From patchwork Fri Jun 21 16:10:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dario Binacchi X-Patchwork-Id: 3137 Return-Path: X-Original-To: linux-amarula@patchwork.amarulasolutions.com Delivered-To: linux-amarula@patchwork.amarulasolutions.com Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by ganimede.amarulasolutions.com (Postfix) with ESMTPS id 2FE6B41584 for ; Fri, 21 Jun 2024 18:11:06 +0200 (CEST) Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2ec5100480bsf5332991fa.0 for ; Fri, 21 Jun 2024 09:11:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718986265; cv=pass; d=google.com; s=arc-20160816; b=Ud2GDscoCpMMLG5OTfffQOc5dUfkdiFTmtm1jy5YPypriuWFSWPlnP7elg8bt1NV0c ZTLeIm7E7ljKSMLrR6f8qdBq/R5CU0/uSy6SBUtPEM4lJO667UpU8aV+yf/7N6rM27Cb woL8nU8bhkpHG6VqYyhiW5i0iTYwzg6yaBKbpoDl2ytCkuDaHcILcZ36w2GUJ+rE1y4l 9ywrTMviTlw8ek/VeF6UBCWmaDXC+sfGJ4VN/dL9JIOwHRdoqv256gD4zTjxJ2ylV1Yy lbaBW6qLlzcs6q+Db/oBAakDhFi8hI4+ro13PWEbnHwiOatSnzu2Sh8g+ekBz7wmdYo8 NKwQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=dO/1iI8jF/6lx3ii5u2C2YrMEuBecJcIHTl4jwSG8us=; fh=J4Gos9fS9uh/dHn555tbNeS4AGlTeeFTHbCsXwTQKjM=; b=Buz0P2Alk+sIB/Yjy0jmvN1ha6s54IasMyRTpovq+LpSP8llNOcsr29fsnVPp2YwsB 1+Dnk/xyXj0dDl65npTGjrUDjZCRxXafd1IDXi0XLcln+aqaE+f3TkoJBxQILBacRfZK 5GwsDgtq9RinmkTB1B7qZXUkdU5EwuOrYZQTyIbOn3gHY3IuIKPPVn4irfsYYCVywB0K h7Je6/UBI198y5CeByHQnRkOZomB5/zfitXkl0IBLlxPHg5gY/Y99MAgYVw4mslSOH+5 syEBo4q0dMsAk0hC7LcokJyNVS2SB3Rwx2KSz6WgjnhSULXzmAZ9dFcgH6CGUSKGDFBD 40wg==; darn=patchwork.amarulasolutions.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=ibnAIbvp; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; t=1718986265; x=1719591065; darn=patchwork.amarulasolutions.com; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=dO/1iI8jF/6lx3ii5u2C2YrMEuBecJcIHTl4jwSG8us=; b=ZU5ACT2jtENTtD2kGrGY5P5B9VBkh/jlrIONwjS/vSIEWtUa42UnJYldYMYp5PxMjk jzLe+43R6fy8ENN+K06CqeJltS8s238G5P5/tckTihHWFy19GxVx5us03Spmyw8+TSCV IgWOqxRWwVrYNrioN0NjtB24pYxsw6NCv5cb4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718986265; x=1719591065; h=list-unsubscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dO/1iI8jF/6lx3ii5u2C2YrMEuBecJcIHTl4jwSG8us=; b=TzgCSQCPX8+d7GT0tCIHD4vNvuJRXS60vRhJZimJAKwz7FvY7Vo381LdRO/Z7Radrn M/KakyVifDKWvrHJOFexa9RR3kTDJzAlUnIX8wd4ppj2DvMjKezziqdzC3CX05JjxA+D wfWtwSci9ZTr1VCq6Wfcp/CuujLgsnfq0liRomfTyv8sEtEq1D1Lgs8KLWrfOzWoc6lV mIFwd+dMdrqAfiZ04eNyaPqwOus8AAdHvkYGvvxczgOOpwEYJsNPUlhc65ghfOoXm84G ROtE3n22yNTKsN5CYeZegv+sVLa1+0wLVZQGiraNZsLSV1MKt+Cp5s6nGkNsCCx9MM4g EKWQ== X-Forwarded-Encrypted: i=2; AJvYcCXpzTzyvHhFHzq1Eg4otqLS5wpDA5tvvtqlMb1v+iakEFIGypXmW7V5yMILUr2s4cfkIFzilDAj4q0X2+FpaduutlG1IlE4CKdVE0bvUJYLGwuEgMd7YHV7mmw14w== X-Gm-Message-State: AOJu0YzK0lAVyu4SU83O5aIajrMbVS+9jYSeH9Tw8hofv7Kz+hzeulYJ Ll2nIbjyWeJh9I3gqeBlkxajdoPv5lNr9pNox0IEnOo6qRBjxLd+nJgmczbsDZTocw== X-Google-Smtp-Source: AGHT+IGUeVakwRVgKaghEgfcRyqBuMqaDo3CCF5L5AbpUAXerG82SRv7rE3+HaEynHLL62Au3onTUA== X-Received: by 2002:a19:8c0d:0:b0:52c:db7b:b463 with SMTP id 2adb3069b0e04-52cdb7bb5cfmr613493e87.61.1718986265574; Fri, 21 Jun 2024 09:11:05 -0700 (PDT) X-BeenThere: linux-amarula@amarulasolutions.com Received: by 2002:a05:6000:d0e:b0:35f:2c6f:ec3a with SMTP id ffacd0b85a97d-364813de701ls699749f8f.2.