configure: introduce no-ecx to remove ECX related feature

This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #20781)

.github/workflows/run-checker-merge.yml

@@ -29,6 +29,7 @@ jobs:
           no-unit-test,
           enable-weak-ssl-ciphers,
           enable-zlib,
+          no-ecx,
         ]
     runs-on: ubuntu-latest
     steps:

Configure

@@ -449,6 +449,7 @@ my @disablables = (
     "ec_nistp_64_gcc_128",
     "ecdh",
     "ecdsa",
+    "ecx",
     "egd",
     "engine",
     "err",
@@ -611,7 +612,7 @@ my @disable_cascades = (
     "brotli"            => [ "brotli-dynamic" ],
     "zstd"              => [ "zstd-dynamic" ],
     "des"               => [ "mdc2" ],
-    "ec"                => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ],
+    "ec"                => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost", "ecx" ],
     "dgram"             => [ "dtls", "quic", "sctp" ],
     "sock"              => [ "dgram", "tfo" ],
     "dtls"              => [ @dtls ],

apps/list.c

@@ -1337,6 +1337,9 @@ static void list_disabled(void)
 #ifdef OPENSSL_NO_EC
     BIO_puts(bio_out, "EC\n");
 #endif
+#ifdef OPENSSL_NO_ECX
+    BIO_puts(bio_out, "ECX\n");
+#endif
 #ifdef OPENSSL_NO_EC2M
     BIO_puts(bio_out, "EC2M\n");
 #endif

apps/speed.c

@@ -436,7 +436,13 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
     {"ecdsabrp512r1", R_EC_BRP512R1},
     {"ecdsabrp512t1", R_EC_BRP512T1}
 };
-enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
+enum {
+#ifndef OPENSSL_NO_ECX
+    R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM
+#else
+    EC_NUM = ECDSA_NUM
+#endif
+};
 /* list of ecdh curves, extension of |ecdsa_choices| list above */
 static const OPT_PAIR ecdh_choices[EC_NUM] = {
     {"ecdhp160", R_EC_P160},
@@ -463,20 +469,24 @@ static const OPT_PAIR ecdh_choices[EC_NUM] = {
     {"ecdhbrp384t1", R_EC_BRP384T1},
     {"ecdhbrp512r1", R_EC_BRP512R1},
     {"ecdhbrp512t1", R_EC_BRP512T1},
+#ifndef OPENSSL_NO_ECX
     {"ecdhx25519", R_EC_X25519},
     {"ecdhx448", R_EC_X448}
+#endif
 };
 
 static double ecdh_results[EC_NUM][1];      /* 1 op: derivation */
 static double ecdsa_results[ECDSA_NUM][2];  /* 2 ops: sign then verify */
 
+#ifndef OPENSSL_NO_ECX
 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
     {"ed25519", R_EC_Ed25519},
     {"ed448", R_EC_Ed448}
 
 };
 static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
 enum { R_EC_CURVESM2, SM2_NUM };
@@ -518,8 +528,10 @@ typedef struct loopargs_st {
     EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
     EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
     EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
+#ifndef OPENSSL_NO_ECX
     EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
     EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
     EVP_MD_CTX *sm2_ctx[SM2_NUM];
     EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
@@ -1054,6 +1066,7 @@ static int ECDH_EVP_derive_key_loop(void *args)
     return count;
 }
 
+#ifndef OPENSSL_NO_ECX
 static int EdDSA_sign_loop(void *args)
 {
     loopargs_t *tempargs = *(loopargs_t **) args;
@@ -1095,6 +1108,7 @@ static int EdDSA_verify_loop(void *args)
     }
     return count;
 }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
 static int SM2_sign_loop(void *args)
@@ -1726,15 +1740,19 @@ int speed_main(int argc, char **argv)
         {"brainpoolP384t1", NID_brainpoolP384t1, 384},
         {"brainpoolP512r1", NID_brainpoolP512r1, 512},
         {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+#ifndef OPENSSL_NO_ECX
         /* Other and ECDH only ones */
         {"X25519", NID_X25519, 253},
         {"X448", NID_X448, 448}
+#endif
     };
+#ifndef OPENSSL_NO_ECX
     static const EC_CURVE ed_curves[EdDSA_NUM] = {
         /* EdDSA */
         {"Ed25519", NID_ED25519, 253, 64},
         {"Ed448", NID_ED448, 456, 114}
     };
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
     static const EC_CURVE sm2_curves[SM2_NUM] = {
         /* SM2 */
@@ -1744,7 +1762,9 @@ int speed_main(int argc, char **argv)
 #endif
     uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
     uint8_t ecdh_doit[EC_NUM] = { 0 };
+#ifndef OPENSSL_NO_ECX
     uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
+#endif /* OPENSSL_NO_ECX */
 
     uint8_t kems_doit[MAX_KEM_NUM] = { 0 };
     uint8_t sigs_doit[MAX_SIG_NUM] = { 0 };
@@ -1753,6 +1773,7 @@ int speed_main(int argc, char **argv)
     uint8_t do_sigs = 0;
 
