configure: introduce no-ecx to remove ECX related feature

This can effectively reduce the binary size for platforms
that don't need ECX feature(~100KB).

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20781)

2 files changed, 38 insertions, 1 deletions

diff --git a/apps/list.c b/apps/list.c
index 2ccd41277a..56b0917d11 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1337,6 +1337,9 @@ static void list_disabled(void)
 #ifdef OPENSSL_NO_EC
     BIO_puts(bio_out, "EC\n");
 #endif
+#ifdef OPENSSL_NO_ECX
+    BIO_puts(bio_out, "ECX\n");
+#endif
 #ifdef OPENSSL_NO_EC2M
     BIO_puts(bio_out, "EC2M\n");
 #endif
diff --git a/apps/speed.c b/apps/speed.c
index 1d8304f105..de4f9994db 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -436,7 +436,13 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
     {"ecdsabrp512r1", R_EC_BRP512R1},
     {"ecdsabrp512t1", R_EC_BRP512T1}
 };
-enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
+enum {
+#ifndef OPENSSL_NO_ECX
+    R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM
+#else
+    EC_NUM = ECDSA_NUM
+#endif
+};
 /* list of ecdh curves, extension of |ecdsa_choices| list above */
 static const OPT_PAIR ecdh_choices[EC_NUM] = {
     {"ecdhp160", R_EC_P160},
@@ -463,13 +469,16 @@ static const OPT_PAIR ecdh_choices[EC_NUM] = {
     {"ecdhbrp384t1", R_EC_BRP384T1},
     {"ecdhbrp512r1", R_EC_BRP512R1},
     {"ecdhbrp512t1", R_EC_BRP512T1},
+#ifndef OPENSSL_NO_ECX
     {"ecdhx25519", R_EC_X25519},
     {"ecdhx448", R_EC_X448}
+#endif
 };
 
 static double ecdh_results[EC_NUM][1];      /* 1 op: derivation */
 static double ecdsa_results[ECDSA_NUM][2];  /* 2 ops: sign then verify */
 
+#ifndef OPENSSL_NO_ECX
 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
     {"ed25519", R_EC_Ed25519},
@@ -477,6 +486,7 @@ static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
 
 };
 static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
 enum { R_EC_CURVESM2, SM2_NUM };
@@ -518,8 +528,10 @@ typedef struct loopargs_st {
     EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
     EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
     EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
+#ifndef OPENSSL_NO_ECX
     EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
     EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
     EVP_MD_CTX *sm2_ctx[SM2_NUM];
     EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
@@ -1054,6 +1066,7 @@ static int ECDH_EVP_derive_key_loop(void *args)
     return count;
 }
 
+#ifndef OPENSSL_NO_ECX
 static int EdDSA_sign_loop(void *args)
 {
     loopargs_t *tempargs = *(loopargs_t **) args;
@@ -1095,6 +1108,7 @@ static int EdDSA_verify_loop(void *args)
     }
     return count;
 }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
 static int SM2_sign_loop(void *args)
@@ -1726,15 +1740,19 @@ int speed_main(int argc, char **argv)
         {"brainpoolP384t1", NID_brainpoolP384t1, 384},
         {"brainpoolP512r1", NID_brainpoolP512r1, 512},
         {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+#ifndef OPENSSL_NO_ECX
         /* Other and ECDH only ones */
         {"X25519", NID_X25519, 253},
         {"X448", NID_X448, 448}
+#endif
     };
+#ifndef OPENSSL_NO_ECX
     static const EC_CURVE ed_curves[EdDSA_NUM] = {
         /* EdDSA */
         {"Ed25519", NID_ED25519, 253, 64},
         {"Ed448", NID_ED448, 456, 114}
     };
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
     static const EC_CURVE sm2_curves[SM2_NUM] = {
         /* SM2 */
@@ -1744,7 +1762,9 @@ int speed_main(int argc, char **argv)
 #endif
     uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
     uint8_t ecdh_doit[EC_NUM] = { 0 };
+#ifndef OPENSSL_NO_ECX
     uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
+#endif /* OPENSSL_NO_ECX */
 
     uint8_t kems_doit[MAX_KEM_NUM] = { 0 };
     uint8_t sigs_doit[MAX_SIG_NUM] = { 0 };
@@ -1753,6 +1773,7 @@ int speed_main(int argc, char **argv)
     uint8_t do_sigs = 0;
 
