trojan: add package

gyb997 · Dec 5, 2019 · ce2db4d · ce2db4d
1 parent ece2c7c
commit ce2db4d
Show file tree

Hide file tree

Showing 10 changed files with 507 additions and 0 deletions.
diff --git a/package/lean/openssl1.1/Makefile b/package/lean/openssl1.1/Makefile
@@ -0,0 +1,158 @@
+#
+# Copyright (C) 2006-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+### Modified by wongsyrone to fit need of trojan-gfw/trojan
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openssl1.1
+
+PKG_BASE:=1.1.1
+PKG_BUGFIX:=d
+PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
+PKG_HASH:=1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
+ENGINES_DIR=engines-1.1
+
+
+PKG_RELEASE:=1
+PKG_USE_MIPS16:=0
+PATCH_DIR=./patches/$(PKG_BASE)
+
+PKG_BUILD_PARALLEL:=0
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/openssl-$(PKG_VERSION)
+
+PKG_SOURCE:=openssl-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+	http://www.openssl.org/source/ \
+	http://www.openssl.org/source/old/$(PKG_BASE)/
+
+PKG_LICENSE:=OpenSSL
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:openssl:openssl
+
+include $(INCLUDE_DIR)/package.mk
+
+ifneq ($(CONFIG_CCACHE),)
+HOSTCC=$(HOSTCC_NOCACHE)
+HOSTCXX=$(HOSTCXX_NOCACHE)
+endif
+
+define Package/$(PKG_NAME)/Default
+  TITLE:=Open source SSL toolkit
+  URL:=http://www.openssl.org/
+  SECTION:=libs
+  CATEGORY:=Libraries
+endef
+
+define Package/openssl1.1/Default/description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols as well
+as a full-strength general-purpose cryptography library.
+endef
+
+define Package/libopenssl1.1
+$(call Package/openssl1.1/Default)
+  SUBMENU:=SSL
+  TITLE+= (libraries)
+  ABI_VERSION:=$(PKG_VERSION)
+  MENU:=1
+endef
+
+define Package/libopenssl1.1/description
+$(call Package/openssl/Default/description)
+This package contains the OpenSSL shared libraries, needed by other programs.
+endef
+
+
+define Package/libopenssl1.1/conffiles
+/etc/ssl/openssl.cnf
+endef
+
+# do NOT interfere original openssl staging dir
+MY_PKG_STAGING_DIR:=$(BUILD_DIR)/openssl1.1_staging_dir
+
+OPENSSL_OPTIONS:= no-shared no-ssl3-method
+
+# https://github.com/openssl/openssl/issues/1607
+# it seems musl-libc doesn't support this
+OPENSSL_OPTIONS += no-async
+
+OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
+
+OPENSSL_OPTIONS += no-idea
+
+OPENSSL_OPTIONS += no-seed
+
+OPENSSL_OPTIONS += no-whirlpool
+
+OPENSSL_OPTIONS += no-deprecated
+
+TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+
+
+
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
+
+STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
+
+define Build/Configure
+	[ -f $(STAMP_CONFIGURED) ] || { \
+		rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
+		find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
+		rm -rf $(MY_PKG_STAGING_DIR); \
+	}
+	(cd $(PKG_BUILD_DIR); \
+		./Configure $(OPENSSL_TARGET) \
+			--prefix=/usr \
+			--openssldir=/etc/ssl \
+			--libdir=lib \
+			$(TARGET_CPPFLAGS) \
+			$(TARGET_LDFLAGS) \
+			$(OPENSSL_OPTIONS) && \
+		{ [ -f $(STAMP_CONFIGURED) ] || make clean; } \
+	)
+
+endef
+
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+		OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
+		$(OPENSSL_MAKEFLAGS) \
+		all
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		$(OPENSSL_MAKEFLAGS) \
+		install_sw install_ssldirs
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(MY_PKG_STAGING_DIR)/usr/include/
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.a $(MY_PKG_STAGING_DIR)/usr/lib/
+endef
+
+define Build/Clean
+	rm -rf $(MY_PKG_STAGING_DIR)
+	$(call Build/Clean/Default)
+endef
+
+define Package/libopenssl1.1/install
+true
+endef
+
+$(eval $(call BuildPackage,libopenssl1.1))
diff --git a/package/lean/openssl1.1/patches/1.1.1/100-Configure-afalg-support.patch b/package/lean/openssl1.1/patches/1.1.1/100-Configure-afalg-support.patch
@@ -0,0 +1,23 @@
+From bf4f3a5696c65b4a48935599ccba43311c114c95 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:29:21 -0300
+Subject: Do not use host kernel version to disable AFALG
+
+This patch prevents the Configure script from using the host kernel
+version to disable building the AFALG engine on openwrt targets.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
++++ b/Configure
+@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtra
+
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+-    if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
++    if ($target =~ m/openwrt$/) {
++        push @{$config{engdirs}}, "afalg";
++    } elsif (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+         my $minver = 4*10000 + 1*100 + 0;
+         if ($config{CROSS_COMPILE} eq "") {
+             my $verstr = `uname -r`;
diff --git a/package/lean/openssl1.1/patches/1.1.1/110-openwrt_targets.patch b/package/lean/openssl1.1/patches/1.1.1/110-openwrt_targets.patch
@@ -0,0 +1,60 @@
+From 9a83f8fb7c46215dfb8d6dc2e2cc612bc2a0fd01 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:30:24 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- /dev/null
++++ b/Configurations/25-openwrt.conf
+@@ -0,0 +1,48 @@
++## Openwrt "CONFIG_ARCH" matching targets.
++
++# The targets need to end in '-openwrt' for the AFALG patch to work
++
++my %targets = (
++    "openwrt" => {
++	template	=> 1,
++	CFLAGS		=> add("\$(OPENWRT_OPTIMIZATION_FLAGS)"),
++    },
++    "linux-aarch64-openwrt" => {
++        inherit_from    => [ "linux-aarch64", "openwrt" ],
++    },
++    "linux-arc-openwrt" => {
