From patchwork Mon Jul 8 17:08:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dario Binacchi X-Patchwork-Id: 3199 Return-Path: X-Original-To: linux-amarula@patchwork.amarulasolutions.com Delivered-To: linux-amarula@patchwork.amarulasolutions.com Received: from mail-lj1-f197.google.com (mail-lj1-f197.google.com [209.85.208.197]) by ganimede.amarulasolutions.com (Postfix) with ESMTPS id 5BA523F1F3 for ; Mon, 8 Jul 2024 19:09:07 +0200 (CEST) Received: by mail-lj1-f197.google.com with SMTP id 38308e7fff4ca-2ee847979c4sf43916761fa.3 for ; Mon, 08 Jul 2024 10:09:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1720458546; cv=pass; d=google.com; s=arc-20160816; b=emYw5cwW/uDeBnX+0ANSFaqYkfyJ8l2TsS7QIO6LGxHCNHJaQP0yCujfx6Tmfatyn+ hSAXBsjFI4sKXnCZzCaE3uPi9K/Vi6kfqaWkdSgNmQzgb83dCeQfFFV4HBe7J1g094tn VrRonglTQ7+lCz36N57UNU7s2fAvaJ5AS2sBxz6Q2IGhBs+v0b+KhGSphG4ADbMCMPPM gR4zOAyeZQEK1m32oR78oHp9qoX5HHyXdXQpI32JTV6BcHqcOZPPaR2JgeY4h25uKdjp ppIkhEs84Y+Z7ihAU/+NzPOXmh1VBwZWLsBZzUlb+kFV6Y+0P5quISX1jh14vayj5H1n hrlA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:mime-version:message-id:date:subject:cc:to :from:dkim-signature; bh=Ee+13CArrZOE8CW4CVfmRbYsdMFq0jy1+VP5xp9DuRo=; fh=NRPVqgBBz8qAKYhcC+Y5D87uFamB/tqocYuIcJGWo1I=; b=o1Um3RjGJGrt1i+f6Y4E8C+O78LrtJWlgOrl01Ao2XmPcukKtTYWQ79CvpxoMxbK07 0fsWdH4pRgSnF1ZIxZ2WXb4oDttupDfntL7VYzorxSAMb8FTErYLxKIbQyml0o50CQS5 uL+lXDPPM+8XQEGIhujQduSMEaN0mf7MccHhhztGXlT/FXwUiW9qdahRvTngGE1qSHSl YO2LAXj89n+OB8p5YLPwcUe7IfebAw9dzGRHABE0zgQKCv3/wBkM7CwNOwZdRnu3gCuo PX+Jt65U8naZh/kuLH4jAWoBMAn2F/1tpCrU7zha+g6/EnKvecvaJIKvZ98nnb1f379C WwLw==; darn=patchwork.amarulasolutions.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=eD159OoZ; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; t=1720458546; x=1721063346; darn=patchwork.amarulasolutions.com; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=Ee+13CArrZOE8CW4CVfmRbYsdMFq0jy1+VP5xp9DuRo=; b=cm1xEnc5WZxbXBj6VmhRK6sEkIOzYXHQCgkemiDYmkxhe96MHgof8wwa/4iRQbfzbi tUlA+UvPDfGSz0G7hybMxxO1npAA2cMLqTQ94frJR4xzDenPhZNnQfgSJ8dGdwk2kC4j AHvaiobCIBsiIgIqeyzEezRByeS/VYTfAc9uo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720458546; x=1721063346; h=list-unsubscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Ee+13CArrZOE8CW4CVfmRbYsdMFq0jy1+VP5xp9DuRo=; b=D7Ie3Nkv/mPCz0l4+NxGbfLoAfzeYy11iUIy9OLJEcCBFtX4k6p3H1++KkfpsvAseu 5cZnk0pA8LP5h0k+Ehveilg+DiEEXEvt1K2jNiBZkA3PFFw4zIUdhaMCQP7dIQWNwM9g vmuyW13j1sfgDhHYO2S/Fr48a9YE2mlCYcD2ZnwicpuwWcveKM3WzaKpYkmMeXSOTB4X y6VytfswtpqAilAxsVuHfwOe+H+lKlUoZEF6Q/enTqaoZAOXuXlU2S9ntWTI2Atc0ZjL OqlZmYrcHigua3aKyDzRD+WLtkCRsR1jcFxJXvaCS0PIrSl2bjAVakva6FF2r684qHjl 91bw== X-Forwarded-Encrypted: i=2; AJvYcCXHTT3gYOwCR9j3tIAyrSQj0GEyMiIbGWnGQ0pWPZft1NGXVP3Ya8pH/GaTDE5KZUiR6HWHlqAOkpOK7z1xYOQPV0rP57lgv9dl+l4HDlmIJVIuKYg+2wwIvFtrYw== X-Gm-Message-State: AOJu0Yx5CyQ1ujTWkXeGz5x0X7lKt0oi7/v763nw0f8hpjkclhTQbovh 2DG+nEkQY/4Mlg+rNpW63oiLGiC/8vWdVbJLUQBlD9Z6z8k3MimdVEkJZhnUmt8Rrw== X-Google-Smtp-Source: AGHT+IEuvnO+qcWPOQiIa5IUlvEaaQG4bRUYvL5ZAbpf3z9M3Ox3/7BpSAIwMCkt81JccYYSRRpqDA== X-Received: by 2002:a2e:9e06:0:b0:2ee:8d07:3d51 with SMTP id 38308e7fff4ca-2eeb3197b9amr1750001fa.49.1720458546320; Mon, 08 Jul 2024 10:09:06 -0700 (PDT) X-BeenThere: linux-amarula@amarulasolutions.com Received: by 2002:a05:651c:107a:b0:2ee:8477:7703 with SMTP id 38308e7fff4ca-2ee8cd9d7a0ls20988401fa.1.