KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
openwrtv3/package/libs/openssl/Makefile
Daniel Engberg dca96b7546 openssl: Add optimization option 
Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-18 21:01:26 +01:00

268 lines
7.2 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.0.2
PKG_BUGFIX:=m
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
http://ftp.fi.muni.cz/pub/openssl/source/ \
http://ftp.linux.hr/pub/openssl/source/ \
http://gd.tuwien.ac.at/infosys/security/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openssl:openssl
PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_ENGINE_CRYPTO \
CONFIG_OPENSSL_ENGINE_DIGEST \
CONFIG_OPENSSL_WITH_EC \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_WITH_DEPRECATED \
CONFIG_OPENSSL_WITH_DTLS \
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_NPN \
CONFIG_OPENSSL_WITH_PSK \
CONFIG_OPENSSL_WITH_SRP \
CONFIG_OPENSSL_OPTIMIZE_SPEED
include $(INCLUDE_DIR)/package.mk
ifneq ($(CONFIG_CCACHE),)
HOSTCC=$(HOSTCC_NOCACHE)
HOSTCXX=$(HOSTCXX_NOCACHE)
endif
define Package/openssl/Default
TITLE:=Open source SSL toolkit
URL:=http://www.openssl.org/
endef
define Package/libopenssl/config
source "$(SOURCE)/Config.in"
endef
define Package/openssl/Default/description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
as a full-strength general purpose cryptography library.
endef
define Package/libopenssl
$(call Package/openssl/Default)
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
TITLE+= (libraries)
ABI_VERSION:=$(PKG_VERSION)
MENU:=1
endef
define Package/libopenssl/description
$(call Package/openssl/Default/description)
This package contains the OpenSSL shared libraries, needed by other programs.
endef
define Package/openssl-util
$(call Package/openssl/Default)
SECTION:=utils
CATEGORY:=Utilities
DEPENDS:=+libopenssl
TITLE+= (utility)
endef
define Package/openssl-util/conffiles
/etc/ssl/openssl.cnf
endef
define Package/openssl-util/description
$(call Package/openssl/Default/description)
This package contains the OpenSSL command-line utility.
endef
OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
no-whrlpool no-whirlpool no-seed no-jpake
OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
ifdef CONFIG_OPENSSL_ENGINE_DIGEST
OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
endif
else
OPENSSL_OPTIONS += no-engines
endif
ifndef CONFIG_OPENSSL_WITH_EC
OPENSSL_OPTIONS += no-ec
endif
ifndef CONFIG_OPENSSL_WITH_EC2M
OPENSSL_OPTIONS += no-ec2m
endif
ifndef CONFIG_OPENSSL_WITH_SSL3
OPENSSL_OPTIONS += no-ssl3
endif
ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
OPENSSL_OPTIONS += no-hw
endif
ifndef CONFIG_OPENSSL_WITH_DEPRECATED
OPENSSL_OPTIONS += no-deprecated
endif
ifndef CONFIG_OPENSSL_WITH_DTLS
OPENSSL_OPTIONS += no-dtls
endif
ifdef CONFIG_OPENSSL_WITH_COMPRESSION
OPENSSL_OPTIONS += zlib-dynamic
else
OPENSSL_OPTIONS += no-comp
endif
ifndef CONFIG_OPENSSL_WITH_NPN
OPENSSL_OPTIONS += no-nextprotoneg
endif
ifndef CONFIG_OPENSSL_WITH_PSK
OPENSSL_OPTIONS += no-psk
endif
ifndef CONFIG_OPENSSL_WITH_SRP
OPENSSL_OPTIONS += no-srp
endif
ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
endif
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
else
OPENSSL_OPTIONS+=no-sse2
ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
OPENSSL_TARGET:=linux-mips-openwrt
else ifeq ($(CONFIG_aarch64),y)
OPENSSL_TARGET:=linux-aarch64-openwrt
else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
OPENSSL_TARGET:=linux-armv4-openwrt
else
OPENSSL_TARGET:=linux-generic-openwrt
OPENSSL_OPTIONS+=no-perlasm
endif
endif
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
[ -f $(STAMP_CONFIGURED) ] || { \
rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
}
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) -ldl \
$(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
$(OPENSSL_NO_CIPHERS) \
$(OPENSSL_OPTIONS) \
)
# XXX: OpenSSL "make depend" will look for installed headers before its own,
# so remove installed stuff first
-$(SUBMAKE) -j1 clean-staging
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
MAKEDEPPROG="$(TARGET_CROSS)gcc" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
depend
endef
TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \
AR="$(TARGET_CROSS)ar r" \
RANLIB="$(TARGET_CROSS)ranlib" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
all
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
ASFLAGS="$(TARGET_ASFLAGS) -I$(PKG_BUILD_DIR)/crypto -c" \
AR="$(TARGET_CROSS)ar r" \
RANLIB="$(TARGET_CROSS)ranlib" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
build-shared
# Work around openssl build bug to link libssl.so with libcrypto.so.
-rm $(PKG_BUILD_DIR)/libssl.so.*.*.*
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
$(OPENSSL_MAKEFLAGS) \
do_linux-shared
$(MAKE) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
$(OPENSSL_MAKEFLAGS) \
install
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc $(1)/usr/lib/pkgconfig/
[ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/{openssl,libcrypto,libssl}.pc || true
endef
define Package/libopenssl/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
endef
define Package/openssl-util/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DIR) $(1)/etc/ssl/private
chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
endef
$(eval $(call BuildPackage,libopenssl))
$(eval $(call BuildPackage,openssl-util))
Reference in a new issue View git blame Copy permalink