++        inherit_from    => [ "linux-generic32", "openwrt" ],
++    },
++    "linux-arm-openwrt" => {
++        inherit_from    => [ "linux-armv4", "openwrt" ],
++    },
++    "linux-armeb-openwrt" => {
++        inherit_from    => [ "linux-armv4", "openwrt" ],
++    },
++    "linux-i386-openwrt" => {
++        inherit_from    => [ "linux-x86", "openwrt" ],
++    },
++    "linux-mips-openwrt" => {
++        inherit_from    => [ "linux-mips32", "openwrt" ],
++    },
++    "linux-mips64-openwrt" => {
++        inherit_from    => [ "linux64-mips64", "openwrt" ],
++    },
++    "linux-mips64el-openwrt" => {
++        inherit_from    => [ "linux64-mips64", "openwrt" ],
++    },
++    "linux-mipsel-openwrt" => {
++        inherit_from    => [ "linux-mips32", "openwrt" ],
++    },
++    "linux-powerpc-openwrt" => {
++        inherit_from    => [ "linux-ppc", "openwrt" ],
++    },
++    "linux-x86_64-openwrt" => {
++        inherit_from    => [ "linux-x86_64", "openwrt" ],
++    },
++
++### Basic default option
++    "linux-generic32-openwrt" => {
++        inherit_from    => [ "linux-generic32", "openwrt" ],
++    },
++);
diff --git a/package/lean/openssl1.1/patches/1.1.1/120-strip-cflags-from-binary.patch b/package/lean/openssl1.1/patches/1.1.1/120-strip-cflags-from-binary.patch
@@ -0,0 +1,21 @@
+From f453f3eccb852740e37e9436dac5670d311c13b0 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:31:38 -0300
+Subject: void exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
+
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
diff --git a/package/lean/openssl1.1/patches/1.1.1/130-dont-build-tests-fuzz.patch b/package/lean/openssl1.1/patches/1.1.1/130-dont-build-tests-fuzz.patch
@@ -0,0 +1,29 @@
+From e2339aa9c68837089d17cf309022cee497fe2412 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:34:38 -0300
+Subject: Do not build tests and fuzz directories
+
+This shortens build time.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
++++ b/Configure
+@@ -296,7 +296,7 @@ my $auto_threads=1;    # enable threads
+ my $default_ranlib;
+
+ # Top level directories to build
+-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
++$config{dirs} = [ "crypto", "ssl", "engines", "apps", "util", "tools" ];
+ # crypto/ subdirectories to build
+ $config{sdirs} = [
+     "objects",
+@@ -308,7 +308,7 @@ $config{sdirs} = [
+     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
+     ];
+ # test/ subdirectories to build
+-$config{tdirs} = [ "ossl_shim" ];
++$config{tdirs} = [];
+
+ # Known TLS and DTLS protocols
+ my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
diff --git a/package/lean/openssl1.1/patches/1.1.1/140-allow-prefer-chacha20.patch b/package/lean/openssl1.1/patches/1.1.1/140-allow-prefer-chacha20.patch
@@ -0,0 +1,78 @@
+From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:44:39 -0300
+Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
+
+This enables a compile-time option to prefer ChaCha20-Poly1305 over
+AES-GCM in the openssl default ciphersuite, which is useful in systems
+without AES specific CPU instructions.
+OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
+
+Note that this does not have the same effect as the
+SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
+when the client has it on top of its ciphersuite preference.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/include/openssl/ssl.h
++++ b/include/openssl/ssl.h
+@@ -173,9 +173,15 @@ extern "C" {
+ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+-#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+-                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+-                                   "TLS_AES_128_GCM_SHA256"
++#  ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  else
++#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
++                                    "TLS_CHACHA20_POLY1305_SHA256:" \
++                                    "TLS_AES_128_GCM_SHA256"
++#  endif
+ # else
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_AES_128_GCM_SHA256"
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+     ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                           &tail);
+
++    /*
++     * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
++     * will be placed before AES-256.  Otherwise, the default behavior of
++     * preferring GCM over CHACHA is used.
++     * This is useful for systems that do not have AES-specific CPU
++     * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
++     * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
++     * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
++     * of its ciphersuite preference.
++     */
++
++#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
++    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
++                          &head, &tail);
++#else
+     /* Within each strength group, we prefer GCM over CHACHA... */
+     ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
+     ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
++#endif
+
+     /*
+      * ...and generally, our preferred cipher is AES.
+@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      * Within each group, ciphers remain sorted by strength and previous
+      * preference, i.e.,
+      * 1) ECDHE > DHE
+-     * 2) GCM > CHACHA
++     * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
+      * 3) AES > rest
+      * 4) TLS 1.2 > legacy
+      *