@@ -133,4 +133,100 @@ config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP
bool "enable compression"
default y
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2
+ bool "enable ARGON2"
+ default y
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH
+ bool "enable cached fetch"
+ default y
+ help
+ Cache algorithms when they are fetched from a provider.
+ Normally, a provider indicates if the algorithms it supplies
+ can be cached or not. Using this option will reduce run-time
+ memory usage but it also introduces a significant performance
+ penalty. This option is primarily designed to help with
+ detecting incorrect reference counting.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP
+ bool "enable CMP"
+ default y
+ help
+ Build support for Certificate Management Protocol (CMP) and
+ Certificate Request Message Format (CRMF).
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL
+ bool "enable thread pool"
+ default y
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ help
+ Build with thread pool functionality. If enabled, OpenSSL
+ algorithms may use the thread pool to perform parallel
+ computation. This option in itself does not enable OpenSSL
+ to spawn new threads. Currently the only supported thread
+ pool mechanism is the default thread pool.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX
+ bool "enable ECX"
+ default y
+ help
+ Build with ECX support. Disabling this option can be used
+ to disable support for X25519, X448, and EdDSA.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE
+ bool "enable 'loader_attic' engine"
+ default y
+ depends on BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE
+ help
+ Build with 'loader_attic' engine support, which is meant
+ just for internal OpenSSL testing purposes and supports
+ loading keys, parameters, certificates, and CRLs from files.
+ When this engine is used, files with such credentials are
+ read via this engine.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE
+ bool "enable padlock engine"
+ default y
+ help
+ Build the padlock engine.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE
+ bool "enable modules"
+ default y
+ help
+ Build modules.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC
+ bool "enable QUIC"
+ default y
+ help
+ Build with QUIC support.
+
+config BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY
+ bool "enable secure memory"
+ default y
+ help
+ Build with secure memory support.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV
+ bool "enable SIV"
+ default y
+ help
+ Build with RFC5297 AES-SIV support.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE
+ bool "enable SM2 precomputed table"
+ default y
+ depends on BR2_aarch64
+ help
+ Enable using the SM2 precomputed table. Disabling this option
+ makes the library smaller.
+
+config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE
+ bool "enable SSL trace"
+ default y
+ help
+ Build with SSL Trace support. Disabling this option may
+ provide a small reduction in libssl binary size.
+
endif # BR2_PACKAGE_LIBOPENSSL
@@ -107,6 +107,19 @@ define LIBOPENSSL_CONFIGURE_CMDS
$(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug no-autoerrinit) \
$(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2),,no-argon2) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH),,no-cached-fetch) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP),,no-cmp) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL),,no-thread-pool no-default-thread-pool) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX),,no-ecx) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE),,no-loadereng) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE),,no-padlockeng) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE),,no-module) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC),,no-quic) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY),,no-secure-memory) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV),,no-siv) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE),,no-sm2-precomp) \
+ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE),,no-ssl-trace) \
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
$(if $(BR2_STATIC_LIBS),no-dso)
endef
The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1, added new compilation options. This led to a significant increase in the size of the library. These options allow user to disable these features to obtain a smaller library size. To ensure backward compatibility, all items are selected by default. Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com> --- Changes v1 -> v2: - Drop BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL and use a single option (i. e. BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL) that enables the default thread-pool. package/libopenssl/Config.in | 96 ++++++++++++++++++++++++++++++++ package/libopenssl/libopenssl.mk | 13 +++++ 2 files changed, 109 insertions(+)