[edk2-devel] [PATCH 0/5] CryptoPkg/openssl: enable EC unconditionally.
James Bottomley
James.Bottomley at HansenPartnership.com
Mon May 9 11:47:41 UTC 2022
On Mon, 2022-05-09 at 13:27 +0200, Gerd Hoffmann wrote:
[...]
> > 1) Please keep the good work to enable OPENSSL3.0 in your personal
> > branch.
> > 2) If you have some way to control the size, then do it. If there
> > is no much size difference by default, then you can submit to EDKII
> > directly.
>
> I suspect I wouldn't get it down to 1.1.1 levels even if I find some
> ways to make it smaller than it is in my branch today. The code for
> the new "provider" concept simply needs space and I think it also
> makes LTO optimization less effective.
Having just looked into converting engine code to provider code, I
would concur with this. The design of providers, with their many to
many functional mappings, seems designed to promote code bloat.
> Maybe creating our own crypto providers which include only the
> algorithms actually needed by edk2 gets the size down a bit.
What about switching to a different crypto backend? Since we don't
expose any openssl APIs at all and we wrapper everything we do expose,
it should be possible to switch to one of the non-openssl (or forked
from openssl) variants that value size, like mbedtls or boringssl?
James
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89610): https://edk2.groups.io/g/devel/message/89610
Mute This Topic: https://groups.io/mt/90832153/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list