From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.91384.1679622416382234519 for ; Thu, 23 Mar 2023 18:46:56 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FBgELz+y; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: yi1.li@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679622416; x=1711158416; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=IY18sBZ5g+ZO74ZR/8dosbtC5D/oVvUq5MO9+mEo0rs=; b=FBgELz+y+EpbSNIgrzL5FTvKZQel2vqj26HnwhTOO/AvnX61Jw4CBlS/ n6tYlZ4FkZ9YpAsT6APx7lxu773v7MUdc8dsO3GXY0p0WyrLe2FZxXU3P f9sVAvz0hUNowAb1vIlf02zXJ3iHOZ5BoIky+v7bOBeWMv+TyzVV/8yUE HwViH1SW6AHxJhsBhdlmSonID109JHu9wNjLPxQ14Dj23o1rGfl/1RnPd GggkEVNEdmfhYHolWSIIjTJl7DpYjPcvIPj/LdYl5H+2PIuFglVumbGcN 6Wt0aJ1baDqV+1OZjJ5c8NvEkGfsRg341UGlSMLbDwBes8rIsWcFdCZRN A==; X-IronPort-AV: E=McAfee;i="6600,9927,10658"; a="339702829" X-IronPort-AV: E=Sophos;i="5.98,286,1673942400"; d="scan'208";a="339702829" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2023 18:46:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10658"; a="751712585" X-IronPort-AV: E=Sophos;i="5.98,286,1673942400"; d="scan'208";a="751712585" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga004.fm.intel.com with ESMTP; 23 Mar 2023 18:46:47 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Thu, 23 Mar 2023 18:46:47 -0700 Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21; Thu, 23 Mar 2023 18:46:47 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.21 via Frontend Transport; Thu, 23 Mar 2023 18:46:46 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.104) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Thu, 23 Mar 2023 18:46:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lq/2pxHPBU1kXyco25snQ+hpV7sTw6o9yfPEmtqtoWb5Yzs4cY+BU9cRHr0M+Q8Xa9ERiUswJfDgDHzhohbqnRfDVGlcdwHkc/VyvuXlmqMGmUmP/4ddXi4skGHlRLzMz6UpNao3SFniyK8R4buRzmoHxc8tibAd9Ongk8cH/thQgl6Fs7QQPcw8etONrI2d8KLJ5/7lV5FsQo+3+dUURc2iAJtN3Fcmkqj+86FImnKmDr89/ADE/pVEj2aUppHfp9+eT4zfK3ecAklcSqlzEhhicvc4S58zvkRW1Y+buiE8Hi9Nu/xiSUMR92Z3et+urYObRcDDzVxPxnBlIzqsiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2bLjUcHlSQ4FXyDc+tCGVXfy4TOYtPEAChN1pwwEp0c=; b=JhIybxvOnKCNT3YxeDR0AE7pULXh2T9hI2S8pKQ4IOEwnCeWTjYb+fKauC74lllRga/5Lnimg/UGfBXOQWhfar9ja9ZHRIAKSk6Hik/wqBTgxFc+C/EncrUGt+yaFm84rcUHUIg0CgvyB8P2dLiKINFinp8W+J5XdInuKot3w8/bD+AjItG013CWFO/5AdlF/0MUDs8kxI26ola20OiF1gKWFIaQUztc+S+RIL5rnierwGkq1GRGPSRGEhY2vVrOtHABKnRsAf2Kfj0rZpov3cJ3VSMef2ETOP9n5wYXuee9/9MdaMm3GGLKtR+G7vS1sROf1M7OfDrFnNXR1G4vwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by MW3PR11MB4571.namprd11.prod.outlook.com (2603:10b6:303:59::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.38; Fri, 24 Mar 2023 01:46:44 +0000 Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::afe8:db97:cbaf:cd17]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::afe8:db97:cbaf:cd17%9]) with mapi id 15.20.6178.037; Fri, 24 Mar 2023 01:46:44 +0000 From: "Li, Yi" To: Gerd Hoffmann , "devel@edk2.groups.io" Subject: Re: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update Thread-Topic: [edk2-devel] [edk2-staging/OpenSSL11_EOL][PATCH 4/4] Readme: 0322 update Thread-Index: AQHZXTFzxlHYYekcqE67y/QfxCNdhq8IEE+AgAEUIRA= Date: Fri, 24 Mar 2023 01:46:44 +0000 Message-ID: References: <99a218c205bcc4ddc7ef48ef875dc9361e53926f.1679537389.git.yi1.li@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|MW3PR11MB4571:EE_ x-ms-office365-filtering-correlation-id: d912113a-af57-42d5-e976-08db2c099f43 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y6nkqFDcFh9oybV/tc00vx3iUls2vtJ34WDkS68hI0b4Z/yVt5aqezcYFH+8Mcc/rC26bKRJcHI63mWf66s9btIq32uejlruZ/M8FchDvn/Ivz3yfI5UrfBlZXFs4h5cuVSKeJzLZCWjZ+81FC0SWuMEFHKVurEXulV7cfnx0TtvBZvLqnvCplELKYfrgthXL4NS8bUm4m2u3X/qchHwSG79nNPMtuw9zQn9A+GZs2iTC7o7bhJRDzzkYix2OxhIiEyvOt0iktxHL3YqAGpW/jmfwQ8MeysyLZTJciYSILOiq4qEmiB4O6O7kJxnQBn9/PYvUJ4JNlhtQ7UhZ4kT9oVvnieHirGthJijBGqs01XmcnokUtpt4aD7s5xY8ImDWXuMBbHziY390cOi64u2r8klTkQuvPMQNnhrz4fsMG5L2Sua2ertL6mKJIHd9tx9thdx14fz/FaWB9H4q3OsOTGpDG3HVhDzzJ2A6pGlTmgu2w1Wy10J3hT/6N551l0q2ZX83+oZs5Uq7oBIcHKDa1/NwgEbg2Xey6qQgtGbTWqJ5C2MEXHCCHY8griNu/pS0zo2f846tbdLi6hGyCy11wg17TT/iokP+uZER6D3YYB5WbULlwCCw+QaNF4Ph/eXl6HgTdc3392N1I+uk2Moxsx0xUc07InYPgKFf0wVXfjAOcZAfbWwp7gtlh85SeM2N7FH8jQ3CIbiPgd4WrPMuIal3G0DjuyIa3mbeL1cHsM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ1PR11MB6227.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(136003)(396003)(366004)(39860400002)(346002)(376002)(451199018)(41300700001)(52536014)(66476007)(5660300002)(8676002)(2906002)(15650500001)(7696005)(38070700005)(66446008)(86362001)(66556008)(33656002)(82960400001)(38100700002)(64756008)(122000001)(71200400001)(26005)(76116006)(316002)(110136005)(478600001)(55016003)(66946007)(8936002)(6506007)(83380400001)(186003)(9686003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rWN7OAU4VXx81x02tSdFap/4TRFyuwgIo1z5iub9bBCue4AtPahmtoXeaCRp?= =?us-ascii?Q?a9xHQeR28iDOsIPdYlydnJ6+psdSdqg8OQS52m4bEI9MziLeEjGm0GbpcZ6l?= =?us-ascii?Q?+a5xJ40OAoS7WfSU+PZwPyOg2Kf4CPc0s61cyBLGOuLEWpWGkpKETRxLZdOt?= =?us-ascii?Q?GyYsZROpJiUP1PFuSib0BdaqZWTwV8Duufz28/8MT9vQdKSADgCYQeR5zggI?= =?us-ascii?Q?ERYcJKonoUtwOaPZV0l+mONdcBHeFd/TEcTuufa7g+L2LH1lzJxnLRTf+XOp?= =?us-ascii?Q?mJbQSWm4+ljWjTQu3+IjW2w4sYzOYobHUJ+N/pvVdFZS00SfmiGiEZZ1jWNR?= =?us-ascii?Q?kVZKGYZar3ReYX9U5m1584euHh8MqIEjBMlBr4uX4Y6nQDVeUvxbhajzDYG/?= =?us-ascii?Q?H3e2UPf/60WKOsZ9CLCn6ir5NHoQM/yLo407NCRa77iG4qPMulKUotK8LHPn?= =?us-ascii?Q?H6nClfX6LjCY6VUwfWM4ceErP1P9CLGxIaOxTOfIoAxLDLb4ckR0FE7iSDhS?= =?us-ascii?Q?xfrIjOv4qEQvEPubtq9rS/TJVROP0o9j8IRyE2bmt1ioUIpGT8Me860CxlnT?= =?us-ascii?Q?C0rVEG9Y99nN7xFTsHOhx0fMIVxgWDDB+6pMsPKbiszJTaF/yXWSPGBmVRT9?= =?us-ascii?Q?qytLcVwfJ+8NVye5GLaoLc1BillwnRYmohmiy6gDam2GpGwsl05NoUpuD8It?= =?us-ascii?Q?Yx9fqzSVNI+cOY6VINSk+uu7RUG/h6I3Klhu5O3LLC4ZvHx25rAJIOFRcVAB?= =?us-ascii?Q?KXzpc3m9X/FWcNEHuNKjIAk460av8pGc54W6Sao0/QDxGc3+frxaJ8y6tdUu?= =?us-ascii?Q?cGpdIvHNejSvMB8BsfLPwa3VnRCjzPmSPME2naGw61NtKTxQ4tovrS03VMKg?= =?us-ascii?Q?vF+dTKHQBr1brVEpHeLt5brFGvo/0qPxX50e17Oik1mvgHTM+/nM7MwtwBUy?= =?us-ascii?Q?PesDWCMoajHivC+60QYq1yr00FT3m/othGjquJ1txfGB5nZYVd+LktyU2qek?= =?us-ascii?Q?IxWPKnpmGqbhLcx936ZxIKcTit1urCIaWduCV7LNKmKQy2t9Ayi5Y3TKShVy?= =?us-ascii?Q?cF7WrRDFuzl9SEaip+IWXcxrjoouUZS0BflwY15WpgVuryScLn59+YbdDlPS?