On Mon, 2022-05-09 at 13:27 +0200, Gerd Hoffmann wrote: [...] > > 1) Please keep the good work to enable OPENSSL3.0 in your personal > > branch. > > 2) If you have some way to control the size, then do it. If there > > is no much size difference by default, then you can submit to EDKII > > directly. > > I suspect I wouldn't get it down to 1.1.1 levels even if I find some > ways to make it smaller than it is in my branch today. The code for > the new "provider" concept simply needs space and I think it also > makes LTO optimization less effective.
Having just looked into converting engine code to provider code, I would concur with this. The design of providers, with their many to many functional mappings, seems designed to promote code bloat. > Maybe creating our own crypto providers which include only the > algorithms actually needed by edk2 gets the size down a bit. What about switching to a different crypto backend? Since we don't expose any openssl APIs at all and we wrapper everything we do expose, it should be possible to switch to one of the non-openssl (or forked from openssl) variants that value size, like mbedtls or boringssl? James -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89610): https://edk2.groups.io/g/devel/message/89610 Mute This Topic: https://groups.io/mt/90832153/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
