/* the maximum of the above */ -#define EALG_MAX_BLOCK_LEN 16 - -/* Values for hashes/MAC */ -#define AALG_MAX_RESULT_LEN 64 - -/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ -#define CRYPTODEV_MAX_ALG_NAME 64 - -#define HASH_MAX_LEN 64 - -/* input of CIOCGSESSION */ -struct session_op { - /* Specify either cipher or mac - */ - __u32 cipher; /* cryptodev_crypto_op_t */ - __u32 mac; /* cryptodev_crypto_op_t */ - - __u32 keylen; - __u8 __user *key; - __u32 mackeylen; - __u8 __user *mackey; - - __u32 ses; /* session identifier */ -}; - -struct session_info_op { - __u32 ses; /* session identifier */ - - /* verbose names for the requested ciphers */ - struct alg_info { - char cra_name[CRYPTODEV_MAX_ALG_NAME]; - char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; - } cipher_info, hash_info; - - __u16 alignmask; /* alignment constraints */ - __u32 flags; /* SIOP_FLAGS_* */ -}; - -/* If this flag is set then this algorithm uses - * a driver only available in kernel (software drivers, - * or drivers based on instruction sets do not set this flag). - * - * If multiple algorithms are involved (as in AEAD case), then - * if one of them is kernel-driver-only this flag will be set. - */ -#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 - -#define COP_ENCRYPT 0 -#define COP_DECRYPT 1 - -/* input of CIOCCRYPT */ -struct crypt_op { - __u32 ses; /* session identifier */ - __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ - __u16 flags; /* see COP_FLAG_* */ - __u32 len; /* length of source data */ - __u8 __user *src; /* source data */ - __u8 __user *dst; /* pointer to output data */ - /* pointer to output data for hash/MAC operations */ - __u8 __user *mac; - /* initialization vector for encryption operations */ - __u8 __user *iv; -}; - -/* input of CIOCAUTHCRYPT */ -struct crypt_auth_op { - __u32 ses; /* session identifier */ - __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ - __u16 flags; /* see COP_FLAG_AEAD_* */ - __u32 len; /* length of source data */ - __u32 auth_len; /* length of auth data */ - __u8 __user *auth_src; /* authenticated-only data */ - - /* The current implementation is more efficient if data are - * encrypted in-place (src==dst). */ - __u8 __user *src; /* data to be encrypted and authenticated */ - __u8 __user *dst; /* pointer to output data. Must have - * space for tag. For TLS this should be at least - * len + tag_size + block_size for padding */ - - __u8 __user *tag; /* where the tag will be copied to. TLS mode - * doesn't use that as tag is copied to dst. - * SRTP mode copies tag there. */ - __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ - - /* initialization vector for encryption operations */ - __u8 __user *iv; - __u32 iv_len; -}; - -/* In plain AEAD mode the following are required: - * flags : 0 - * iv : the initialization vector (12 bytes) - * auth_len: the length of the data to be authenticated - * auth_src: the data to be authenticated - * len : length of data to be encrypted - * src : the data to be encrypted - * dst : space to hold encrypted data. It must have - * at least a size of len + tag_size. - * tag_size: the size of the desired authentication tag or zero to use - * the maximum tag output. - * - * Note tag isn't being used because the Linux AEAD interface - * copies the tag just after data. - */ - -/* In TLS mode (used for CBC ciphers that required padding) - * the following are required: - * flags : COP_FLAG_AEAD_TLS_TYPE - * iv : the initialization vector - * auth_len: the length of the data to be authenticated only - * len : length of data to be encrypted - * auth_src: the data to be authenticated - * src : the data to be encrypted - * dst : space to hold encrypted data (preferably in-place). It must have - * at least a size of len + tag_size + blocksize. - * tag_size: the size of the desired authentication tag or zero to use - * the default mac output. - * - * Note that the padding used is the minimum padding. - */ - -/* In SRTP mode the following are required: - * flags : COP_FLAG_AEAD_SRTP_TYPE - * iv : the initialization vector - * auth_len: the length of the data to be authenticated. This must - * include the SRTP header + SRTP payload (data to be encrypted) + rest - * - * len : length of data to be encrypted - * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. - * src : pointer to the data to be encrypted. - * dst : This is mandatory to be the same as src (in-place only). - * tag_size: the size of the desired authentication tag or zero to use - * the default mac output. - * tag : Pointer to an address where the authentication tag will be copied. - */ - - -/* struct crypt_op flags */ - -#define COP_FLAG_NONE (0 << 0) /* totally no flag */ -#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ -#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ -#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ -#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ -#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the - * TLS protocol rules */ -#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the - * SRTP protocol rules */ -#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. - * should be used in combination - * with COP_FLAG_UPDATE */ - - -/* Stuff for bignum arithmetic and public key - * cryptography - not supported yet by linux - * cryptodev. - */ - -#define CRYPTO_ALG_FLAG_SUPPORTED 1 -#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 -#define CRYPTO_ALG_FLAG_DSA_SHA 4 - -struct crparam { - __u8 *crp_p; - __u32 crp_nbits; -}; - -#define CRK_MAXPARAM 8 - -/* input of CIOCKEY */ -struct crypt_kop { - __u32 crk_op; /* cryptodev_crk_ot_t */ - __u32 crk_status; - __u16 crk_iparams; - __u16 crk_oparams; - __u32 crk_pad1; - struct crparam crk_param[CRK_MAXPARAM]; -}; - -enum cryptodev_crk_op_t { - CRK_MOD_EXP = 0, - CRK_MOD_EXP_CRT = 1, - CRK_DSA_SIGN = 2, - CRK_DSA_VERIFY = 3, - CRK_DH_COMPUTE_KEY = 4, - CRK_ALGORITHM_ALL -}; - -#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) - -/* features to be queried with CIOCASYMFEAT ioctl - */ -#define CRF_MOD_EXP (1 << CRK_MOD_EXP) -#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) -#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) -#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) -#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) - - -/* ioctl's. Compatible with old linux cryptodev.h - */ -#define CRIOGET _IOWR('c', 101, __u32) -#define CIOCGSESSION _IOWR('c', 102, struct session_op) -#define CIOCFSESSION _IOW('c', 103, __u32) -#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) -#define CIOCKEY _IOWR('c', 105, struct crypt_kop) -#define CIOCASYMFEAT _IOR('c', 106, __u32) -#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) - -/* to indicate that CRIOGET is not required in linux - */ -#define CRIOGET_NOT_NEEDED 1 - -/* additional ioctls for asynchronous operation */ -#define CIOCASYNCCRYPT _IOW('c', 107, struct crypt_op) -#define CIOCASYNCFETCH _IOR('c', 108, struct crypt_op) - -/* additional ioctls for AEAD */ -#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) - -#endif /* L_CRYPTODEV_H */ diff --git a/package/openssl/files/openssl-util.conffiles b/package/openssl/files/openssl-util.conffiles deleted file mode 100644 index 6d068e66c..000000000 --- a/package/openssl/files/openssl-util.conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/ssl/openssl.cnf diff --git a/package/openssl/patches/patch-Configure b/package/openssl/patches/patch-Configure deleted file mode 100644 index ad729c58d..000000000 --- a/package/openssl/patches/patch-Configure +++ /dev/null @@ -1,11 +0,0 @@ ---- openssl-1.0.2c.orig/Configure 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/Configure 2015-06-13 19:55:08.000000000 +0200 -@@ -365,7 +365,7 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - - ####################################################################### diff --git a/package/openssl/patches/patch-Makefile_org b/package/openssl/patches/patch-Makefile_org deleted file mode 100644 index 46a14f304..000000000 --- a/package/openssl/patches/patch-Makefile_org +++ /dev/null @@ -1,20 +0,0 @@ ---- openssl-1.0.2c.orig/Makefile.org 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/Makefile.org 2015-06-13 19:48:43.000000000 +0200 -@@ -136,7 +136,7 @@ FIPSCANLIB= - - BASEADDR= - --DIRS= crypto ssl engines apps test tools -+DIRS= crypto ssl engines apps tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - -@@ -526,7 +526,7 @@ dist: - dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) - --install: all install_docs install_sw -+install: all install_sw - - install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ diff --git a/package/openssl/patches/patch-Makefile_shared b/package/openssl/patches/patch-Makefile_shared deleted file mode 100644 index 76b1cf71a..000000000 --- a/package/openssl/patches/patch-Makefile_shared +++ /dev/null @@ -1,18 +0,0 @@ ---- openssl-1.0.0a.orig/Makefile.shared 2009-10-16 01:44:11.000000000 +0200 -+++ openssl-1.0.0a/Makefile.shared 2010-07-09 16:19:54.623017943 +0200 -@@ -95,7 +95,6 @@ LINK_APP= \ - LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} ) - - LINK_SO= \ -@@ -105,7 +104,6 @@ LINK_SO= \ - SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ -- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ - $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ - $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ diff --git a/package/openssl/patches/patch-tools_c_rehash b/package/openssl/patches/patch-tools_c_rehash deleted file mode 100644 index 16acf856d..000000000 --- a/package/openssl/patches/patch-tools_c_rehash +++ /dev/null @@ -1,13 +0,0 @@ ---- openssl-1.0.2a.orig/tools/c_rehash 2015-03-19 14:31:17.000000000 +0100 -+++ openssl-1.0.2a/tools/c_rehash 2015-04-06 10:52:37.395255700 +0200 -@@ -3,8 +3,8 @@ - # Perl c_rehash script, scan all files in a directory - # and add symbolic links to their hash values. - --my $dir = "/usr/local/ssl"; --my $prefix = "/usr/local/ssl"; -+my $dir = "/etc/ssl"; -+my $prefix = "/usr"; - - my $openssl = $ENV{OPENSSL} || "openssl"; - my $pwd; diff --git a/package/openssl/patches/patch-util_shlib_wrap_sh b/package/openssl/patches/patch-util_shlib_wrap_sh deleted file mode 100644 index 1e8a30bf6..000000000 --- a/package/openssl/patches/patch-util_shlib_wrap_sh +++ /dev/null @@ -1,16 +0,0 @@ ---- openssl-1.0.0a.orig/util/shlib_wrap.sh 2009-11-15 20:06:21.000000000 +0100 -+++ openssl-1.0.0a/util/shlib_wrap.sh 2010-07-09 16:19:21.211017427 +0200 -@@ -57,11 +57,10 @@ SunOS|IRIX*) - eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var - unset rld_var - ;; --*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX -- DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X -+*) DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X - SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX - LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2 -- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH -+ export DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH - # Even though $PATH is adjusted [for Windows sake], it doesn't - # necessarily does the trick. Trouble is that with introduction - # of SafeDllSearchMode in XP/2003 it's more appropriate to copy diff --git a/package/openssl/src/crypto/engine/eng_cryptodev.c b/package/openssl/src/crypto/engine/eng_cryptodev.c deleted file mode 100644 index 83ca94376..000000000 --- a/package/openssl/src/crypto/engine/eng_cryptodev.c +++ /dev/null @@ -1,1496 +0,0 @@ -/* - * Copyright (c) 2002 Bob Beck - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl - * Copyright (c) 2012 Nikos Mavrogiannopoulos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -#include -#include -#include - -#if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD__)) -#include -# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) -# define HAVE_CRYPTODEV -# endif -# if (OpenBSD >= 200110) -# define HAVE_SYSLOG_R -# endif -#endif - -#ifndef HAVE_CRYPTODEV - -void -ENGINE_load_cryptodev(void) -{ - /* This is a NOP on platforms without /dev/crypto */ - return; -} - -#else - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -struct dev_crypto_state { - struct session_op d_sess; - int d_fd; - -#ifdef USE_CRYPTODEV_DIGESTS - unsigned char digest_res[64]; - char *mac_data; - int mac_len; -#endif -}; - -static u_int32_t cryptodev_asymfeat = 0; - -static int get_asym_dev_crypto(void); -static int open_dev_crypto(void); -static int get_dev_crypto(void); -static int get_cryptodev_ciphers(const int **cnids); -#ifdef USE_CRYPTODEV_DIGESTS -static int get_cryptodev_digests(const int **cnids); -#endif -static int cryptodev_usable_ciphers(const int **nids); -static int cryptodev_usable_digests(const int **nids); -static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); -static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -static int bn2crparam(const BIGNUM *a, struct crparam *crp); -static int crparam2bn(struct crparam *crp, BIGNUM *a); -static void zapparams(struct crypt_kop *kop); -static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, - int slen, BIGNUM *s); - -static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa, BN_CTX *ctx); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont); -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, - int dlen, DSA *dsa); -static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); -static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)(void)); -void ENGINE_load_cryptodev(void); - -static const ENGINE_CMD_DEFN cryptodev_defns[] = { - { 0, NULL, NULL, 0 } -}; - -static struct { - int id; - int nid; - int ivmax; - int keylen; -} ciphers[] = { - { CRYPTO_ARC4, NID_rc4, 0, 16, }, - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, - { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, - { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, -}; - -#ifdef USE_CRYPTODEV_DIGESTS -static struct { - int id; - int nid; - int digestlen; -} digests[] = { -#if 0 - /* HMAC is not supported */ - { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, - { CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32}, - { CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48}, - { CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64}, -#endif - { CRYPTO_MD5, NID_md5, 16}, - { CRYPTO_SHA1, NID_sha1, 20}, - { CRYPTO_SHA2_256, NID_sha256, 32}, - { CRYPTO_SHA2_384, NID_sha384, 48}, - { CRYPTO_SHA2_512, NID_sha512, 64}, - { 0, NID_undef, 0}, -}; -#endif - -/* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ -static int -open_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) { - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (-1); - /* close on exec */ - if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { - close(fd); - fd = -1; - return (-1); - } - } - return (fd); -} - -static int -get_dev_crypto(void) -{ - int fd, retfd; - - if ((fd = open_dev_crypto()) == -1) - return (-1); -#ifndef CRIOGET_NOT_NEEDED - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); - - /* close on exec */ - if (fcntl(retfd, F_SETFD, 1) == -1) { - close(retfd); - return (-1); - } -#else - retfd = fd; -#endif - return (retfd); -} - -static void put_dev_crypto(int fd) -{ -#ifndef CRIOGET_NOT_NEEDED - close(fd); -#endif -} - -/* Caching version for asym operations */ -static int -get_asym_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) - fd = get_dev_crypto(); - return fd; -} - -/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ -static int -get_cryptodev_ciphers(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; - unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - sess.key = (void*)fake_key; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; - sess.mac = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } - put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -#ifdef USE_CRYPTODEV_DIGESTS -/* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ -static int -get_cryptodev_digests(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - unsigned char fake_key[EVP_MAX_KEY_LENGTH]; - struct session_op sess; - int fd, i, count = 0; - - if ((fd = get_dev_crypto()) < 0) { - *cnids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - sess.mackey = fake_key; - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; - sess.mackeylen = 8; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } - put_dev_crypto(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} -#endif /* 0 */ - -/* - * Find the useable ciphers|digests from dev/crypto - this is the first - * thing called by the engine init crud which determines what it - * can use for ciphers from this engine. We want to return - * only what we can do, anythine else is handled by software. - * - * If we can't initialize the device to do anything useful for - * any reason, we want to return a NULL array, and 0 length, - * which forces everything to be done is software. By putting - * the initalization of the device in here, we ensure we can - * use this engine as the default, and if for whatever reason - * /dev/crypto won't do what we want it will just be done in - * software - * - * This can (should) be greatly expanded to perhaps take into - * account speed of the device, and what we want to do. - * (although the disabling of particular alg's could be controlled - * by the device driver with sysctl's.) - this is where we - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ -static int -cryptodev_usable_ciphers(const int **nids) -{ - return (get_cryptodev_ciphers(nids)); -} - -static int -cryptodev_usable_digests(const int **nids) -{ -#ifdef USE_CRYPTODEV_DIGESTS - return (get_cryptodev_digests(nids)); -#else - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not - * want digests on slow cards like hifn on fast machines, - * but might want them on slow or loaded machines, etc. - * will also want them when using crypto cards that don't - * suck moose gonads - would be nice to be able to decide something - * as reasonable default without having hackery that's card dependent. - * of course, the default should probably be just do everything, - * with perhaps a sysctl to turn algoritms off (or have them off - * by default) on cards that generally suck like the hifn. - */ - *nids = NULL; - return (0); -#endif -} - -static int -cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - const void *iiv; - unsigned char save_iv[EVP_MAX_IV_LENGTH]; - - if (state->d_fd < 0) - return (0); - if (!inl) - return (1); - if ((inl % ctx->cipher->block_size) != 0) - return (0); - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; - cryp.src = (void*) in; - cryp.dst = (void*) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { - cryp.iv = (void*) ctx->iv; - if (!ctx->encrypt) { - iiv = in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); - } - } else - cryp.iv = NULL; - - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { - /* XXX need better errror handling - * this can fail for a number of different reasons. - */ - return (0); - } - - if (ctx->cipher->iv_len) { - if (ctx->encrypt) - iiv = out + inl - ctx->cipher->iv_len; - else - iiv = save_iv; - memcpy(ctx->iv, iiv, ctx->cipher->iv_len); - } - return (1); -} - -static int -cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - int cipher = -1, i; - - for (i = 0; ciphers[i].id; i++) - if (ctx->cipher->nid == ciphers[i].nid && - ctx->cipher->iv_len <= ciphers[i].ivmax && - ctx->key_len == ciphers[i].keylen) { - cipher = ciphers[i].id; - break; - } - - if (!ciphers[i].id) { - state->d_fd = -1; - return (0); - } - - memset(sess, 0, sizeof(struct session_op)); - - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - - sess->key = (void*)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { - put_dev_crypto(state->d_fd); - state->d_fd = -1; - return (0); - } - return (1); -} - -/* - * free anything we allocated earlier when initting a - * session, and close the session. - */ -static int -cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -{ - int ret = 0; - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - - if (state->d_fd < 0) - return (0); - - /* XXX if this ioctl fails, someting's wrong. the invoker - * may have called us with a bogus ctx, or we could - * have a device that for whatever reason just doesn't - * want to play ball - it's not clear what's right - * here - should this be an error? should it just - * increase a counter, hmm. For right now, we return - * 0 - I don't believe that to be "right". we could - * call the gorpy openssl lib error handlers that - * print messages to users of the library. hmm.. - */ - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { - ret = 0; - } else { - ret = 1; - } - put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -} - -/* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. - */ - -/* RC4 */ -const EVP_CIPHER cryptodev_rc4 = { - NID_rc4, - 1, 16, 0, - EVP_CIPH_VARIABLE_LENGTH, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - NULL, - NULL, - NULL -}; - -/* DES CBC EVP */ -const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* 3DES CBC EVP */ -const EVP_CIPHER cryptodev_3des_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_bf_cbc = { - NID_bf_cbc, - 8, 16, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_cast_cbc = { - NID_cast5_cbc, - 8, 16, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_aes_cbc = { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_aes_192_cbc = { - NID_aes_192_cbc, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_aes_256_cbc = { - NID_aes_256_cbc, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the - * top level - note, that list is restricted by what we answer with - */ -static int -cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { - case NID_rc4: - *cipher = &cryptodev_rc4; - break; - case NID_des_ede3_cbc: - *cipher = &cryptodev_3des_cbc; - break; - case NID_des_cbc: - *cipher = &cryptodev_des_cbc; - break; - case NID_bf_cbc: - *cipher = &cryptodev_bf_cbc; - break; - case NID_cast5_cbc: - *cipher = &cryptodev_cast_cbc; - break; - case NID_aes_128_cbc: - *cipher = &cryptodev_aes_cbc; - break; - case NID_aes_192_cbc: - *cipher = &cryptodev_aes_192_cbc; - break; - case NID_aes_256_cbc: - *cipher = &cryptodev_aes_256_cbc; - break; - default: - *cipher = NULL; - break; - } - return (*cipher != NULL); -} - - -#ifdef USE_CRYPTODEV_DIGESTS - -/* convert digest type to cryptodev */ -static int -digest_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; digests[i].id; i++) - if (digests[i].nid == nid) - return (digests[i].id); - return (0); -} - - -static int cryptodev_digest_init(EVP_MD_CTX *ctx) -{ - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - int digest; - - if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ - printf("cryptodev_digest_init: Can't get digest \n"); - return (0); - } - memset(state, 0, sizeof(struct dev_crypto_state)); - - if ((state->d_fd = get_dev_crypto()) < 0) { - printf("cryptodev_digest_init: Can't get Dev \n"); - return (0); - } - - sess->mackey = NULL; - sess->mackeylen = 0; - sess->mac = digest; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { - put_dev_crypto(state->d_fd); - state->d_fd = -1; - printf("cryptodev_digest_init: Open session failed\n"); - return (0); - } - - return (1); -} - -static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count) -{ - struct dev_crypto_state *state = ctx->md_data; - struct crypt_op cryp; - struct session_op *sess = &state->d_sess; - - if (!data || state->d_fd < 0) { - printf("cryptodev_digest_update: illegal inputs \n"); - return (0); - } - - if (!count) { - return (1); - } - - if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { - /* if application doesn't support one buffer */ - state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); - - if (!state->mac_data) { - printf("cryptodev_digest_update: realloc failed\n"); - return (0); - } - - memcpy(state->mac_data + state->mac_len, data, count); - state->mac_len += count; - - return (1); - } - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = count; - cryp.src = (void*) data; - cryp.dst = NULL; - cryp.mac = (void*) state->digest_res; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_update: digest failed\n"); - return (0); - } - return (1); -} - - -static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - - if (!md || state->d_fd < 0) { - printf("cryptodev_digest_final: illegal input\n"); - return(0); - } - - if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { - /* if application doesn't support one buffer */ - memset(&cryp, 0, sizeof(cryp)); - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = state->mac_len; - cryp.src = state->mac_data; - cryp.dst = NULL; - cryp.mac = (void*)md; - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { - printf("cryptodev_digest_final: digest failed\n"); - return (0); - } - - return 1; - } - - memcpy(md, state->digest_res, ctx->digest->md_size); - - return 1; -} - - -static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) -{ - int ret = 1; - struct dev_crypto_state *state = ctx->md_data; - struct session_op *sess = &state->d_sess; - - if (state == NULL) - return 0; - - if (state->d_fd < 0) { - printf("cryptodev_digest_cleanup: illegal input\n"); - return (0); - } - - if (state->mac_data) { - OPENSSL_free(state->mac_data); - state->mac_data = NULL; - state->mac_len = 0; - } - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { - printf("cryptodev_digest_cleanup: failed to close session\n"); - ret = 0; - } else { - ret = 1; - } - put_dev_crypto(state->d_fd); - state->d_fd = -1; - - return (ret); -} - -static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) -{ - struct dev_crypto_state *fstate = from->md_data; - struct dev_crypto_state *dstate = to->md_data; - struct session_op *sess; - int digest; - - if (dstate == NULL || fstate == NULL) - return 1; - - memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); - - sess = &dstate->d_sess; - - digest = digest_nid_to_cryptodev(to->digest->type); - - sess->mackey = NULL; - sess->mackeylen = 0; - sess->mac = digest; - - dstate->d_fd = get_dev_crypto(); - - if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) { - put_dev_crypto(dstate->d_fd); - dstate->d_fd = -1; - printf("cryptodev_digest_init: Open session failed\n"); - return (0); - } - - if (fstate->mac_len != 0) { - if (fstate->mac_data != NULL) - { - dstate->mac_data = OPENSSL_malloc(fstate->mac_len); - memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); - dstate->mac_len = fstate->mac_len; - } - } - - return 1; -} - - -static const EVP_MD cryptodev_sha1 = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -}; - -static const EVP_MD cryptodev_sha256 = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, - EVP_PKEY_RSA_method, - SHA256_CBLOCK, - sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -}; - -static const EVP_MD cryptodev_sha384 = { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, - EVP_PKEY_RSA_method, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -}; - -static const EVP_MD cryptodev_sha512 = { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, - EVP_PKEY_RSA_method, - SHA512_CBLOCK, - sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -}; - -static const EVP_MD cryptodev_md5 = { - NID_md5, - NID_md5WithRSAEncryption, - 16 /* MD5_DIGEST_LENGTH */, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_ONESHOT, - cryptodev_digest_init, - cryptodev_digest_update, - cryptodev_digest_final, - cryptodev_digest_copy, - cryptodev_digest_cleanup, - EVP_PKEY_RSA_method, - 64 /* MD5_CBLOCK */, - sizeof(EVP_MD *)+sizeof(struct dev_crypto_state), -}; - -#endif /* USE_CRYPTODEV_DIGESTS */ - - -static int -cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) - return (cryptodev_usable_digests(nids)); - - switch (nid) { -#ifdef USE_CRYPTODEV_DIGESTS - case NID_md5: - *digest = &cryptodev_md5; - break; - case NID_sha1: - *digest = &cryptodev_sha1; - break; - case NID_sha256: - *digest = &cryptodev_sha256; - break; - case NID_sha384: - *digest = &cryptodev_sha384; - break; - case NID_sha512: - *digest = &cryptodev_sha512; - break; - default: -#endif /* USE_CRYPTODEV_DIGESTS */ - *digest = NULL; - break; - } - return (*digest != NULL); -} - -/* - * Convert a BIGNUM to the representation that /dev/crypto needs. - * Upon completion of use, the caller is responsible for freeing - * crp->crp_p. - */ -static int -bn2crparam(const BIGNUM *a, struct crparam *crp) -{ - int i, j, k; - ssize_t bytes, bits; - u_char *b; - - crp->crp_p = NULL; - crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = (bits + 7) / 8; - - b = malloc(bytes); - if (b == NULL) - return (1); - memset(b, 0, bytes); - - crp->crp_p = (void*) b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { - for (k = 0; k < BN_BITS2 / 8; k++) { - if ((j + k) >= bytes) - return (0); - b[j + k] = a->d[i] >> (k * 8); - } - j += BN_BITS2 / 8; - } - return (0); -} - -/* Convert a /dev/crypto parameter to a BIGNUM */ -static int -crparam2bn(struct crparam *crp, BIGNUM *a) -{ - u_int8_t *pd; - int i, bytes; - - bytes = (crp->crp_nbits + 7) / 8; - - if (bytes == 0) - return (-1); - - if ((pd = (u_int8_t *) malloc(bytes)) == NULL) - return (-1); - - for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; - - BN_bin2bn(pd, bytes, a); - free(pd); - - return (0); -} - -static void -zapparams(struct crypt_kop *kop) -{ - int i; - - for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { - if (kop->crk_param[i].crp_p) - free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; - kop->crk_param[i].crp_nbits = 0; - } -} - -static int -cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) -{ - int fd, ret = -1; - - if ((fd = get_asym_dev_crypto()) < 0) - return (ret); - - if (r) { - kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); - kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; - kop->crk_oparams++; - } - if (s) { - kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); - kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; - kop->crk_oparams++; - } - - if (ioctl(fd, CIOCKEY, kop) == 0) { - if (r) - crparam2bn(&kop->crk_param[kop->crk_iparams], r); - if (s) - crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); - ret = 0; - } - - return (ret); -} - -static int -cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - struct crypt_kop kop; - int ret = 1; - - /* Currently, we know we can do mod exp iff we can do any - * asymmetric operations at all. - */ - if (cryptodev_asymfeat == 0) { - ret = BN_mod_exp(r, a, p, m, ctx); - return (ret); - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP; - - /* inputs: a^p % m */ - if (bn2crparam(a, &kop.crk_param[0])) - goto err; - if (bn2crparam(p, &kop.crk_param[1])) - goto err; - if (bn2crparam(m, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - printf("OCF asym process failed, Running in software\n"); - ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); - - } else if (ECANCELED == kop.crk_status) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - printf("OCF hardware operation cancelled. Running in Software\n"); - ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); - } - /* else cryptodev operation worked ok ==> ret = 1*/ - -err: - zapparams(&kop); - return (ret); -} - -static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -{ - int r; - ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); - return (r); -} - -static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) -{ - struct crypt_kop kop; - int ret = 1; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - /* XXX 0 means failure?? */ - return (0); - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP_CRT; - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - if (bn2crparam(rsa->p, &kop.crk_param[0])) - goto err; - if (bn2crparam(rsa->q, &kop.crk_param[1])) - goto err; - if (bn2crparam(I, &kop.crk_param[2])) - goto err; - if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) - goto err; - if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) - goto err; - if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) - goto err; - kop.crk_iparams = 6; - - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - printf("OCF asym process failed, running in Software\n"); - ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); - - } else if (ECANCELED == kop.crk_status) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - printf("OCF hardware operation cancelled. Running in Software\n"); - ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); - } - /* else cryptodev operation worked ok ==> ret = 1*/ - -err: - zapparams(&kop); - return (ret); -} - -static RSA_METHOD cryptodev_rsa = { - "cryptodev RSA method", - NULL, /* rsa_pub_enc */ - NULL, /* rsa_pub_dec */ - NULL, /* rsa_priv_enc */ - NULL, /* rsa_priv_dec */ - NULL, - NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* rsa_sign */ - NULL /* rsa_verify */ -}; - -static int -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont) -{ - BIGNUM t2; - int ret = 0; - - BN_init(&t2); - - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - ret = 0; - - if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) - goto err; - - /* let t2 = y ^ u2 mod p */ - if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) - goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) - goto err; - - BN_copy(t1,u1); - - ret = 1; -err: - BN_free(&t2); - return(ret); -} - -static DSA_SIG * -cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - struct crypt_kop kop; - BIGNUM *r = NULL, *s = NULL; - DSA_SIG *dsaret = NULL; - - if ((r = BN_new()) == NULL) - goto err; - if ((s = BN_new()) == NULL) { - BN_free(r); - goto err; - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ - kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) - goto err; - kop.crk_iparams = 5; - - if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, - BN_num_bytes(dsa->q), s) == 0) { - dsaret = DSA_SIG_new(); - dsaret->r = r; - dsaret->s = s; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); - dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static int -cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) -{ - struct crypt_kop kop; - int dsaret = 1; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ - kop.crk_param[0].crp_p = (void*)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) - goto err; - if (bn2crparam(sig->r, &kop.crk_param[5])) - goto err; - if (bn2crparam(sig->s, &kop.crk_param[6])) - goto err; - kop.crk_iparams = 7; - - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { -/*OCF success value is 0, if not zero, change dsaret to fail*/ - if(0 != kop.crk_status) dsaret = 0; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - - dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static DSA_METHOD cryptodev_dsa = { - "cryptodev DSA method", - NULL, - NULL, /* dsa_sign_setup */ - NULL, - NULL, /* dsa_mod_exp */ - NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ -}; - -static int -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - struct crypt_kop kop; - int dhret = 1; - int fd, keylen; - - if ((fd = get_asym_dev_crypto()) < 0) { - const DH_METHOD *meth = DH_OpenSSL(); - - return ((meth->compute_key)(key, pub_key, dh)); - } - - keylen = BN_num_bits(dh->p); - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_COMPUTE_KEY; - - /* inputs: dh->priv_key pub_key dh->p key */ - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) - goto err; - if (bn2crparam(pub_key, &kop.crk_param[1])) - goto err; - if (bn2crparam(dh->p, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - kop.crk_param[3].crp_p = (void*) key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); - - dhret = (meth->compute_key)(key, pub_key, dh); - } -err: - kop.crk_param[3].crp_p = NULL; - zapparams(&kop); - return (dhret); -} - -static DH_METHOD cryptodev_dh = { - "cryptodev DH method", - NULL, /* cryptodev_dh_generate_key */ - NULL, - NULL, - NULL, - NULL, - 0, /* flags */ - NULL /* app_data */ -}; - -/* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. - */ -static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) -{ -#ifdef HAVE_SYSLOG_R - struct syslog_data sd = SYSLOG_DATA_INIT; -#endif - - switch (cmd) { - default: -#ifdef HAVE_SYSLOG_R - syslog_r(LOG_ERR, &sd, - "cryptodev_ctrl: unknown command %d", cmd); -#else - syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); -#endif - break; - } - return (1); -} - -void -ENGINE_load_cryptodev(void) -{ - ENGINE *engine = ENGINE_new(); - int fd; - - if (engine == NULL) - return; - if ((fd = get_dev_crypto()) < 0) { - ENGINE_free(engine); - return; - } - - /* - * find out what asymmetric crypto algorithms we support - */ - if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { - put_dev_crypto(fd); - ENGINE_free(engine); - return; - } - put_dev_crypto(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || - !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { - ENGINE_free(engine); - return; - } - - if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { - const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); - - cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; - cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; - cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; - cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; - cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; - cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; - if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_mod_exp; - else - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_nocrt_mod_exp; - } - } - - if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { - const DSA_METHOD *meth = DSA_OpenSSL(); - - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; - cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; - } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)){ - const DH_METHOD *dh_meth = DH_OpenSSL(); - - cryptodev_dh.generate_key = dh_meth->generate_key; - cryptodev_dh.compute_key = dh_meth->compute_key; - cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) - cryptodev_dh.compute_key = - cryptodev_dh_compute_key; - } - } - - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -} - -#endif /* HAVE_CRYPTODEV */ diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile index efa5a82b3..08c73a831 100644 --- a/package/openvpn/Makefile +++ b/package/openvpn/Makefile @@ -8,19 +8,13 @@ PKG_VERSION:= 2.3.11 PKG_RELEASE:= 1 PKG_HASH:= 0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7 PKG_DESCR:= vpn solution using ssl/tls +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_KDEPENDS:= tun PKG_SECTION:= net/security PKG_URL:= http://openvpn.net/ PKG_SITES:= http://swupdate.openvpn.org/community/releases/ -PKG_CHOICES_OPENVPN:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS WITH_SMALL PKGFD_WITH_LZO:= enable lzo compression support PKGFS_WITH_LZO:= liblzo diff --git a/package/raddump/Makefile b/package/raddump/Makefile index 3f83b3d2b..658486c2d 100755 --- a/package/raddump/Makefile +++ b/package/raddump/Makefile @@ -9,21 +9,13 @@ PKG_RELEASE:= 1 PKG_HASH:= f2d5c80164a5064d25e112f3ead9952d86200b022da584bddbc4afea948cb970 PKG_DESCR:= interprets captured radius packets PKG_SECTION:= net/radius -PKG_DEPENDS:= libpcap -PKG_BUILDDEP:= libpcap +PKG_DEPENDS:= libpcap libressl +PKG_BUILDDEP:= libpcap libressl PKG_URL:= http://sourceforge.net/projects/raddump PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=raddump/} DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_RADDUMP:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,RADDUMP,raddump,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/rdesktop/Makefile b/package/rdesktop/Makefile index af81be343..98ccc84ca 100644 --- a/package/rdesktop/Makefile +++ b/package/rdesktop/Makefile @@ -9,21 +9,13 @@ PKG_RELEASE:= 1 PKG_HASH:= 76cc834b89c34d8332f3cb3889483b2ae4d4e8118eeb45a8967c77dd18228246 PKG_DESCR:= client for windows terminal services PKG_SECTION:= x11/apps -PKG_DEPENDS:= libsamplerate alsa-lib libao -PKG_BUILDDEP:= libsamplerate alsa-lib libao +PKG_DEPENDS:= libsamplerate alsa-lib libao libressl +PKG_BUILDDEP:= libsamplerate alsa-lib libao libressl PKG_URL:= http://www.rdesktop.org/ PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=rdesktop/} DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_RDESKTOP:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,RDESKTOP,rdesktop,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/sipsak/Makefile b/package/sipsak/Makefile index 7a0e50d53..1903793ed 100644 --- a/package/sipsak/Makefile +++ b/package/sipsak/Makefile @@ -14,14 +14,11 @@ PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=sipsak.berlios/} DISTFILES:= $(PKG_NAME)-$(PKG_VERSION)-1.tar.gz -PKG_CHOICES_SIPSAK:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_SIPSAK:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk diff --git a/package/socat/Makefile b/package/socat/Makefile index 678d90f48..7603debe4 100644 --- a/package/socat/Makefile +++ b/package/socat/Makefile @@ -15,14 +15,11 @@ PKG_SITES:= http://www.dest-unreach.org/socat/download/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_SOCAT:= WITHOUT_SSL WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_SOCAT:= WITH_LIBRESSL WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCB_WITH_LIBRESSL:= libressl PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk @@ -36,9 +33,6 @@ CONFIGURE_ENV+= sc_cv_termios_ispeed=no \ CONFIGURE_ARGS+= --disable-libwrap \ --disable-readline -ifeq (${ADK_PACKAGE_SOCAT_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --enable-openssl -endif ifeq (${ADK_PACKAGE_SOCAT_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --enable-openssl endif diff --git a/package/ssltunnel/Makefile b/package/ssltunnel/Makefile deleted file mode 100644 index f23371ed8..000000000 --- a/package/ssltunnel/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of the OpenADK project. OpenADK is copyrighted -# material, please see the LICENCE file in the top-level directory. - -include ${ADK_TOPDIR}/rules.mk - -PKG_NAME:= ssltunnel -PKG_VERSION:= 1.18 -PKG_RELEASE:= 1 -PKG_HASH:= 1d2e4bbc935341775e7cc26dae980d6bdd5e8351f5a0cbf4d85363ac5d71081f -PKG_DESCR:= ppp over ssl vpn tool -PKG_SECTION:= net/security -PKG_DEPENDS:= ppp libopenssl -PKG_BUILDDEP:= ppp openssl -PKG_SITES:= http://www.hsc.fr/ressources/outils/ssltunnel/download/ - -DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz - -PKG_LIBC_DEPENDS:= uclibc-ng glibc - -include ${ADK_TOPDIR}/mk/package.mk - -$(eval $(call PKG_template,SSLTUNNEL,ssltunnel,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) - -CONFIGURE_ENV+= BUILD_CC="${TARGET_CC}" -XAKE_FLAGS+= CCOPT="${TARGET_CFLAGS}" INCLS="-I. -I${STAGING_TARGET_DIR}/usr/include" - -ssltunnel-install: - ${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/bin - ${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/sbin - ${INSTALL_DIR} ${IDIR_SSLTUNNEL}/usr/libexec - ${INSTALL_BIN} ${WRKINST}/usr/bin/pppclient \ - ${IDIR_SSLTUNNEL}/usr/bin/ - ${INSTALL_BIN} ${WRKINST}/usr/sbin/pppwho \ - ${IDIR_SSLTUNNEL}/usr/sbin/ - ${INSTALL_BIN} ${WRKINST}/usr/libexec/pppserver \ - ${IDIR_SSLTUNNEL}/usr/libexec/ - -include ${ADK_TOPDIR}/mk/pkg-bottom.mk diff --git a/package/ssltunnel/patches/patch-client_ntlmauth_c b/package/ssltunnel/patches/patch-client_ntlmauth_c deleted file mode 100644 index 8699ca947..000000000 --- a/package/ssltunnel/patches/patch-client_ntlmauth_c +++ /dev/null @@ -1,11 +0,0 @@ -$Id$ ---- ssltunnel-1.15.orig/client/ntlmauth.c 2004-03-10 13:35:21.000000000 +0000 -+++ ssltunnel-1.15/client/ntlmauth.c 