     /* checks declared curves against choices list. */
+#ifndef OPENSSL_NO_ECX
     OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
     OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
 
@@ -1761,6 +1782,7 @@ int speed_main(int argc, char **argv)
 
     OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
     OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
@@ -2106,6 +2128,7 @@ int speed_main(int argc, char **argv)
                 algo_found = 1;
             }
         }
+#ifndef OPENSSL_NO_ECX
         if (strcmp(algo, "eddsa") == 0) {
             memset(eddsa_doit, 1, sizeof(eddsa_doit));
             algo_found = 1;
@@ -2114,6 +2137,7 @@ int speed_main(int argc, char **argv)
             eddsa_doit[i] = 2;
             algo_found = 1;
         }
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         if (strcmp(algo, "sm2") == 0) {
             memset(sm2_doit, 1, sizeof(sm2_doit));
@@ -2294,9 +2318,11 @@ int speed_main(int argc, char **argv)
         memset(ffdh_doit, 1, sizeof(ffdh_doit));
 #endif
         memset(dsa_doit, 1, sizeof(dsa_doit));
+#ifndef OPENSSL_NO_ECX
         memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
         memset(ecdh_doit, 1, sizeof(ecdh_doit));
         memset(eddsa_doit, 1, sizeof(eddsa_doit));
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         memset(sm2_doit, 1, sizeof(sm2_doit));
 #endif
@@ -3106,6 +3132,7 @@ int speed_main(int argc, char **argv)
         }
     }
 
+#ifndef OPENSSL_NO_ECX
     for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
         int st = 1;
         EVP_PKEY *ed_pkey = NULL;
@@ -3218,6 +3245,7 @@ int speed_main(int argc, char **argv)
             }
         }
     }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     for (testnum = 0; testnum < SM2_NUM; testnum++) {
@@ -4008,6 +4036,7 @@ int speed_main(int argc, char **argv)
                    1.0 / ecdh_results[k][0], ecdh_results[k][0]);
     }
 
+#ifndef OPENSSL_NO_ECX
     testnum = 1;
     for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
         if (!eddsa_doit[k])
@@ -4027,6 +4056,7 @@ int speed_main(int argc, char **argv)
                    1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
                    eddsa_results[k][0], eddsa_results[k][1]);
     }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     testnum = 1;
@@ -4142,10 +4172,12 @@ int speed_main(int argc, char **argv)
         }
         for (k = 0; k < EC_NUM; k++)
             EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
+#ifndef OPENSSL_NO_ECX
         for (k = 0; k < EdDSA_NUM; k++) {
             EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
             EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
         }
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         for (k = 0; k < SM2_NUM; k++) {
             EVP_PKEY_CTX *pctx = NULL;
@@ -4402,6 +4434,7 @@ static int do_multi(int multi, int size_num)
                     d = atof(sstrsep(&p, sep));
                     ecdh_results[k][0] += d;
                 }
+# ifndef OPENSSL_NO_ECX
             } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) {
                 tk = sstrsep(&p, sep);
                 if (strtoint(tk, 0, OSSL_NELEM(eddsa_results), &k)) {
@@ -4414,6 +4447,7 @@ static int do_multi(int multi, int size_num)
                     d = atof(sstrsep(&p, sep));
                     eddsa_results[k][1] += d;
                 }
+# endif /* OPENSSL_NO_ECX */
 # ifndef OPENSSL_NO_SM2
             } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) {
                 tk = sstrsep(&p, sep);

crypto/asn1/standard_methods.h

@@ -32,11 +32,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_DH
     &ossl_dhx_asn1_meth,
 #endif
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECX
     &ossl_ecx25519_asn1_meth,
     &ossl_ecx448_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_EC
     &ossl_ed25519_asn1_meth,
     &ossl_ed448_asn1_meth,
 #endif

crypto/ec/build.info

@@ -3,9 +3,12 @@ IF[{- !$disabled{asm} -}]
   $ECASM_x86=ecp_nistz256.c ecp_nistz256-x86.S
   $ECDEF_x86=ECP_NISTZ256_ASM
 
