diff options
author | Yi Li <yi1.li@intel.com> | 2023-04-17 16:20:31 +0800 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-14 13:06:22 +1000 |
commit | 4032cd9a1434610e4dc2bbde01f98d04faa615e5 (patch) | |
tree | 6e40e7f29433428db03d9111e496716f2b6dd96a /crypto | |
parent | cc343d047c147e0a395fb101efbe9dedf458aa17 (diff) | |
download | openssl-4032cd9a1434610e4dc2bbde01f98d04faa615e5.tar.gz |
configure: introduce no-ecx to remove ECX related feature
This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/standard_methods.h | 4 | ||||
-rw-r--r-- | crypto/ec/build.info | 53 | ||||
-rw-r--r-- | crypto/evp/p_lib.c | 4 | ||||
-rw-r--r-- | crypto/evp/pmeth_lib.c | 4 | ||||
-rw-r--r-- | crypto/hpke/hpke_util.c | 4 | ||||
-rw-r--r-- | crypto/x509/x_pubkey.c | 2 |
6 files changed, 47 insertions, 24 deletions
diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h index 0b0c7ef686..0e2cdbd50e 100644 --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -32,11 +32,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_DH &ossl_dhx_asn1_meth, #endif -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX &ossl_ecx25519_asn1_meth, &ossl_ecx448_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC &ossl_ed25519_asn1_meth, &ossl_ed448_asn1_meth, #endif diff --git a/crypto/ec/build.info b/crypto/ec/build.info index e4799ad37a..6fd73e4573 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -3,9 +3,12 @@ IF[{- !$disabled{asm} -}] $ECASM_x86=ecp_nistz256.c ecp_nistz256-x86.S $ECDEF_x86=ECP_NISTZ256_ASM - $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s - $ECDEF_x86_64=ECP_NISTZ256_ASM X25519_ASM - + $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s + $ECDEF_x86_64=ECP_NISTZ256_ASM + IF[{- !$disabled{'ecx'} -}] + $ECASM_x86_64=$ECASM_x86_64 x25519-x86_64.s + $ECDEF_x86_64=$ECDEF_x86_64 X25519_ASM + ENDIF $ECASM_ia64= $ECASM_sparcv9=ecp_nistz256.c ecp_nistz256-sparcv9.S @@ -18,7 +21,10 @@ IF[{- !$disabled{asm} -}] $ECASM_mips32= $ECASM_mips64= - $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c + $ECASM_s390x=ecp_s390x_nistp.c + IF[{- !$disabled{'ecx'} -}] + $ECASM_s390x=$ECASM_s390x ecx_s390x.c + ENDIF $ECDEF_s390x=S390X_EC_ASM $ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S @@ -30,13 +36,18 @@ IF[{- !$disabled{asm} -}] $ECASM_parisc20_64= $ECASM_ppc32= - $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s - $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM + $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s + $ECDEF_ppc64=ECP_NISTZ256_ASM IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM INCLUDE[ecp_nistp521.o]=.. ENDIF + IF[{- !$disabled{'ecx'} -}] + $ECASM_ppc64=$ECASM_ppc64 x25519-ppc64.s + $ECDEF_ppc64=$ECDEF_ppc64 X25519_ASM + INCLUDE[ecx_s390x.o]=.. + ENDIF $ECASM_c64xplus= @@ -49,22 +60,29 @@ IF[{- !$disabled{asm} -}] ENDIF $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ + ec_curve.c ec_check.c ec_key.c ec_kmeth.c ec_asn1.c \ ec2_smpl.c \ ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ - ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ - curve448/f_generic.c curve448/scalar.c \ - curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ - curve448/arch_32/f_impl32.c + ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c \ + $ECASM ec_backend.c ecdh_kdf.c + +IF[{- !$disabled{'ecx'} -}] + $COMMON=$COMMON curve25519.c curve448/f_generic.c curve448/scalar.c \ + curve448/arch_64/f_impl64.c ecx_backend.c curve448/arch_32/f_impl32.c \ + curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ + ecx_key.c +ENDIF IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c ENDIF -SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \ +SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c \ ec_err.c eck_prn.c \ ec_deprecated.c ec_print.c +IF[{- !