-pod-prod-07-eu; Fri, 21 Jun 2024 09:11:04 -0700 (PDT) X-Received: by 2002:a5d:540a:0:b0:363:92e7:bb3 with SMTP id ffacd0b85a97d-36392e70c47mr5421175f8f.23.1718986263806; Fri, 21 Jun 2024 09:11:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1718986263; cv=none; d=google.com; s=arc-20160816; b=CSPzxop5EvyRytFzYTcj08WAYc8qXmRcoGoGLofBa/xQ1ZhKwdr8sJsX/V90SJRJQa F+cAVhr5eRdXcBWhnF6OMJfCs4oS64G49oG8fuG1bZGQP81QLivXRVx2gKT/ln6f28G5 CEfC9TyJQob9JDXxUAZSIWOCOpl1LUKgGTcKeIsi3LuZKy9lPxK3uJWu/1P2DUiKGFvv j61J6jxm0ZvoIJP5zaKIuTv1jqeeYpDoJSYAkYi5EbqOGl3EYNQKXQ90pZ1l0/3W0FXH Tcg9XuryqM8Gg405zrz4f9VM+wRkN8MZB/eStcXUoaVFeQvmSPEtvZ3CCzpSPeW24l5Q md9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=7nbFXXAtJDUJgic97IzJJXpEtb4q8J3Dv0uo3JRg3xo=; fh=4aH47D1o6z03SLGX3S5iBqzHxVYI/WCfhxxmm+dgjk8=; b=ZXnQNiRLedhiZwEMhtXIyLFOzT0nZg/8/Ci7a0ZDt9Zt9LxPzj513ZG4Wsr0Lk7Xwk xqyQBK01OmMsR0aflKUfXurm2gQNUk09WHTd9S3tRiLeiRc9Y26e2KJKIuBzGOfnBaLr /kUT4qlaKB7MrnU2AgdJUIHSHgMWVxwLu26dgcZSfxCxPhBciBuXy0316l8/leh4hsOC qf/OKnNtwWmJJ8vJN/YqOxxUYFb+hM+z3THxvxPN6PpaiV9bGqKuN1q/2Afmy/12UeoV d10uaOSXUg6TcRWXizdWI4XbqfF0fRIrB+yjtbWa7L1nlYu/wcoXX7bgeDGl/3ufIKhF w6oA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=ibnAIbvp; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id ffacd0b85a97d-366387cf1b7sor554200f8f.4.2024.06.21.09.11.03 for (Google Transport Security); Fri, 21 Jun 2024 09:11:03 -0700 (PDT) Received-SPF: pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Received: by 2002:a5d:456d:0:b0:365:980c:d281 with SMTP id ffacd0b85a97d-365980cd35cmr2841997f8f.45.1718986263402; Fri, 21 Jun 2024 09:11:03 -0700 (PDT) Received: from dario-ThinkPad-T14s-Gen-2i.amarulasolutions.com ([2.196.43.112]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-366389b8922sm2185522f8f.28.2024.06.21.09.11.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Jun 2024 09:11:03 -0700 (PDT) From: Dario Binacchi To: buildroot@buildroot.org Cc: linux-amarula@amarulasolutions.com, Dario Binacchi Subject: [PATCH 6/6] package/libopenssl: add new configuration options Date: Fri, 21 Jun 2024 18:10:49 +0200 Message-ID: <20240621161049.4085310-6-dario.binacchi@amarulasolutions.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240621161049.4085310-1-dario.binacchi@amarulasolutions.com> References: <20240621161049.4085310-1-dario.binacchi@amarulasolutions.com> MIME-Version: 1.0 X-Original-Sender: dario.binacchi@amarulasolutions.com X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=ibnAIbvp; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list linux-amarula@amarulasolutions.com; contact linux-amarula+owners@amarulasolutions.com List-ID: X-Spam-Checked-In-Group: linux-amarula@amarulasolutions.com X-Google-Group-Id: 476853432473 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1, added new compilation options. This led to a significant increase in the size of the library. These options allow user to disable these features to obtain a smaller library size. To ensure backward compatibility, all items are selected by default. Signed-off-by: Dario Binacchi --- package/libopenssl/Config.in | 106 +++++++++++++++++++++++++++++++ package/libopenssl/libopenssl.mk | 14 ++++ 2 files changed, 120 insertions(+) diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in index 0c8db52e2e1d..036b68241864 100644 --- a/package/libopenssl/Config.in +++ b/package/libopenssl/Config.in @@ -133,4 +133,110 @@ config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP bool "enable compression" default y +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2 + bool "enable ARGON2" + default y + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH + bool "enable cached fetch" + default y + help + Cache algorithms when they are fetched from a provider. + Normally, a provider indicates if the algorithms it supplies + can be cached or not. Using this option will reduce run-time + memory usage but it also introduces a significant performance + penalty. This option is primarily designed to help with + detecting incorrect reference counting. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP + bool "enable CMP" + default y + help + Build support for Certificate Management Protocol (CMP) and + Certificate Request Message Format (CRMF). + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL + bool "enable thread pool" + default y + depends on BR2_TOOLCHAIN_HAS_THREADS + help + Build with thread pool functionality. If enabled, OpenSSL + algorithms may use the thread pool to perform parallel + computation. This option in itself does not enable OpenSSL + to spawn new threads. Currently the only supported thread + pool mechanism is the default thread pool. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL + bool "enable default thread pool" + default y + depends on BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL + help + Build with default thread pool functionality. If enabled, + OpenSSL may create and manage threads up to a maximum number + of threads authorized by the application. Supported on POSIX + compliant platforms. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX + bool "enable ECX" + default y + help + Build with ECX support. Disabling this option can be used + to disable support for X25519, X448, and EdDSA. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE + bool "enable 'loader_attic' engine" + default y + depends on BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE + help + Build with 'loader_attic' engine support, which is meant + just for internal OpenSSL testing purposes and supports + loading keys, parameters, certificates, and CRLs from files. + When this engine is used, files with such credentials are + read via this engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE + bool "enable padlock engine" + default y + help + Build the padlock engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE + bool "enable modules" + default y + help + Build modules. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC + bool "enable QUIC" + default y + help + Build with QUIC support. + +config BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY + bool "enable secure memory" + default y + help + Build with secure memory support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV + bool "enable SIV" + default y + help + Build with RFC5297 AES-SIV support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE + bool "enable SM2 precomputed table" + default y + depends on BR2_aarch64 + help + Enable using the SM2 precomputed table. Disabling this option + makes the library smaller. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE + bool "enable SSL trace" + default y + help + Build with SSL Trace support. Disabling this option may + provide a small reduction in libssl binary size. + endif # BR2_PACKAGE_LIBOPENSSL diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index 89a9189bb851..ab8454657ebf 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -107,6 +107,20 @@ define LIBOPENSSL_CONFIGURE_CMDS $(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug no-autoerrinit) \ $(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2),,no-argon2) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH),,no-cached-fetch) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP),,no-cmp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL),,no-thread-pool) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL),,no-default-thread-pool) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX),,no-ecx) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE),,no-loadereng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE),,no-padlockeng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE),,no-module) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC),,no-quic) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY),,no-secure-memory) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV),,no-siv) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE),,no-sm2-precomp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE),,no-ssl-trace) \ $(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \ $(if $(BR2_STATIC_LIBS),no-dso) endef