-  $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s
-  $ECDEF_x86_64=ECP_NISTZ256_ASM X25519_ASM
-
+  $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s
+  $ECDEF_x86_64=ECP_NISTZ256_ASM
+  IF[{- !$disabled{'ecx'} -}]
+    $ECASM_x86_64=$ECASM_x86_64 x25519-x86_64.s
+    $ECDEF_x86_64=$ECDEF_x86_64 X25519_ASM
+  ENDIF
   $ECASM_ia64=
 
   $ECASM_sparcv9=ecp_nistz256.c ecp_nistz256-sparcv9.S
@@ -18,7 +21,10 @@ IF[{- !$disabled{asm} -}]
   $ECASM_mips32=
   $ECASM_mips64=
 
-  $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c
+  $ECASM_s390x=ecp_s390x_nistp.c
+  IF[{- !$disabled{'ecx'} -}]
+    $ECASM_s390x=$ECASM_s390x ecx_s390x.c
+  ENDIF
   $ECDEF_s390x=S390X_EC_ASM
 
   $ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S
@@ -30,13 +36,18 @@ IF[{- !$disabled{asm} -}]
   $ECASM_parisc20_64=
 
   $ECASM_ppc32=
-  $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s
-  $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM
+  $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s
+  $ECDEF_ppc64=ECP_NISTZ256_ASM
   IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
     $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s
     $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM
     INCLUDE[ecp_nistp521.o]=..
   ENDIF
+  IF[{- !$disabled{'ecx'} -}]
+    $ECASM_ppc64=$ECASM_ppc64 x25519-ppc64.s
+    $ECDEF_ppc64=$ECDEF_ppc64 X25519_ASM
+    INCLUDE[ecx_s390x.o]=..
+  ENDIF
 
   $ECASM_c64xplus=
 
@@ -49,22 +60,29 @@ IF[{- !$disabled{asm} -}]
 ENDIF
 
 $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
-        ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
+        ec_curve.c ec_check.c ec_key.c ec_kmeth.c ec_asn1.c \
         ec2_smpl.c \
         ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
-        ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
-        curve448/f_generic.c curve448/scalar.c \
-        curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
-        $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \
-        curve448/arch_32/f_impl32.c
+        ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c \
+        $ECASM ec_backend.c ecdh_kdf.c
+
+IF[{- !$disabled{'ecx'} -}]
+  $COMMON=$COMMON curve25519.c curve448/f_generic.c curve448/scalar.c \
+  curve448/arch_64/f_impl64.c ecx_backend.c curve448/arch_32/f_impl32.c \
+  curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
+  ecx_key.c
+ENDIF
 
 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
   $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
 ENDIF
 
-SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \
+SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c \
                         ec_err.c eck_prn.c \
                         ec_deprecated.c ec_print.c
+IF[{- !$disabled{'ecx'} -}]
+  SOURCE[../../libcrypto]=ecx_meth.c
+ENDIF
 SOURCE[../../providers/libfips.a]=$COMMON
 
 # Implementations are now spread across several libraries, so the defines
@@ -90,9 +108,10 @@ GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl
 INCLUDE[ecp_nistz256-sparcv9.o]=..
 
 INCLUDE[ecp_s390x_nistp.o]=..
-INCLUDE[ecx_s390x.o]=..
-INCLUDE[ecx_meth.o]=..
-INCLUDE[ecx_key.o]=..
+IF[{- !$disabled{'ecx'} -}]
+  INCLUDE[ecx_meth.o]=..
+  INCLUDE[ecx_key.o]=..
+ENDIF
 
 GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl
 INCLUDE[ecp_nistz256-armv4.o]=..
@@ -102,5 +121,7 @@ GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl
 
 GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl
 
+IF[{- !$disabled{'ecx'} -}]
 GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl
 GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl
+ENDIF

crypto/evp/p_lib.c

@@ -872,7 +872,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 }
 # endif /*  OPENSSL_NO_DSA */
 
-# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_ECX
 static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
 {
     if (EVP_PKEY_get_base_id(pkey) != type) {
@@ -901,7 +901,7 @@ IMPLEMENT_ECX_VARIANT(X448)
 IMPLEMENT_ECX_VARIANT(ED25519)
 IMPLEMENT_ECX_VARIANT(ED448)
 
-# endif
+# endif /* OPENSSL_NO_ECX */
 
 # if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
 

crypto/evp/pmeth_lib.c

@@ -66,11 +66,9 @@ static pmeth_fn standard_methods[] = {
 # ifndef OPENSSL_NO_DH
     ossl_dhx_pkey_method,
 # endif
-# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_ECX
     ossl_ecx25519_pkey_method,
     ossl_ecx448_pkey_method,
-# endif
-# ifndef OPENSSL_NO_EC
     ossl_ed25519_pkey_method,
     ossl_ed448_pkey_method,
 # endif