[PATCH 0/5] libressl: Restore support for some OPENSSL_NO_xxx defines

Sun, 05 Oct 2014 02:30:58 -0700 

I am trying to build a smaller libressl(portable) and this is the
src code I had change.

The auto based build system also needs tweeking, I simply removed
those lines for now but it would be nice with proper --enable/--disable
knobs.

I did not manage to build with any of
#define OPENSSL_NO_DH
#define OPENSSL_NO_ECDH
#define OPENSSL_NO_EC
#define OPENSSL_NO_ECDSA
#define OPENSSL_NO_DSA
defined. These seems to be dependend on each other and I don't
dare to mess with the code.

Finally, #define OPENSSL_NO_OBJECT builds but ssl SEGV when executed.
Is there any way to make this work or atleast make OBJECT much smaller?

I can currently build libressl with these defined, but I cannot
tell if any of them sholed be removed from a security perspective?

#define OPENSSL_NO_ERR
#define OPENSSL_NO_DTLS1
#define OPENSSL_NO_RC2
#define OPENSSL_NO_RC4
#define OPENSSL_NO_IDEA
#define OPENSSL_NO_RIPEMD
#define OPENSSL_NO_DSO
#define OPENSSL_NO_DES
#define OPENSSL_NO_MDC2
#define OPENSSL_NO_WHIRLPOOL
#define OPENSSL_NO_BF
#define OPENSSL_NO_CAST
#define OPENSSL_NO_EC2M
#define OPENSSL_NO_SHA512
#define OPENSSL_NO_SHA0
#define OPENSSL_NO_SHA256
#define OPENSSL_NO_X509
#define OPENSSL_NO_HASH_COMP
#define OPENSSL_NO_DGRAM
#define OPENSSL_NO_COMP
#define OPENSSL_NO_CHAIN_VERIFY
#define OPENSSL_NO_ENGINE
#define OPENSSL_NO_HW
#define OPENSSL_NO_RSAX
#define OPENSSL_NO_STATIC_ENGINE
#define OPENSSL_NO_ENTROPY_FALLBACK


Joakim Tjernlund (5):
  Add missing OPENSSL_NO_DTLS1
  Add OPENSSL_NO_DSO
  Add OPENSSL_NO_SHA512
  Add a few missing #include <openssl/err.h>
  Fix OPENSSL_NO_SHA256

 apps/s_client.c                  |  5 ++++-
 apps/s_server.c                  |  4 +++-
 crypto/asn1/d2i_pr.c             |  1 +
 crypto/compat/getentropy_linux.c | 10 ++++++++++
 crypto/conf/conf_mod.c           |  4 ++++
 crypto/conf/conf_sap.c           |  1 +
 crypto/dh/dh_lib.c               |  1 +
 crypto/dsa/dsa_gen.c             |  6 ++++--
 crypto/dsa/dsa_lib.c             |  1 +
 crypto/engine/eng_all.c          |  2 ++
 crypto/evp/digest.c              |  1 +
 crypto/evp/pmeth_lib.c           |  1 +
 crypto/pem/pem_lib.c             |  1 +
 crypto/pem/pem_pkey.c            |  1 +
 crypto/rsa/rsa_crpt.c            |  1 +
 crypto/rsa/rsa_lib.c             |  1 +
 ssl/s3_cbc.c                     |  9 ++++++++-
 ssl/s3_clnt.c                    |  8 +++++++-
 ssl/ssl_algs.c                   |  4 ++++
 ssl/ssl_locl.h                   |  5 ++++-
 ssl/t1_lib.c                     |  4 ++++
 21 files changed, 64 insertions(+), 7 deletions(-)

-- 
1.8.5.5

Reply via email to