commit 2e3c978d14398d8234e55025d8644407274dc740
author Adam Langley <alangley@gmail.com> Tue Oct 27 08:47:11 2015 -0700
committer Adam Langley <alangley@gmail.com> Tue Oct 27 16:40:20 2015 +0000
tree 4584d4746bee8a1e53e92d385ccbe09ad7cf1c70
parent 5dbdad9c33ed9dfee4c612398b6e997983580e58

Add OPENSSL_SMALL.

Intel's P-256 code has very large tables and things like Chromium just
don't need that extra size. However, servers generally do so this change
adds an OPENSSL_SMALL define that currently just drops the 64-bit P-224
but will gate Intel's P-256 in the future too.

Change-Id: I2e55c6e06327fafabef9b96d875069d95c0eea81
Reviewed-on: https://boringssl-review.googlesource.com/6362
Reviewed-by: Adam Langley <alangley@gmail.com>

BUILDING.md

diff --git a/BUILDING.md b/BUILDING.md
index e87f2a6..7d4eac4 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -71,6 +71,10 @@
 shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
 the BoringSSL headers.
 
+In order to serve environments where code-size is important as well as those
+where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
+remove some code that is especially large.
+
 ### Building for Android
 
 It's possible to build BoringSSL with the Android NDK using CMake. This has

CMakeLists.txt

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d0ccd6b..54deb7f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -81,6 +81,7 @@
 endif()
 
 add_definitions(-DBORINGSSL_IMPLEMENTATION)
+add_definitions(-DOPENSSL_SMALL)
 
 if (BUILD_SHARED_LIBS)
   add_definitions(-DBORINGSSL_SHARED_LIBRARY)

crypto/ec/ec.c

diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c
index 4f614f2..570f27e 100644
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -228,7 +228,7 @@
 const struct built_in_curve OPENSSL_built_in_curves[] = {
     {
         NID_secp224r1, &P224,
-#if defined(BORINGSSL_USE_INT128_CODE)
+#if defined(BORINGSSL_USE_INT128_CODE) && !defined(OPENSSL_SMALL)
         EC_GFp_nistp224_method,
 #else
         0,

crypto/ec/p224-64.c

diff --git a/crypto/ec/p224-64.c b/crypto/ec/p224-64.c
index e530c9f..bcc4158 100644
--- a/crypto/ec/p224-64.c
+++ b/crypto/ec/p224-64.c
@@ -19,7 +19,8 @@
 
 #include <openssl/base.h>
 
-#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS)
+#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) && \
+    !defined(OPENSSL_SMALL)
 
 #include <openssl/bn.h>
 #include <openssl/ec.h>
@@ -1337,4 +1338,4 @@
   return &ret;
 }
 
-#endif
+#endif  /* 64_BIT && !WINDOWS && !SMALL */