[edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Li, Yi" <yi1.li@intel.com>
To: devel@edk2.groups.io
Cc: Yi Li <yi1.li@intel.com>
Subject: [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update
Date: Thu, 23 Mar 2023 10:44:36 +0800	[thread overview]
Message-ID: <99a218c205bcc4ddc7ef48ef875dc9361e53926f.1679537389.git.yi1.li@intel.com> (raw)
In-Reply-To: <cover.1679537389.git.yi1.li@intel.com>

Signed-off-by: Yi Li <yi1.li@intel.com>
---
 CryptoPkg/Readme-OpenSSL3.0.md | 65 +++++++++++++++++++++++++++++-----
 1 file changed, 57 insertions(+), 8 deletions(-)

diff --git a/CryptoPkg/Readme-OpenSSL3.0.md b/CryptoPkg/Readme-OpenSSL3.0.md
index 85ed37b61d..fc5d24d074 100644
--- a/CryptoPkg/Readme-OpenSSL3.0.md
+++ b/CryptoPkg/Readme-OpenSSL3.0.md
@@ -17,19 +17,26 @@ The branch owner: Li Yi <yi1.li@intel.com>
 
 ## Latest update
 Will update latest result here (Build based on Intel platform).  
+Binaries mode (use crypto drivers)  
 |     Driver      |   1.1.1    |    3.0     |   percent  |  
 |-----------------|------------|------------|------------|  
 |CryptoPei        |   386      |    398     |    3.1%    |  
 |CryptoPeiPreMem  |   31       |    31      |    0%      |  
-|CryptoDxeFull    |   1014     |    1031    |    1.7%    |  
-|CryptoDxe        |   804      |    886     |    10.1%   |  
-|CryptoSmm        |   558      |    604     |    8.2%    |  
-
+|CryptoDxeFull    |   1014     |    997     |    -1.6%   |  
+|CryptoDxe        |   804      |    871     |    8.3%    |  
+|CryptoSmm        |   558      |    581     |    4.1%    |  
+  
 | LZMA Compressed |   1.1.1    |    3.0     |   percent  |  
 |-----------------|------------|------------|------------|  
-|CryptoDxe        |   311      |    350     |    12.2%   |  
-|CryptoSmm        |   211      |    238     |    12.8%   |  
-|FV (Dxe+Smm)     |   357      |    412     |    15.4%   |  
+|CryptoDxe        |   311      |    346     |    11.2%   |  
+|CryptoSmm        |   211      |    233     |    10.4%   |  
+|FV (Dxe+Smm)     |   357      |    406     |    13.7%   |  
+
+Library mode (use crypto library)  
+|     Driver         |   1.1.1    |    3.0     |    delta   |  
+|--------------------|------------|------------|------------|  
+|      FV            |   2377     |    2639    |     262    |  
+|SecurityStubDxe.efi |   562      |    605     |     43     |  
 
 ## Limitation
 
@@ -49,7 +56,7 @@ More complex API: There will be two code paths supporting 1.1.1 legacy and 3.0 p
 ### 1.Cut Provider
 As CryptoPkg\Library\OpensslLib\OpensslStub\uefiprov.c
 
-### Remove unnecessary module 
+### 2.Remove unnecessary module 
 SM2,  
 SM3 - 12KB,  
 MD5 - 8KB,  
@@ -105,5 +112,47 @@ remove unused bio prov - 4KB
 #### Risk:
 This is workaround.
 
