| Message ID | 20240708170856.803984-1-dario.binacchi@amarulasolutions.com |
|---|---|
| State | New |
| Headers | show |
| Series |
|
| Related | show |
Dario, All, On 2024-07-08 19:08 +0200, Dario Binacchi spake thusly: > The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1, > added new compilation options. This led to a significant increase in the > size of the library. These options allow user to disable these features > to obtain a smaller library size. > > To ensure backward compatibility, all items are selected by default. > > Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > Changes v1 -> v2: > - Drop BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL and use a > single option (i. e. BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL) > that enables the default thread-pool. > > package/libopenssl/Config.in | 96 ++++++++++++++++++++++++++++++++ > package/libopenssl/libopenssl.mk | 13 +++++ > 2 files changed, 109 insertions(+) > > diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in > index 0c8db52e2e1d..03d3def802ff 100644 > --- a/package/libopenssl/Config.in > +++ b/package/libopenssl/Config.in > @@ -133,4 +133,100 @@ config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP > bool "enable compression" > default y > > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2 > + bool "enable ARGON2" > + default y > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH > + bool "enable cached fetch" > + default y > + help > + Cache algorithms when they are fetched from a provider. > + Normally, a provider indicates if the algorithms it supplies > + can be cached or not. Using this option will reduce run-time > + memory usage but it also introduces a significant performance > + penalty. This option is primarily designed to help with > + detecting incorrect reference counting. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP > + bool "enable CMP" > + default y > + help > + Build support for Certificate Management Protocol (CMP) and > + Certificate Request Message Format (CRMF). > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL > + bool "enable thread pool" > + default y > + depends on BR2_TOOLCHAIN_HAS_THREADS > + help > + Build with thread pool functionality. If enabled, OpenSSL > + algorithms may use the thread pool to perform parallel > + computation. This option in itself does not enable OpenSSL > + to spawn new threads. Currently the only supported thread > + pool mechanism is the default thread pool. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX > + bool "enable ECX" > + default y > + help > + Build with ECX support. Disabling this option can be used > + to disable support for X25519, X448, and EdDSA. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE > + bool "enable 'loader_attic' engine" > + default y > + depends on BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE > + help > + Build with 'loader_attic' engine support, which is meant > + just for internal OpenSSL testing purposes and supports > + loading keys, parameters, certificates, and CRLs from files. > + When this engine is used, files with such credentials are > + read via this engine. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE > + bool "enable padlock engine" > + default y > + help > + Build the padlock engine. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE > + bool "enable modules" > + default y > + help > + Build modules. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC > + bool "enable QUIC" > + default y > + help > + Build with QUIC support. > + > +config BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY > + bool "enable secure memory" > + default y > + help > + Build with secure memory support. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV > + bool "enable SIV" > + default y > + help > + Build with RFC5297 AES-SIV support. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE > + bool "enable SM2 precomputed table" > + default y > + depends on BR2_aarch64 > + help > + Enable using the SM2 precomputed table. Disabling this option > + makes the library smaller. > + > +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE > + bool "enable SSL trace" > + default y > + help > + Build with SSL Trace support. Disabling this option may > + provide a small reduction in libssl binary size. > + > endif # BR2_PACKAGE_LIBOPENSSL > diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk > index 89a9189bb851..601afb6a7d79 100644 > --- a/package/libopenssl/libopenssl.mk > +++ b/package/libopenssl/libopenssl.mk > @@ -107,6 +107,19 @@ define LIBOPENSSL_CONFIGURE_CMDS > $(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug no-autoerrinit) \ > $(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \ > $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2),,no-argon2) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH),,no-cached-fetch) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP),,no-cmp) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL),,no-thread-pool no-default-thread-pool) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX),,no-ecx) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE),,no-loadereng) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE),,no-padlockeng) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE),,no-module) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC),,no-quic) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY),,no-secure-memory) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV),,no-siv) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE),,no-sm2-precomp) \ > + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE),,no-ssl-trace) \ > $(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \ > $(if $(BR2_STATIC_LIBS),no-dso) > endef > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in index 0c8db52e2e1d..03d3def802ff 100644 --- a/package/libopenssl/Config.in +++ b/package/libopenssl/Config.in @@ -133,4 +133,100 @@ config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP bool "enable compression" default y +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2 + bool "enable ARGON2" + default y + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH + bool "enable cached fetch" + default y + help + Cache algorithms when they are fetched from a provider. + Normally, a provider indicates if the algorithms it supplies + can be cached or not. Using this option will reduce run-time + memory usage but it also introduces a significant performance + penalty. This option is primarily designed to help with + detecting incorrect reference counting. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP + bool "enable CMP" + default y + help + Build support for Certificate Management Protocol (CMP) and + Certificate Request Message Format (CRMF). + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL + bool "enable thread pool" + default y + depends on BR2_TOOLCHAIN_HAS_THREADS + help + Build with thread pool functionality. If enabled, OpenSSL + algorithms may use the thread pool to perform parallel + computation. This option in itself does not enable OpenSSL + to spawn new threads. Currently the only supported thread + pool mechanism is the default thread pool. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX + bool "enable ECX" + default y + help + Build with ECX support. Disabling this option can be used + to disable support for X25519, X448, and EdDSA. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE + bool "enable 'loader_attic' engine" + default y + depends on BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE + help + Build with 'loader_attic' engine support, which is meant + just for internal OpenSSL testing purposes and supports + loading keys, parameters, certificates, and CRLs from files. + When this engine is used, files with such credentials are + read via this engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE + bool "enable padlock engine" + default y + help + Build the padlock engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE + bool "enable modules" + default y + help + Build modules. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC + bool "enable QUIC" + default y + help + Build with QUIC support. + +config BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY + bool "enable secure memory" + default y + help + Build with secure memory support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV + bool "enable SIV" + default y + help + Build with RFC5297 AES-SIV support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE + bool "enable SM2 precomputed table" + default y + depends on BR2_aarch64 + help + Enable using the SM2 precomputed table. Disabling this option + makes the library smaller. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE + bool "enable SSL trace" + default y + help + Build with SSL Trace support. Disabling this option may + provide a small reduction in libssl binary size. + endif # BR2_PACKAGE_LIBOPENSSL diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index 89a9189bb851..601afb6a7d79 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -107,6 +107,19 @@ define LIBOPENSSL_CONFIGURE_CMDS $(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug no-autoerrinit) \ $(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2),,no-argon2) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH),,no-cached-fetch) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP),,no-cmp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL),,no-thread-pool no-default-thread-pool) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX),,no-ecx) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE),,no-loadereng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE),,no-padlockeng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE),,no-module) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC),,no-quic) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY),,no-secure-memory) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV),,no-siv) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE),,no-sm2-precomp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE),,no-ssl-trace) \ $(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \ $(if $(BR2_STATIC_LIBS),no-dso) endef
The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1, added new compilation options. This led to a significant increase in the size of the library. These options allow user to disable these features to obtain a smaller library size. To ensure backward compatibility, all items are selected by default. Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> --- Changes v1 -> v2: - Drop BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL and use a single option (i. e. BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL) that enables the default thread-pool. package/libopenssl/Config.in | 96 ++++++++++++++++++++++++++++++++ package/libopenssl/libopenssl.mk | 13 +++++ 2 files changed, 109 insertions(+)