2007-08-13 21:25:22.000000000 +0000 -@@ -34,6 +34,7 @@ - #include - #include - #include -+#include - - #ifndef INADDR_NONE - #define INADDR_NONE 0xffffffff diff --git a/package/strongswan/Makefile b/package/strongswan/Makefile index 4cc1cd177..97d7bdb03 100644 --- a/package/strongswan/Makefile +++ b/package/strongswan/Makefile @@ -15,13 +15,10 @@ PKG_SITES:= http://download.strongswan.org/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL WITH_GMP +PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_GMP PKGCD_WITH_GMP:= use gmp for crypto PKGCS_WITH_GMP:= libgmp PKGCB_WITH_GMP:= gmp -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl PKGCB_WITH_LIBRESSL:= libressl @@ -33,11 +30,6 @@ include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,STRONGSWAN,strongswan,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --enable-openssl \ - --disable-gcrypt \ - --disable-gmp -endif ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --enable-openssl \ --disable-gcrypt \ diff --git a/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c b/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c new file mode 100644 index 000000000..401bd7a64 --- /dev/null +++ b/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c @@ -0,0 +1,11 @@ +--- strongswan-5.5.0.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-06-30 16:20:10.000000000 +0200 ++++ strongswan-5.5.0/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-09-30 05:36:45.015692462 +0200 +@@ -573,7 +573,7 @@ plugin_t *openssl_plugin_create() + }, + ); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | diff --git a/package/strongswan/patches/patch-src_starter_netkey_c b/package/strongswan/patches/patch-src_starter_netkey_c index b87895eeb..adb7e09eb 100644 --- a/package/strongswan/patches/patch-src_starter_netkey_c +++ b/package/strongswan/patches/patch-src_starter_netkey_c @@ -1,6 +1,6 @@ ---- strongswan-5.0.0.orig/src/starter/netkey.c 2012-06-13 06:32:03.000000000 +0200 -+++ strongswan-5.0.0/src/starter/netkey.c 2012-07-26 16:55:59.000000000 +0200 -@@ -43,6 +43,7 @@ bool starter_netkey_init(void) +--- strongswan-5.5.0.orig/src/starter/netkey.c 2016-04-22 22:01:35.000000000 +0200 ++++ strongswan-5.5.0/src/starter/netkey.c 2016-09-30 05:30:43.681874545 +0200 +@@ -42,6 +42,7 @@ bool starter_netkey_init(void) } /* make sure that all required IPsec modules are loaded */ @@ -8,7 +8,7 @@ if (stat(PROC_MODULES, &stb) == 0) { ignore_result(system("modprobe -qv ah4")); -@@ -51,6 +52,7 @@ bool starter_netkey_init(void) +@@ -50,6 +51,7 @@ bool starter_netkey_init(void) ignore_result(system("modprobe -qv xfrm4_tunnel")); ignore_result(system("modprobe -qv xfrm_user")); } diff --git a/package/stunnel/Makefile b/package/stunnel/Makefile deleted file mode 100644 index e5962f38a..000000000 --- a/package/stunnel/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -# This file is part of the OpenADK project. OpenADK is copyrighted -# material, please see the LICENCE file in the top-level directory. - -include $(ADK_TOPDIR)/rules.mk - -PKG_NAME:= stunnel -PKG_VERSION:= 5.36 -PKG_RELEASE:= 1 -PKG_HASH:= eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea -PKG_DESCR:= encryption wrapper -PKG_SECTION:= net/security -PKG_DEPENDS:= libopenssl -PKG_BUILDDEP:= openssl -PKG_URL:= https://www.stunnel.org -PKG_SITES:= https://www.stunnel.org/downloads/ - -DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz - -include $(ADK_TOPDIR)/mk/package.mk - -$(eval $(call PKG_template,STUNNEL,stunnel,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) - -AUTOTOOL_STYLE:= autoreconf -CONFIGURE_ARGS+= --with-ssl=${STAGING_TARGET_DIR}/usr \ - --disable-systemd \ - --disable-libwrap - -stunnel-install: - $(INSTALL_DIR) $(IDIR_STUNNEL)/usr/bin - $(INSTALL_BIN) $(WRKINST)/usr/bin/stunnel \ - $(IDIR_STUNNEL)/usr/bin - -include ${ADK_TOPDIR}/mk/pkg-bottom.mk diff --git a/package/stunnel/patches/patch-configure_ac b/package/stunnel/patches/patch-configure_ac deleted file mode 100644 index fc9533b21..000000000 --- a/package/stunnel/patches/patch-configure_ac +++ /dev/null @@ -1,21 +0,0 @@ ---- stunnel-5.31.orig/configure.ac 2016-02-03 18:23:10.000000000 +0100 -+++ stunnel-5.31/configure.ac 2016-03-13 13:33:26.000000000 +0100 -@@ -86,18 +86,6 @@ if test "$GCC" = yes; then - AX_APPEND_COMPILE_FLAGS([-Wconversion]) - AX_APPEND_COMPILE_FLAGS([-Wno-long-long]) - AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations]) -- AX_APPEND_COMPILE_FLAGS([-fPIE]) -- case "${host}" in -- avr-*.* | powerpc-*-aix* | rl78-*.* | visium-*.*) -- ;; -- *) -- AX_APPEND_COMPILE_FLAGS([-fstack-protector]) -- ;; -- esac -- AX_APPEND_LINK_FLAGS([-fPIE -pie]) -- AX_APPEND_LINK_FLAGS([-Wl,-z,relro]) -- AX_APPEND_LINK_FLAGS([-Wl,-z,now]) -- AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack]) - fi - AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2]) - diff --git a/package/supl/Makefile b/package/supl/Makefile index 2fd08a1e2..9d5dc4ad9 100644 --- a/package/supl/Makefile +++ b/package/supl/Makefile @@ -9,26 +9,21 @@ PKG_RELEASE:= 1 PKG_HASH:= 068dc47ce818ce5634f09a88159df85a6ce3456e2467b11b8c5f8543a99bb347 PKG_DESCR:= tools for accessing sup/rrlp server PKG_SECTION:= net/misc +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://www.tajuma.com/supl/ PKG_SITES:= $(MASTER_SITE_SOURCEFORGE:=supl/) DISTFILES:= $(PKG_NAME)_$(PKG_VERSION).tar.gz WRKDIST= $(WRKDIR)/trunk -PKG_CHOICES_SUPL:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,SUPL,supl,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) CONFIG_STYLE:= minimal -CONFIGURE_ARGS+= --precompiled-asn1=yes --prefix="$(WRKINST)/usr" +CONFIGURE_ARGS+= --prefix="$(WRKINST)/usr" \ + --precompiled-asn1=yes supl-install: $(INSTALL_DIR) $(IDIR_SUPL)/usr/{bin,lib} diff --git a/package/tinc/Makefile b/package/tinc/Makefile index c192d10b6..b6a2f4540 100644 --- a/package/tinc/Makefile +++ b/package/tinc/Makefile @@ -9,22 +9,14 @@ PKG_RELEASE:= 1 PKG_HASH:= 0b502699360f09ce2128a39cf02abca07bfc699fc02ce829b3a90cf5e1e8b344 PKG_DESCR:= vpn tunnel daemon PKG_SECTION:= net/security -PKG_DEPENDS:= zlib liblzo -PKG_BUILDDEP:= zlib liblzo +PKG_DEPENDS:= zlib liblzo libressl +PKG_BUILDDEP:= zlib liblzo libressl PKG_KDEPENDS:= tun PKG_URL:= http://www.tinc-vpn.org/ PKG_SITES:= http://www.tinc-vpn.org/packages/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_TINC:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl - include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,TINC,tinc,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) diff --git a/package/tmsnc/Makefile b/package/tmsnc/Makefile index 83b4ea3d0..c88b591cb 100644 --- a/package/tmsnc/Makefile +++ b/package/tmsnc/Makefile @@ -9,17 +9,11 @@ PKG_RELEASE:= 2 PKG_HASH:= 7f54ba3974f45c0787b6d62d0d62ce352ddbf95419123b98b4969b97d3dfed23 PKG_DESCR:= textbased msn client PKG_SECTION:= app/chat +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= http://tmsnc.sourceforge.net/ PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=tmsnc/} -PKG_CHOICES_TMSNC:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz include ${ADK_TOPDIR}/mk/package.mk @@ -27,6 +21,7 @@ include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,TMSNC,tmsnc,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) TARGET_LDFLAGS+= -ltinfo + CONFIGURE_ARGS+= --with-libiconv-prefix=${STAGING_TARGET_DIR}/usr \ --with-openssl=${STAGING_TARGET_DIR}/usr \ --with-ncurses=${STAGING_TARGET_DIR} diff --git a/package/tntnet/Makefile b/package/tntnet/Makefile index c48a070d3..03d3b558e 100644 --- a/package/tntnet/Makefile +++ b/package/tntnet/Makefile @@ -17,17 +17,14 @@ PKG_SITES:= http://www.tntnet.org/download/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_TNTNET:= WITHOUT_SSL WITH_GNUTLS WITH_OPENSSL WITH_LIBRESSL -PKGCD_WITHOUT_SSL:= use no ssl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl -PKGCD_WITH_OPENSSL:= use libressl for crypto -PKGCS_WITH_OPENSSL:= libressl -PKGCB_WITH_OPENSSL:= libressl +PKG_CHOICES_TNTNET:= WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL +PKGCD_WITH_LIBRESSL:= use libressl for crypto +PKGCS_WITH_LIBRESSL:= libressl +PKGCB_WITH_LIBRESSL:= libressl PKGCD_WITH_GNUTLS:= use gnutls for crypto PKGCS_WITH_GNUTLS:= libgnutls PKGCB_WITH_GNUTLS:= gnutls +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/package.mk @@ -36,9 +33,6 @@ $(eval $(call PKG_template,TNTNET,tntnet,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEP ifeq (${ADK_PACKAGE_TNTNET_WITHOUT_SSL},y) CONFIGURE_ARGS+= --with-ssl=no endif -ifeq (${ADK_PACKAGE_TNTNET_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-ssl=openssl -endif ifeq (${ADK_PACKAGE_TNTNET_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-ssl=openssl endif diff --git a/package/tor/Makefile b/package/tor/Makefile index cd4b0b91c..c7893d390 100644 --- a/package/tor/Makefile +++ b/package/tor/Makefile @@ -9,20 +9,12 @@ PKG_RELEASE:= 2 PKG_HASH:= 493a8679f904503048114aca6467faef56861206bab8283d858f37141d95105d PKG_DESCR:= anonymous internet communication system PKG_SECTION:= net/proxy -PKG_DEPENDS:= libevent zlib -PKG_BUILDDEP:= libevent zlib +PKG_DEPENDS:= libevent zlib libressl +PKG_BUILDDEP:= libevent zlib libressl PKG_NEEDS:= threads PKG_URL:= https://www.torproject.org/ PKG_SITES:= https://www.torproject.org/dist/ -PKG_CHOICES_TOR:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz include ${ADK_TOPDIR}/mk/package.mk diff --git a/package/tvheadend/Makefile b/package/tvheadend/Makefile index 4624064dd..008bce1d3 100644 --- a/package/tvheadend/Makefile +++ b/package/tvheadend/Makefile @@ -9,17 +9,11 @@ PKG_GIT:= hash PKG_RELEASE:= 3 PKG_DESCR:= tv streaming server PKG_SECTION:= mm/video +PKG_DEPENDS:= libressl +PKG_BUILDDEP:= libressl PKG_URL:= https://tvheadend.org/projects/tvheadend PKG_SITES:= https://github.com/tvheadend/tvheadend.git -PKG_CHOICES_TVHEADEND:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,TVHEADEND,tvheadend,$(PKG_VERSION)-$(PKG_RELEASE),$(PKG_DEPENDS),$(PKG_DESCR),$(PKG_SECTION))) diff --git a/package/vtun/Makefile b/package/vtun/Makefile index d584da3b0..a071c6df8 100644 --- a/package/vtun/Makefile +++ b/package/vtun/Makefile @@ -9,19 +9,11 @@ PKG_RELEASE:= 1 PKG_HASH:= 22507499a8f650ef97157977e62fa632d5b0034070629a2d0fd0512e304eaeeb PKG_DESCR:= vpn tunnel daemon PKG_SECTION:= net/security -PKG_DEPENDS:= zlib liblzo -PKG_BUILDDEP:= zlib liblzo +PKG_DEPENDS:= zlib liblzo libressl +PKG_BUILDDEP:= zlib liblzo libressl PKG_KDEPENDS:= tun PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=vtun/} -PKG_CHOICES_VTUN:= WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_LIBRESSL:= use libressl for crypto -PKGCB_WITH_LIBRESSL:= libressl -PKGCS_WITH_LIBRESSL:= libressl ca-certificates -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCB_WITH_OPENSSL:= openssl -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates - DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz PKG_HOST_DEPENDS:= !freebsd diff --git a/package/wget/Makefile b/package/wget/Makefile index 9ca6a2364..84d5990a6 100644 --- a/package/wget/Makefile +++ b/package/wget/Makefile @@ -16,17 +16,14 @@ PKG_BB:= 1 DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_WGET:= WITHOUT_SSL WITH_GNUTLS WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITHOUT_SSL:= use no ssl +PKG_CHOICES_WGET:= WITH_LIBRESSL WITH_GNUTLS WITHOUT_SSL PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl ca-certificates libgmp PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl ca-certificates libgmp -PKGCB_WITH_OPENSSL:= openssl PKGCD_WITH_GNUTLS:= use gnutls for crypto PKGCS_WITH_GNUTLS:= libgnutls ca-certificates libgmp PKGCB_WITH_GNUTLS:= gnutls +PKGCD_WITHOUT_SSL:= use no ssl include ${ADK_TOPDIR}/mk/host.mk include ${ADK_TOPDIR}/mk/package.mk @@ -37,11 +34,6 @@ $(eval $(call PKG_template,WGET,wget,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS ifeq (${ADK_PACKAGE_WGET_WITHOUT_SSL},y) CONFIGURE_ARGS+= --with-ssl=no endif -ifeq (${ADK_PACKAGE_WGET_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --with-ssl=openssl \ - --with-openssl=yes \ - --with-libssl-prefix=${STAGING_TARGET_DIR} -endif ifeq (${ADK_PACKAGE_WGET_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-ssl=openssl \ --with-openssl=yes \ diff --git a/package/wpa_supplicant/Makefile b/package/wpa_supplicant/Makefile index c045a6c0e..12615ceab 100644 --- a/package/wpa_supplicant/Makefile +++ b/package/wpa_supplicant/Makefile @@ -21,13 +21,10 @@ PKG_DFLT_WPA_SUPPLICANT:= y if ADK_TARGET_WITH_WIFI WRKSRC= ${WRKDIST}/${PKG_NAME} -PKG_CHOICES_WPA_SUPPLICANT:= WITH_LIBRESSL WITH_OPENSSL WITH_INTERNAL WITH_GNUTLS +PKG_CHOICES_WPA_SUPPLICANT:= WITH_LIBRESSL WITH_INTERNAL WITH_GNUTLS PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl PKGCD_WITH_GNUTLS:= use gnutls for crypto PKGCS_WITH_GNUTLS:= libgnutls PKGCB_WITH_GNUTLS:= gnutls @@ -37,9 +34,10 @@ include ${ADK_TOPDIR}/mk/package.mk $(eval $(call PKG_template,WPA_SUPPLICANT,wpa-supplicant,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) +TARGET_CFLAGS+= -I$(STAGING_TARGET_DIR)/usr/include/libnl3 + CONFIG_STYLE:= manual INSTALL_STYLE:= manual -TARGET_CFLAGS+= -I$(STAGING_TARGET_DIR)/usr/include/libnl3 MAKE_FLAGS+= CPPFLAGS='${TARGET_CPPFLAGS}' \ LDFLAGS='${TARGET_LDFLAGS}' \ diff --git a/package/xorg-server/Makefile b/package/xorg-server/Makefile index 41c1e7746..9c2e59e61 100644 --- a/package/xorg-server/Makefile +++ b/package/xorg-server/Makefile @@ -31,16 +31,13 @@ PKG_CFLINE_XORG_SERVER:=depends on ADK_TARGET_WITH_VGA || ADK_TARGET_QEMU_WITH_G PKG_FLAVOURS_XORG_SERVER:= WITH_KDRIVE PKGFD_WITH_KDRIVE:= build kdrive xfbdev server -PKG_CHOICES_XORG_SERVER:= WITH_GCRYPT WITH_LIBRESSL WITH_OPENSSL -PKGCD_WITH_GCRYPT:= use libgcrypt for sha1 -PKGCS_WITH_GCRYPT:= libgcrypt -PKGCB_WITH_GCRYPT:= libgcrypt +PKG_CHOICES_XORG_SERVER:= WITH_LIBRESSL WITH_GCRYPT PKGCD_WITH_LIBRESSL:= use libressl crypto for sha1 PKGCS_WITH_LIBRESSL:= libressl PKGCB_WITH_LIBRESSL:= libressl -PKGCD_WITH_OPENSSL:= use openssl crypto for sha1 -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl +PKGCD_WITH_GCRYPT:= use libgcrypt for sha1 +PKGCS_WITH_GCRYPT:= libgcrypt +PKGCB_WITH_GCRYPT:= libgcrypt include $(ADK_TOPDIR)/mk/package.mk @@ -52,7 +49,7 @@ ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_GCRYPT},y) CONFIGURE_ARGS+= --with-sha1=libgcrypt endif -ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_CRYPTO},y) +ifeq (${ADK_PACKAGE_XORG_SERVER_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --with-sha1=libcrypto endif -- cgit v1.2.3