+## Openssl code change summary
+### Level 1: Reasonable changes to reduce size
+1. Add macro such like OPENSSL_NO_ECX OPENSSL_NO_ECD to remove ecx and ecd feature,  
+will reduce size about 104KB.  
+(commit: ec: disable ecx and ecd)  
+https://github.com/liyi77/openssl/commit/2b0a888c3623e1dc0637fbe0c5dcc1211b4d0545  
+  
+2. Avoid build error when sm3 disabled.  
+(commit: sm3: avoid build error after sm3 disabled)  
+https://github.com/liyi77/openssl/commit/df92e440e45667da6ca1f9013f015e6d18981f2e  
+
+### Level 2: A bit like workaround, with possibility of upstream to openssl
+1. Enable the legacy path for X509 pubkey decode and pmeth initialization,  
+The purpose is to avoid the use of EN/DECODE and Signature provider, will reduce size about 90KB.  
+(commit: x509: enable legacy path in pub decode)  
+https://github.com/liyi77/openssl/commit/8780956da77c949ca42f6c4c3fd6ef7045646ef0  
+(commit: evp: enable legacy pmeth)  
+https://github.com/liyi77/openssl/commit/a2232b35aa308198b61c5734c1bfe1d0263f074b  
+  
+2. Add 'type' field back to enable OPENSSL_NO_AUTOALGINIT,  will reduce size about 27KB.  
+issue: https://github.com/openssl/openssl/issues/20221  
+(commit: evp: add type filed back)  
+https://github.com/liyi77/openssl/commit/9c68a18a3a1967baf8d93eacadac9f0e14523715  
+
+### Level 3: Totally workaround and hard to upstream to openssl, may need scripts to apply them inside EDK2
+1. Provider cut.  
+(commit: CryptoPkg: add own openssl provider)  
+https://github.com/liyi77/edk2-staging/commit/c3a5b69d8a3465259cfdca8f38b0dc7683b3690e  
+  
+2. Cut Name/NID mapping, will reduce size about 70KB.  
+(commit: CryptoPkg: trim obj_dat.h)  
+https://github.com/liyi77/edk2-staging/commit/6874485ebf89959953f7094990c7123e19748527  
+
+3. Cut unnecessary API in structure.  
+(commit: evp: cut bio_enc func 3KB)  
+https://github.com/liyi77/openssl/commit/3a2331133c2e3bda3e9bdb861ea97e5d3969fb2d  
+(commit: x509: remove print function 7KB)  
+https://github.com/liyi77/openssl/commit/faa5d6781c3af601bcbc11ff199e2955d7ff4306  
+(commit: rsa: remove unused rsa ameth 7KB)  
+https://github.com/liyi77/openssl/commit/8488c75701cdd5e626785e6d9d002f6fb30ae0ff  
+(commit: x509: remove unused extentions 19KB)  
+https://github.com/liyi77/openssl/commit/c27b3428708eb240b626946ce10d4219806d8adf  
 ## Timeline
 Target for 2023 Q1
\ No newline at end of file
-- 
2.31.1.windows.1

next prev parent reply	other threads:[~2023-03-23  2:44 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-23  2:44 [edk2-staging/OpenSSL11_EOL][PATCH 0/4] Openssl 3.0 POC update Mar 22 Li, Yi
2023-03-23  2:44 ` [edk2-staging/OpenSSL11_EOL][PATCH 1/4] bugfix: use null md5 onlyif no-md5 defined Li, Yi
2023-03-23  2:44 ` [edk2-staging/OpenSSL11_EOL][PATCH 2/4] CryptoPkg: remove unnecessary sig, ec and rsa prov Li, Yi
2023-03-23  2:44 ` [edk2-staging/OpenSSL11_EOL][PATCH 3/4] CryptoPkg: update openssl submodule Li, Yi
2023-03-23  2:44 ` Li, Yi [this message]
2023-03-23  8:56   ` [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update Gerd Hoffmann
2023-03-24  1:46     ` Li, Yi
2023-03-24  6:11       ` Yao, Jiewen
2023-03-24  7:50         ` Li, Yi
2023-03-24  7:54           ` Yao, Jiewen
2023-03-23 16:00 ` [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 0/4] Openssl 3.0 POC update Mar 22 Michael D Kinney
2023-03-24 17:07   ` Yao, Jiewen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:85ed37b61 dfblob:fc5d24d07 )
 OR (
bs:"[edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=99a218c205bcc4ddc7ef48ef875dc9361e53926f.1679537389.git.yi1.li@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox