From dd01b1ff9d8a19c1e1b7e40d6df7d838d2ac34bb Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 11 Oct 2009 15:24:40 +0300 Subject: [PATCH] Include only the used DH groups in the build This reduces the binary size by 3 kB or so when WPS is included in the build, but IKEv2 is not. --- hostapd/Makefile | 4 ++++ src/crypto/dh_groups.c | 12 +++++++++++- wpa_supplicant/Makefile | 4 ++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/hostapd/Makefile b/hostapd/Makefile index f87e38a98..ab637c159 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -308,6 +308,7 @@ CFLAGS += -DEAP_SERVER_IKEV2 OBJS += ../src/eap_server/eap_ikev2.o ../src/eap_server/ikev2.o OBJS += ../src/eap_common/eap_ikev2_common.o ../src/eap_common/ikev2_common.o NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y endif ifdef CONFIG_EAP_TNC @@ -517,6 +518,9 @@ endif ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o +ifdef NEED_DH_GROUPS_ALL +CFLAGS += -DALL_DH_GROUPS +endif endif ifdef NEED_T_PRF diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c index e3516324e..5f6008a6e 100644 --- a/src/crypto/dh_groups.c +++ b/src/crypto/dh_groups.c @@ -19,6 +19,8 @@ #include "dh_groups.h" +#ifdef ALL_DH_GROUPS + /* RFC 4306, B.1. Group 1 - 768 Bit MODP * Generator: 2 * Prime: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } @@ -63,6 +65,8 @@ static const u8 dh_group2_prime[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#endif /* ALL_DH_GROUPS */ + /* RFC 3526, 2. Group 5 - 1536 Bit MODP * Generator: 2 * Prime: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } @@ -95,6 +99,8 @@ static const u8 dh_group5_prime[192] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#ifdef ALL_DH_GROUPS + /* RFC 3526, 3. Group 14 - 2048 Bit MODP * Generator: 2 * Prime: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } @@ -503,6 +509,8 @@ static const u8 dh_group18_prime[1024] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +#endif /* ALL_DH_GROUPS */ + #define DH_GROUP(id) \ { id, dh_group ## id ## _generator, sizeof(dh_group ## id ## _generator), \ @@ -510,14 +518,16 @@ dh_group ## id ## _prime, sizeof(dh_group ## id ## _prime) } static struct dh_group dh_groups[] = { + DH_GROUP(5), +#ifdef ALL_DH_GROUPS DH_GROUP(1), DH_GROUP(2), - DH_GROUP(5), DH_GROUP(14), DH_GROUP(15), DH_GROUP(16), DH_GROUP(17), DH_GROUP(18) +#endif /* ALL_DH_GROUPS */ }; #define NUM_DH_GROUPS (sizeof(dh_groups) / sizeof(dh_groups[0])) diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index c01c71afa..128a9d295 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -469,6 +469,7 @@ OBJS_h += ../src/eap_server/ikev2.o endif CONFIG_IEEE8021X_EAPOL=y NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y endif ifdef CONFIG_EAP_VENDOR_TEST @@ -998,6 +999,9 @@ endif ifdef NEED_DH_GROUPS OBJS += ../src/crypto/dh_groups.o +ifdef NEED_DH_GROUPS_ALL +CFLAGS += -DALL_DH_GROUPS +endif endif ifdef NEED_T_PRF