$disabled{'ecx'} -}] + SOURCE[../../libcrypto]=ecx_meth.c +ENDIF SOURCE[../../providers/libfips.a]=$COMMON # Implementations are now spread across several libraries, so the defines @@ -90,9 +108,10 @@ GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl INCLUDE[ecp_nistz256-sparcv9.o]=.. INCLUDE[ecp_s390x_nistp.o]=.. -INCLUDE[ecx_s390x.o]=.. -INCLUDE[ecx_meth.o]=.. -INCLUDE[ecx_key.o]=.. +IF[{- !$disabled{'ecx'} -}] + INCLUDE[ecx_meth.o]=.. + INCLUDE[ecx_key.o]=.. +ENDIF GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl INCLUDE[ecp_nistz256-armv4.o]=.. @@ -102,5 +121,7 @@ GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl +IF[{- !$disabled{'ecx'} -}] GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl +ENDIF diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d0a7fde1e6..b26b606505 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -872,7 +872,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) } # endif /* OPENSSL_NO_DSA */ -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { if (EVP_PKEY_get_base_id(pkey) != type) { @@ -901,7 +901,7 @@ IMPLEMENT_ECX_VARIANT(X448) IMPLEMENT_ECX_VARIANT(ED25519) IMPLEMENT_ECX_VARIANT(ED448) -# endif +# endif /* OPENSSL_NO_ECX */ # if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index caf10b2d5c..4b5225e439 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -66,11 +66,9 @@ static pmeth_fn standard_methods[] = { # ifndef OPENSSL_NO_DH ossl_dhx_pkey_method, # endif -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX ossl_ecx25519_pkey_method, ossl_ecx448_pkey_method, -# endif -# ifndef OPENSSL_NO_EC ossl_ed25519_pkey_method, ossl_ed448_pkey_method, # endif diff --git a/crypto/hpke/hpke_util.c b/crypto/hpke/hpke_util.c index 2591ff6c75..b7a40b1591 100644 --- a/crypto/hpke/hpke_util.c +++ b/crypto/hpke/hpke_util.c @@ -66,12 +66,14 @@ static const OSSL_HPKE_KEM_INFO hpke_kem_tab[] = { LN_sha384, SHA384_DIGEST_LENGTH, 97, 97, 48, 0xFF }, { OSSL_HPKE_KEM_ID_P521, "EC", OSSL_HPKE_KEMSTR_P521, LN_sha512, SHA512_DIGEST_LENGTH, 133, 133, 66, 0x01 }, +# ifndef OPENSSL_NO_ECX { OSSL_HPKE_KEM_ID_X25519, OSSL_HPKE_KEMSTR_X25519, NULL, LN_sha256, SHA256_DIGEST_LENGTH, X25519_KEYLEN, X25519_KEYLEN, X25519_KEYLEN, 0x00 }, { OSSL_HPKE_KEM_ID_X448, OSSL_HPKE_KEMSTR_X448, NULL, LN_sha512, SHA512_DIGEST_LENGTH, X448_KEYLEN, X448_KEYLEN, X448_KEYLEN, 0x00 } +# endif #else { OSSL_HPKE_KEM_ID_RESERVED, NULL, NULL, NULL, 0, 0, 0, 0, 0x00 } #endif @@ -122,10 +124,12 @@ static const synonymttab_t kemstrtab[] = { {OSSL_HPKE_KEMSTR_P384, "0x11", "0x11", "17" }}, {OSSL_HPKE_KEM_ID_P521, {OSSL_HPKE_KEMSTR_P521, "0x12", "0x12", "18" }}, +# ifndef OPENSSL_NO_ECX {OSSL_HPKE_KEM_ID_X25519, {OSSL_HPKE_KEMSTR_X25519, "0x20", "0x20", "32" }}, {OSSL_HPKE_KEM_ID_X448, {OSSL_HPKE_KEMSTR_X448, "0x21", "0x21", "33" }} +# endif }; static const synonymttab_t kdfstrtab[] = { {OSSL_HPKE_KDF_ID_HKDF_SHA256, diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 6726cac857..ec7d74af5f 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -835,6 +835,7 @@ int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) return ret; } +# ifndef OPENSSL_NO_ECX ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, const unsigned char **pp, long length) { @@ -1002,6 +1003,7 @@ int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp) return ret; } +# endif /* OPENSSL_NO_ECX */ #endif void X509_PUBKEY_set0_public_key(X509_PUBKEY *pub, |