SRC_FETCH_PATH="https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1t-quic1.tar.gz" SRC_FETCH_METHOD="http" # The first 2 patches reduce the per-session memory usage from 72 to 38 kB # during handshake (measured). The next two are minor fixes. The next ones # if any (#100 and above) are fixes picked from the stable branch. The last # ones fix parallel build. PATCH_LIST="patch-add-syscall-getrandom.diff" #0001-ssl-don-t-allocate-the-write-buffer-during-the-hands.patch #0002-ssl-release-unused-read-buffer-on-incomplete-client-.patch #0003-rand-fix-null-pointer-dereference-caused-by-unchecke.patch #0004-ssl-change-default-cipher-string-to-AES-RC4-ALL-aNUL.patch #openssl-1.0.2a-parallel-install-dirs.patch #openssl-1.0.2a-parallel-obj-headers.patch #openssl-1.0.2a-parallel-symlinking.patch #openssl-1.0.2d-parallel-build.patch # not ported yet : #openssl-1.0.1c-flx2.2-cryptodev-1.5.diff #small-records-1.0.1l.patch function do_config { # To find these options, try "./Configure LIST" then "./Configure TABLE". # The colons are just delimiters and all words are allowed on the line. # Please read the Configure script in openssl to fin the relevant keywords, # as most of them are already implied by the OS target definition and the # default compiler ! if [ "$FLXARCH" == "x86_64" ]; then os="linux-x86_64" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST ) elif [ "$FLX_ARCH_SMALL" == "i386" ]; then os="linux-elf" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST ) elif [ -n "$FLXARCH" -a -z "${FLXARCH##aarch64*}" ]; then os="linux-aarch64" elif [ -n "$FLXARCH" -a -z "${FLXARCH##armv7*}" ]; then os="linux-armv4" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv7-a -D__ARM_MAX_ARCH__=7 ) elif [ -n "$FLXARCH" -a -z "${FLXARCH##arm*}" ]; then os="linux-armv4" opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv5te -D__ARM_MAX_ARCH__=5 ) elif [ "$FLXARCH" == "sparc" ]; then os="linux-sparcv9" opt="" elif [ "$FLXARCH" == "sparc64" ]; then os="linux64-sparcv9" opt="" elif [ -n "$FLX_GNU_ARCH" -a "$FLX_BITS" == "64" ]; then os="linux-generic64" opt="" elif [ -n "$FLX_GNU_ARCH" -a "$FLX_BITS" == "32" ]; then os="linux-generic32" opt="" else echo "Error: cannot find a suitable OS configuration or this platform." echo "FLXARCH=$FLXARCH is not handled by this script." echo "Please check instructions in do_config() using 'pkg cat'." exit 1 fi # Do not enable cryptodev digests (-DUSE_CRYPTODEV_DIGESTS), as indicated in # the README, they significantly lower performance due to the high latency of # the ioctl required for cryptodev. Only enable HAVE_CRYPTODEV. # disable this if the crypto patch is not applied #opt=( "${opt[@]}" -DHAVE_CRYPTODEV ) CC="$CC" ./Configure --prefix=/usr --openssldir=/usr/share/openssl --with-rand-seed=getrandom enable-tls1_3 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers threads shared "${opt[@]}" "$os" } function do_compile_only { local MK=$FLXMAKE # if grep -q ^install_dirs Makefile; then # parallel build supported # MK=$FLXPMAKE # fi $MK CC=$CC AR='${FLXCROSS}ar' RANLIB='${FLXCROSS}ranlib' || exit $? # $MK build-shared CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $? # $MK -C apps CC=$CC DLIBCRYPTO=../libcrypto.so AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $? } function do_prepack { $FLXMAKE install_sw LIBDIR=/lib INSTALL_PREFIX=$ROOTDIR DESTDIR=$ROOTDIR || exit $? (mkdir -p ${ROOTDIR}/usr/share/openssl && \ cp apps/openssl.cnf ${ROOTDIR}/usr/share/openssl) || exit $? set_default_perm $ROOTDIR }