     /* checks declared curves against choices list. */
+#ifndef OPENSSL_NO_ECX
     OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
     OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
 
@@ -1761,6 +1782,7 @@ int speed_main(int argc, char **argv)
 
     OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
     OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
@@ -2106,6 +2128,7 @@ int speed_main(int argc, char **argv)
                 algo_found = 1;
             }
         }
+#ifndef OPENSSL_NO_ECX
         if (strcmp(algo, "eddsa") == 0) {
             memset(eddsa_doit, 1, sizeof(eddsa_doit));
             algo_found = 1;
@@ -2114,6 +2137,7 @@ int speed_main(int argc, char **argv)
             eddsa_doit[i] = 2;
             algo_found = 1;
         }
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         if (strcmp(algo, "sm2") == 0) {
             memset(sm2_doit, 1, sizeof(sm2_doit));
@@ -2294,9 +2318,11 @@ int speed_main(int argc, char **argv)
         memset(ffdh_doit, 1, sizeof(ffdh_doit));
 #endif
         memset(dsa_doit, 1, sizeof(dsa_doit));
+#ifndef OPENSSL_NO_ECX
         memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
         memset(ecdh_doit, 1, sizeof(ecdh_doit));
         memset(eddsa_doit, 1, sizeof(eddsa_doit));
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         memset(sm2_doit, 1, sizeof(sm2_doit));
 #endif
@@ -3106,6 +3132,7 @@ skip_hmac:
         }
     }
 
+#ifndef OPENSSL_NO_ECX
     for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
         int st = 1;
         EVP_PKEY *ed_pkey = NULL;
@@ -3218,6 +3245,7 @@ skip_hmac:
             }
         }
     }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     for (testnum = 0; testnum < SM2_NUM; testnum++) {
@@ -4008,6 +4036,7 @@ skip_hmac:
                    1.0 / ecdh_results[k][0], ecdh_results[k][0]);
     }
 
+#ifndef OPENSSL_NO_ECX
     testnum = 1;
     for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
         if (!eddsa_doit[k])
@@ -4027,6 +4056,7 @@ skip_hmac:
                    1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
                    eddsa_results[k][0], eddsa_results[k][1]);
     }
+#endif /* OPENSSL_NO_ECX */
 
 #ifndef OPENSSL_NO_SM2
     testnum = 1;
@@ -4142,10 +4172,12 @@ skip_hmac:
         }
         for (k = 0; k < EC_NUM; k++)
             EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
+#ifndef OPENSSL_NO_ECX
         for (k = 0; k < EdDSA_NUM; k++) {
             EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
             EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
         }
+#endif /* OPENSSL_NO_ECX */
 #ifndef OPENSSL_NO_SM2
         for (k = 0; k < SM2_NUM; k++) {
             EVP_PKEY_CTX *pctx = NULL;
@@ -4402,6 +4434,7 @@ static int do_multi(int multi, int size_num)
                     d = atof(sstrsep(&p, sep));
                     ecdh_results[k][0] += d;
                 }
+# ifndef OPENSSL_NO_ECX
             } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) {
                 tk = sstrsep(&p, sep);
                 if (strtoint(tk, 0, OSSL_NELEM(eddsa_results), &k)) {
@@ -4414,6 +4447,7 @@ static int do_multi(int multi, int size_num)
                     d = atof(sstrsep(&p, sep));
                     eddsa_results[k][1] += d;
                 }
+# endif /* OPENSSL_NO_ECX */
 # ifndef OPENSSL_NO_SM2
             } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) {
                 tk = sstrsep(&p, sep);