first try to decrease the size of openssl 0.9.8a
authorImre Kaloz <kaloz@openwrt.org>
Thu, 23 Mar 2006 14:13:12 +0000 (14:13 +0000)
committerImre Kaloz <kaloz@openwrt.org>
Thu, 23 Mar 2006 14:13:12 +0000 (14:13 +0000)
SVN-Revision: 3457

openwrt/package/openssl/Makefile
openwrt/package/openssl/patches/110-optimize-for-size.patch
openwrt/package/openssl/patches/150-no_engines.patch [new file with mode: 0644]

index 0558db61d43b7a0996fc36583f8054419f6ccd48..4028b0e170afc2d566f0df53780b202608d57f4a 100644 (file)
@@ -4,7 +4,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_VERSION:=0.9.8a
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_MD5SUM:=1d16c727c10185e4d694f87f5e424ee1
 
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \
@@ -17,7 +17,8 @@ PKG_CAT:=zcat
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
 
-OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc2 no-rc5
+OPENSSL_NO_CIPHERS:= no-deprecated no-idea no-md2 no-mdc2 no-rc2 no-rc5 no-sha0 no-sha256 no-sha512 no-dsa no-rmd160 no-aes192 no-cast
+OPENSSL_OPTIONS:= shared no-ec no-err no-fips no-hw no-krb5 no-threads zlib-dynamic no-engines
 
 include $(TOPDIR)/package/rules.mk
 
@@ -26,15 +27,17 @@ $(eval $(call PKG_template,OPENSSL_UTIL,openssl-util,$(PKG_VERSION)-$(PKG_RELEAS
 
 $(PKG_BUILD_DIR)/.configured:
        $(SED) 's,/CFLAG=,/CFLAG= $(TARGET_SOFT_FLOAT) ,g' $(PKG_BUILD_DIR)/Configure
+       $(SED) s/OPENWRT_OPTIMIZATION_FLAGS/$(BR2_TARGET_OPTIMIZATION)/g $(PKG_BUILD_DIR)/Configure
        (cd $(PKG_BUILD_DIR); \
                PATH=$(TARGET_PATH) \
-               ./Configure linux-generic32 \
+               ./Configure linux-openwrt \
                  --prefix=/usr \
                  --openssldir=/etc/ssl \
                  -I$(STAGING_DIR)/usr/include \
                  -L$(STAGING_DIR)/usr/lib -ldl \
+                 -DOPENSSL_SMALL_FOOTPRINT \
                  $(OPENSSL_NO_CIPHERS) \
-                 shared no-asm no-ec no-err no-fips no-hw no-krb5 no-threads zlib-dynamic \
+                 $(OPENSSL_OPTIONS) \
        )
        touch $@
 