-pod-prod-02-eu; Mon, 08 Jul 2024 10:09:05 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW5PXXZ48pzF954S1usdOOyIWLhDz/l5K2FiIUd68+vCKLJWBrNBmhknpRw4r4/hUyExuVFZf1QjshZycoQ4R6LctOAMNn60LdNfDLWoIa85SPZ X-Received: by 2002:a2e:9658:0:b0:2ec:53ad:464 with SMTP id 38308e7fff4ca-2eeb3188da9mr2048521fa.34.1720458544632; Mon, 08 Jul 2024 10:09:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720458544; cv=none; d=google.com; s=arc-20160816; b=Z0yt4JNiRSgZFymelKu3caXwnuGZq2HqS1iU9jv15jwNw/cv2pe/vmsDbhz1xb7all T0XkaqCN2vq9MqmlCzVXZVh+G8Xldvfbf2tUwhl8s71o8VD9HLg3c3fX3jnnG+/Vlit2 P4NQz0vUutXj6COeTYe6Vx+d/lwAr5z3OnQYMzVlrbAfrVowdFjjknUnV0ZGvdqfcAVq tRPtX7PlbcdJL1CEdTNiy2XTiH9NOH2axV51Yj630UX8XiGwrtesEpcXiyn5goHnWaHb pthfIr3RHW510Su6GptUS+Y7TjG9wrEqVwWHU3APRm7YHs2NRhN5vE0SHnccVORwIWog mNxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=0idw9Wv9xeqcdcc/MOvIc7s7qNsGBSH1+Z8K5Mp6Pl8=; fh=Lp6esS7YFyDs//elTBFtD2tEKkJsOf3K1WdIWtnvQ6s=; b=sVPZK5UlzCEE6DUCvx3gQmjiV9ytB4nlgxSO0g/YOlGOZu7kaS+kdqdN4a4YrvBVei NRhoAIN+caKndaTTa3rmdY0zRh+hgqovGLqpwSg5oZ8LjQGSNwjSMeoUGhq1KZrc7ZjB GwmlsPfAw0VRuWlcKOQeWlPCEPlfTUgF+y+DuooDa8pDnuRQtUhHw2aNouR/3/XW7VcE KXq3yzQtG/lLOgw3nal6VINozhxUYpeiiC1rETQ6FrWKYafp1PBeZNOvewCb2DtFZQpA JQstUJh/LGcQ2bBbluwJgzutCboz4mdAK4DTe/rTGlksBVdTbrIi8r/8Z8GM16wc1DKx mRDQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=eD159OoZ; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id 38308e7fff4ca-2eeb3466bc8sor304191fa.9.2024.07.08.10.09.04 for (Google Transport Security); Mon, 08 Jul 2024 10:09:04 -0700 (PDT) Received-SPF: pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Forwarded-Encrypted: i=1; AJvYcCX3cJJM8QtZcNQ52rUq+7pdFGGG7m1NZC2S37nX+lLET6w4t72GqgIjATPk1pavDrxnS62EFSyJZQX7eM4b0Z/x/BFGWnmGzfGQIyFtKrOOf7wN X-Received: by 2002:a2e:3608:0:b0:2ee:6b86:b098 with SMTP id 38308e7fff4ca-2eeb30b8446mr2542601fa.8.1720458544098; Mon, 08 Jul 2024 10:09:04 -0700 (PDT) Received: from dario-ThinkPad-T14s-Gen-2i.amarulasolutions.com ([2.196.41.100]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-594bbe2cf88sm56118a12.30.2024.07.08.10.09.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jul 2024 10:09:03 -0700 (PDT) From: Dario Binacchi To: buildroot@buildroot.org Cc: "Yann E . MORIN" , linux-amarula@amarulasolutions.com, Dario Binacchi Subject: [PATCH v2] package/libopenssl: add new configuration options Date: Mon, 8 Jul 2024 19:08:56 +0200 Message-ID: <20240708170856.803984-1-dario.binacchi@amarulasolutions.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Original-Sender: dario.binacchi@amarulasolutions.com X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=eD159OoZ; spf=pass (google.com: domain of dario.binacchi@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=dario.binacchi@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list linux-amarula@amarulasolutions.com; contact linux-amarula+owners@amarulasolutions.com List-ID: X-Spam-Checked-In-Group: linux-amarula@amarulasolutions.com X-Google-Group-Id: 476853432473 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , The transition from version 1.1 to 3.0.9, and subsequently to 3.3.1, added new compilation options. This led to a significant increase in the size of the library. These options allow user to disable these features to obtain a smaller library size. To ensure backward compatibility, all items are selected by default. Signed-off-by: Dario Binacchi --- Changes v1 -> v2: - Drop BR2_PACKAGE_LIBOPENSSL_ENABLE_DEFAULT_THREAD_POOL and use a single option (i. e. BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL) that enables the default thread-pool. package/libopenssl/Config.in | 96 ++++++++++++++++++++++++++++++++ package/libopenssl/libopenssl.mk | 13 +++++ 2 files changed, 109 insertions(+) diff --git a/package/libopenssl/Config.in b/package/libopenssl/Config.in index 0c8db52e2e1d..03d3def802ff 100644 --- a/package/libopenssl/Config.in +++ b/package/libopenssl/Config.in @@ -133,4 +133,100 @@ config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP bool "enable compression" default y +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2 + bool "enable ARGON2" + default y + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH + bool "enable cached fetch" + default y + help + Cache algorithms when they are fetched from a provider. + Normally, a provider indicates if the algorithms it supplies + can be cached or not. Using this option will reduce run-time + memory usage but it also introduces a significant performance + penalty. This option is primarily designed to help with + detecting incorrect reference counting. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP + bool "enable CMP" + default y + help + Build support for Certificate Management Protocol (CMP) and + Certificate Request Message Format (CRMF). + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL + bool "enable thread pool" + default y + depends on BR2_TOOLCHAIN_HAS_THREADS + help + Build with thread pool functionality. If enabled, OpenSSL + algorithms may use the thread pool to perform parallel + computation. This option in itself does not enable OpenSSL + to spawn new threads. Currently the only supported thread + pool mechanism is the default thread pool. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX + bool "enable ECX" + default y + help + Build with ECX support. Disabling this option can be used + to disable support for X25519, X448, and EdDSA. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE + bool "enable 'loader_attic' engine" + default y + depends on BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE + help + Build with 'loader_attic' engine support, which is meant + just for internal OpenSSL testing purposes and supports + loading keys, parameters, certificates, and CRLs from files. + When this engine is used, files with such credentials are + read via this engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE + bool "enable padlock engine" + default y + help + Build the padlock engine. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE + bool "enable modules" + default y + help + Build modules. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC + bool "enable QUIC" + default y + help + Build with QUIC support. + +config BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY + bool "enable secure memory" + default y + help + Build with secure memory support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV + bool "enable SIV" + default y + help + Build with RFC5297 AES-SIV support. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE + bool "enable SM2 precomputed table" + default y + depends on BR2_aarch64 + help + Enable using the SM2 precomputed table. Disabling this option + makes the library smaller. + +config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE + bool "enable SSL trace" + default y + help + Build with SSL Trace support. Disabling this option may + provide a small reduction in libssl binary size. + endif # BR2_PACKAGE_LIBOPENSSL diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index 89a9189bb851..601afb6a7d79 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -107,6 +107,19 @@ define LIBOPENSSL_CONFIGURE_CMDS $(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug no-autoerrinit) \ $(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \ $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ARGON2),,no-argon2) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CACHED_FETCH),,no-cached-fetch) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CMP),,no-cmp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_THREAD_POOL),,no-thread-pool no-default-thread-pool) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_ECX),,no-ecx) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_LOADER_ENGINE),,no-loadereng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PADLOCK_ENGINE),,no-padlockeng) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MODULE),,no-module) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_QUIC),,no-quic) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_SECURE_MEMORY),,no-secure-memory) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SIV),,no-siv) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SM2_PRECOMP_TABLE),,no-sm2-precomp) \ + $(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL_TRACE),,no-ssl-trace) \ $(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \ $(if $(BR2_STATIC_LIBS),no-dso) endef