I can make a config option for it if you like and enable it by default. (FYI: no-srp saves almost 16K on libcrypto and 9,5K on libssl)
Dirk F. On 9 June 2016 at 23:39, Karl Palsson <[email protected]> wrote: > On this one, does SRP have to be included? I'm not using it, and > i know it's super uncommon, but it's like PSK, only easier to > use, and disabling it in even more places is just guaranteeing > that it's never going to be used. Totally understand tossing all > the others though. > > Cheers, > Karl P > > > Dirk Feytons <[email protected]> wrote: >> The patch needed for this commit has been sent upstream: >> https://github.com/openssl/openssl/pull/1155 >> >> Signed-off-by: Dirk Feytons <[email protected]> >> --- >> package/libs/openssl/Makefile | 7 +++--- >> .../openssl/patches/302-fix_no_cmac_build.patch | 24 >> ++++++++++++++++++++ >> 2 files changed, 28 insertions(+), 3 deletions(-) >> create mode 100644 package/libs/openssl/patches/302-fix_no_cmac_build.patch >> >> diff --git a/package/libs/openssl/Makefile >> b/package/libs/openssl/Makefile index 2fbb566..4782c42 100644 >> --- a/package/libs/openssl/Makefile >> +++ b/package/libs/openssl/Makefile >> @@ -96,8 +96,9 @@ This package contains the OpenSSL command-line utility. >> endef >> >> >> -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 >> no-camellia no-krb5 -OPENSSL_OPTIONS:= shared no-err no-sse2 >> no-ssl2 +OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 >> no-sha0 no-camellia no-krb5 no-srp \ >> + no-whrlpool no-whirlpool no-bf no-ripemd no-seed no-cast no-cmac >> +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method >> no-heartbeats >> >> ifdef CONFIG_OPENSSL_ENGINE_CRYPTO >> OPENSSL_OPTIONS += -DHAVE_CRYPTODEV >> @@ -117,7 +118,7 @@ ifndef CONFIG_OPENSSL_WITH_EC2M >> endif >> >> ifndef CONFIG_OPENSSL_WITH_SSL3 >> - OPENSSL_OPTIONS += no-ssl3 >> + OPENSSL_OPTIONS += no-ssl3 no-ssl3-method >> endif >> >> ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT >> diff --git >> a/package/libs/openssl/patches/302-fix_no_cmac_build.patch >> b/package/libs/openssl/patches/302-fix_no_cmac_build.patch new >> file mode 100644 index 0000000..1b94f24 >> --- /dev/null >> +++ b/package/libs/openssl/patches/302-fix_no_cmac_build.patch >> @@ -0,0 +1,24 @@ >> +--- a/crypto/asn1/ameth_lib.c >> ++++ b/crypto/asn1/ameth_lib.c >> +@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *stand >> + &eckey_asn1_meth, >> + #endif >> + &hmac_asn1_meth, >> ++#ifndef OPENSSL_NO_CMAC >> + &cmac_asn1_meth, >> ++#endif >> + #ifndef OPENSSL_NO_DH >> + &dhx_asn1_meth >> + #endif >> +--- a/crypto/evp/pmeth_lib.c >> ++++ b/crypto/evp/pmeth_lib.c >> +@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_m >> + &ec_pkey_meth, >> + #endif >> + &hmac_pkey_meth, >> ++#ifndef OPENSSL_NO_CMAC >> + &cmac_pkey_meth, >> ++#endif >> + #ifndef OPENSSL_NO_DH >> + &dhx_pkey_meth >> + #endif _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
