openssl 裁剪
引用自:
http://stackoverflow.com/questions/7827836/build-openssl-with-just-rsa-and-aes
?
?
If you build OpenSSL by running the?config?or?Configure?script, you provide?no-<cipher>?as an argument to exclude the cipher. Run?Configure?with no options to see the available build options.
The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.
Ciphers:no-idea -DOPENSSL_NO_IDEAno-aes -DOPENSSL_NO_AESno-camellia -DOPENSSL_NO_CAMELLIAno-seed -DOPENSSL_NO_SEEDno-bf -DOPENSSL_NO_BFno-cast -DOPENSSL_NO_CASTno-des -DOPENSSL_NO_DESno-rc2 -DOPENSSL_NO_RC2no-rc4 -DOPENSSL_NO_RC4no-rc5 -DOPENSSL_NO_RC5no-md2 -DOPENSSL_NO_MD2no-md4 -DOPENSSL_NO_MD4no-md5 -DOPENSSL_NO_MD5no-sha -DOPENSSL_NO_SHAno-ripemd -DOPENSSL_NO_RIPEMDno-mdc2 -DOPENSSL_NO_MDC2no-rsa -DOPENSSL_NO_RSAno-dsa -DOPENSSL_NO_DSAno-dh -DOPENSSL_NO_DHno-ec -DOPENSSL_NO_ECno-ecdsa -DOPENSSL_NO_ECDSAno-ecdh -DOPENSSL_NO_ECDHNon-cipher functionality:no-sock -DOPENSSL_NO_SOCK No socket code.no-ssl2 -DOPENSSL_NO_SSL2 No SSLv2.no-ssl3 -DOPENSSL_NO_SSL3 No SSLv3.no-err -DOPENSSL_NO_ERR No error strings.no-krb5 -DOPENSSL_NO_KRB5 No Kerberos v5.no-engine -DOPENSSL_NO_ENGINE No dynamic engines.no-hw -DOPENSSL_NO_HW No support for external hardware.Not documented:no-tlsext -DOPENSSL_NO_TLSEXTno-cms -DOPENSSL_NO_CMSno-jpake -DOPENSSL_NO_JPAKEno-capieng -DOPENSSL_NO_CAPIENG?
?
?
?
Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doingmake all, you want to do?make build_crypto?so that it only builds libcrypto.a.
Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies are oversights by the developers.
This is how I build libcrypto.a with only MD5 and SHA:
./config no-idea no-aes no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hwmake dependmake build_cryptoI also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.
?
?
?
my finally library 1.4M include?AES, SHA, and MD5:
./config no-idea no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \
no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \
no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw \
no-cms no-deprecated no-asm no-dso no-ede no-ede3 no-cbc no-cfb no-ofb no-ecb no-base64 \
no-rmd160 ?no-jpake no-gmp no-psk no-tlsext no-lhash no-stack no-err no-comp