= =?us-ascii?Q?7vMWkPnD7jhe2yFcJwGNh4apHYA+o/GV9lSJpL9/cN75Cl3gngM1KKsCTXMj?= =?us-ascii?Q?rkEt6PStvfT9Rl/WblzVWR3hiIUrA7pXee27Rv+l5AFl6M4QdzF5uUKY56vq?= =?us-ascii?Q?V4viBKkYort+UVhRtM8tca+zARRwcHGtzoIU8ueOVdefaKQocV8NNTzvUGE1?= =?us-ascii?Q?yKEmIvqkCD1oXSg9EzkPKHuZ2BBT2KaWMKbguYnJ9OsqCZpeDym9sdGCJNIw?= =?us-ascii?Q?qSCfuFpCv6bZZPf0TDRFP6GgNjkG2knw5pL2rKuy1gwWAaR9AL4C9YCK/E4H?= =?us-ascii?Q?4xDlolP8LZHQPQLE9KclFzomfCiguxkyhZ3DxQg7h0luzxyleVrOievM8v/A?= =?us-ascii?Q?tad6L7j24Rc3ejahJ3e20fkYCUJ5FIAnE66OOfpi4pYElrJybGWOgxOV919K?= =?us-ascii?Q?xn1ghVQ30DGP/Y2IB7s=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d912113a-af57-42d5-e976-08db2c099f43 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2023 01:46:44.1256 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Elz9gNo1XdLGXZUIsJpakkikMHchEENbGWL/6fAC+7cpzyYodgpTZ3tYl0JzeLNYnY/oxGBgPDbj2PhIQJ/8eg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4571 Return-Path: yi1.li@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Gerd, Thanks for review, >> +### Level 2: A bit like workaround, with possibility of upstream to=20 >> +openssl 1. Enable the legacy path for X509 pubkey decode and pmeth=20 >> +initialization, The purpose is to avoid the use of EN/DECODE and Signat= ure provider, will reduce size about 90KB. >> +(commit: x509: enable legacy path in pub decode) >> +https://github.com/liyi77/openssl/commit/8780956da77c949ca42f6c4c3fd6 >> +ef7045646ef0 >> +(commit: evp: enable legacy pmeth) >> +https://github.com/liyi77/openssl/commit/a2232b35aa308198b61c5734c1bf >> +e1d0263f074b >I suspect that is not going to work well long-term, probably openssl will = remove the code paths they consider being "legacy" at some point in the fut= ure. Probably not 3.0.x but maybe in 3.1 branch. Yes, I think in long-term the better way is to remove all legacy code paths= , this will also help reduce the size. The problem is that a large number of legacy APIs are currently used in the= EDK2 code. In the future, it may be a big update to throw all the legacy code. >> +### Level 3: Totally workaround and hard to upstream to openssl, may=20 >> +need scripts to apply them inside EDK2 1. Provider cut. >> +(commit: CryptoPkg: add own openssl provider)=20 >> +https://github.com/liyi77/edk2-staging/commit/c3a5b69d8a3465259cfdca8 >> +f38b0dc7683b3690e >Allow people implement their own providers looks like an openssl feature t= o me. So I don't think this will be a big problem to maintain, I expect th= ey try to keep the interfaces stable to not break apps doing so. >The only little detail we do differently here is to remove the default pro= viders so LTO can actually remove the unused code. >> +(commit: x509: remove print function 7KB) >> +https://github.com/liyi77/openssl/commit/faa5d6781c3af601bcbc11ff199e >> +2955d7ff4306 >Did you double-check this doesn't break something? >It did for me, due to some code in openssl depending on a working bio_spri= ntf() implementation. I don't do any more test than unit test. I am sick of this part, but I currently have no other way to reduce the siz= e. I would like to drop those changes first if i find another way. Regards, Yi