openssl 재단

3739 단어 OpenSSL
참조:
http://stackoverflow.com/questions/7827836/build-openssl-with-just-rsa-and-aes
 
 
If you build OpenSSL by running the  config  or  Configure  script, you provide  no-<cipher>  as an argument to exclude the cipher. Run  Configure  with no options to see the available build options.
The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.
Ciphers:

no-idea       -DOPENSSL_NO_IDEA
no-aes        -DOPENSSL_NO_AES
no-camellia   -DOPENSSL_NO_CAMELLIA
no-seed       -DOPENSSL_NO_SEED
no-bf         -DOPENSSL_NO_BF
no-cast       -DOPENSSL_NO_CAST
no-des        -DOPENSSL_NO_DES
no-rc2        -DOPENSSL_NO_RC2
no-rc4        -DOPENSSL_NO_RC4
no-rc5        -DOPENSSL_NO_RC5

no-md2        -DOPENSSL_NO_MD2
no-md4        -DOPENSSL_NO_MD4
no-md5        -DOPENSSL_NO_MD5
no-sha        -DOPENSSL_NO_SHA
no-ripemd     -DOPENSSL_NO_RIPEMD
no-mdc2       -DOPENSSL_NO_MDC2

no-rsa        -DOPENSSL_NO_RSA
no-dsa        -DOPENSSL_NO_DSA
no-dh         -DOPENSSL_NO_DH

no-ec         -DOPENSSL_NO_EC
no-ecdsa      -DOPENSSL_NO_ECDSA
no-ecdh       -DOPENSSL_NO_ECDH

Non-cipher functionality:

no-sock       -DOPENSSL_NO_SOCK         No socket code.
no-ssl2       -DOPENSSL_NO_SSL2         No SSLv2.
no-ssl3       -DOPENSSL_NO_SSL3         No SSLv3.
no-err        -DOPENSSL_NO_ERR          No error strings.
no-krb5       -DOPENSSL_NO_KRB5         No Kerberos v5.
no-engine     -DOPENSSL_NO_ENGINE       No dynamic engines.
no-hw         -DOPENSSL_NO_HW           No support for external hardware.

Not documented:

no-tlsext     -DOPENSSL_NO_TLSEXT
no-cms        -DOPENSSL_NO_CMS
no-jpake      -DOPENSSL_NO_JPAKE
no-capieng    -DOPENSSL_NO_CAPIENG

 
 
 
 
Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doing make all , you want to do  make build_crypto  so that it only builds libcrypto.a.
Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies are oversights by the developers.
This is how I build libcrypto.a with only MD5 and SHA:
./config no-idea no-aes no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \
no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \
no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw
make depend
make build_crypto

I also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.
 
 
 
my finally library 1.4M include AES, SHA, and MD5:
./config no-idea no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \
no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \
no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw \
no-cms no-deprecated no-asm no-dso no-ede no-ede3 no-cbc no-cfb no-ofb no-ecb no-base64 \
no-rmd160  no-jpake no-gmp no-psk no-tlsext no-lhash no-stack no-err no-comp

좋은 웹페이지 즐겨찾기