@@ -46,7 +49,6 @@ $(PKG_BUILD_DIR)/.built:
                depend
        $(MAKE) -C $(PKG_BUILD_DIR) -j1 \
                CC="$(TARGET_CC)" \
-               CCOPTS="$(TARGET_CFLAGS) -fomit-frame-pointer" \
                AR="$(TARGET_CROSS)ar r" \
                RANLIB="$(TARGET_CROSS)ranlib" \
                all build-shared
index 38f57dff72cc6a9a40bfbdfe5a2b49cfa55190ea..6031c25257c8d1b45edb48e0d6a1d7c68f2bb48f 100644 (file)
@@ -1,11 +1,12 @@
---- openssl-0.9.8a/Configure   2006-02-21 20:18:36.000000000 -0800
-+++ openssl-0.9.8a-new/Configure       2006-02-21 20:53:32.000000000 -0800
-@@ -313,7 +313,7 @@
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-DTERMIO -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ppc",  "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc",     "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+diff -ur openssl-0.9.8a/Configure openssl-0.9.8a-owrt/Configure
+--- openssl-0.9.8a/Configure   2005-08-02 12:59:42.000000000 +0200
++++ openssl-0.9.8a-owrt/Configure      2006-03-23 14:16:35.000000000 +0100
+@@ -353,6 +353,8 @@
+ "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
++# OpenWrt targets
++"linux-openwrt","gcc:-DTERMIO OPENWRT_OPTIMIZATION_FLAGS -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### *BSD [do see comment about ${BSDthreads} above!]
+ "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/openwrt/package/openssl/patches/150-no_engines.patch b/openwrt/package/openssl/patches/150-no_engines.patch
new file mode 100644 (file)
index 0000000..b928fbc
--- /dev/null
@@ -0,0 +1,83 @@
+diff -udrNP openssl-0.9.8-stable-SNAP-20050703.orig/util/libeay.num openssl-0.9.8-stable-SNAP-20050703/util/libeay.num
+--- openssl-0.9.8-stable-SNAP-20050703.orig/util/libeay.num    2005-07-04 00:27:14.653639088 +0200
++++ openssl-0.9.8-stable-SNAP-20050703/util/libeay.num 2005-07-04 22:50:07.986576664 +0200
+@@ -2071,7 +2071,6 @@
+ UI_add_error_string                     2633  EXIST::FUNCTION:
+ KRB5_CHECKSUM_free                      2634  EXIST::FUNCTION:
+ OCSP_REQUEST_get_ext                    2635  EXIST::FUNCTION:
+-ENGINE_load_ubsec                       2636  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ ENGINE_register_all_digests             2637  EXIST::FUNCTION:ENGINE
+ PKEY_USAGE_PERIOD_it                    2638  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ PKEY_USAGE_PERIOD_it                    2638  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+@@ -2545,7 +2544,6 @@
+ AES_set_encrypt_key                     3024  EXIST::FUNCTION:AES
+ OCSP_resp_count                         3025  EXIST::FUNCTION:
+ KRB5_CHECKSUM_new                       3026  EXIST::FUNCTION:
+-ENGINE_load_cswift                      3027  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ OCSP_onereq_get0_id                     3028  EXIST::FUNCTION:
+ ENGINE_set_default_ciphers              3029  EXIST::FUNCTION:ENGINE
+ NOTICEREF_it                            3030  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+@@ -2576,7 +2574,6 @@
+ i2d_EXTENDED_KEY_USAGE                  3052  EXIST::FUNCTION:
+ i2d_OCSP_SIGNATURE                      3053  EXIST::FUNCTION:
+ asn1_enc_save                           3054  EXIST::FUNCTION:
+-ENGINE_load_nuron                       3055  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ _ossl_old_des_pcbc_encrypt              3056  EXIST::FUNCTION:DES
+ PKCS12_MAC_DATA_it                      3057  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ PKCS12_MAC_DATA_it                      3057  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+@@ -2600,7 +2597,6 @@
+ i2d_KRB5_CHECKSUM                       3072  EXIST::FUNCTION:
+ ENGINE_set_table_flags                  3073  EXIST::FUNCTION:ENGINE
+ AES_options                             3074  EXIST::FUNCTION:AES
+-ENGINE_load_chil                        3075  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ OCSP_id_cmp                             3076  EXIST::FUNCTION:
+ OCSP_BASICRESP_new                      3077  EXIST::FUNCTION:
+ OCSP_REQUEST_get_ext_by_NID             3078  EXIST::FUNCTION:
+@@ -2667,7 +2663,6 @@
+ OCSP_CRLID_it                           3127  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ i2d_KRB5_AUTHENTBODY                    3128  EXIST::FUNCTION:
+ OCSP_REQUEST_get_ext_count              3129  EXIST::FUNCTION:
+-ENGINE_load_atalla                      3130  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ X509_NAME_it                            3131  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ X509_NAME_it                            3131  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ USERNOTICE_it                           3132  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+@@ -2762,8 +2757,6 @@
+ DES_read_password                       3207  EXIST::FUNCTION:DES
+ UI_UTIL_read_pw                         3208  EXIST::FUNCTION:
+ UI_UTIL_read_pw_string                  3209  EXIST::FUNCTION:
+-ENGINE_load_aep                         3210  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+-ENGINE_load_sureware                    3211  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ OPENSSL_add_all_algorithms_noconf       3212  EXIST:!VMS:FUNCTION:
+ OPENSSL_add_all_algo_noconf             3212  EXIST:VMS:FUNCTION:
+ OPENSSL_add_all_algorithms_conf         3213  EXIST:!VMS:FUNCTION:
+@@ -2772,7 +2765,6 @@
+ AES_ofb128_encrypt                      3215  EXIST::FUNCTION:AES
+ AES_ctr128_encrypt                      3216  EXIST::FUNCTION:AES
+ AES_cfb128_encrypt                      3217  EXIST::FUNCTION:AES
+-ENGINE_load_4758cca                     3218  EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ _ossl_096_des_random_seed               3219  EXIST::FUNCTION:DES
+ EVP_aes_256_ofb                         3220  EXIST::FUNCTION:AES
+ EVP_aes_192_ofb                         3221  EXIST::FUNCTION:AES
+@@ -3107,7 +3099,6 @@
+ STORE_method_set_modify_function        3530  EXIST:!VMS:FUNCTION:
+ STORE_meth_set_modify_fn                3530  EXIST:VMS:FUNCTION:
+ STORE_parse_attrs_next                  3531  EXIST::FUNCTION:
+-ENGINE_load_padlock                     3532  EXIST::FUNCTION:ENGINE
+ EC_GROUP_set_curve_name                 3533  EXIST::FUNCTION:EC
+ X509_CERT_PAIR_it                       3534  EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ X509_CERT_PAIR_it                       3534  EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+diff -udrNP openssl-0.9.8-stable-SNAP-20050703.orig/Configure openssl-0.9.8-stable-SNAP-20050703/Configure
+--- openssl-0.9.8-stable-SNAP-20050703.orig/Configure  2005-07-04 00:27:11.169168808 +0200
++++ openssl-0.9.8-stable-SNAP-20050703/Configure       2005-07-05 00:02:12.590136992 +0200
+@@ -1623,6 +1624,11 @@
+       close(OUT);
+   }
+   
++# ugly hack to disable engines
++if($target eq "mingwx") {
++      system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
++}
++  
+ print <<EOF;
+ Configured for $target.