From nobody Fri Dec 19 02:52:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101295+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101295+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1679027330; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RLPfGSGaHWMhfEc3t6IKaG8j8WNsYqm4OCQ1uBhwdxMGW4cqMV5PqORAOCgGUKJpOVxAgEgM6KWLR2NTAWKfWEd0Iwoo8LxKlMwWS940qGIauAkVWS72pkZac9PbeF4DilMEq2oUENqiB8WoxLFHeMiI4mAJW5pbDPA8CB2eDq4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1679027330;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=CULMvY/cs79sP8ncDMfT/CLtA9kSjbkFZqUNp8sCElQ=;
	b=RvUd/gqpINdcwHdIoOITp0zSWhx/M0+iBvBWLea+UmJdTpizT/bYN0gzQSgm1LWgXi8CcLRaCvgWS/lMmEW+SEpFd+l4Sce8SLNGowYQszOcTupDGmsChka5kN8jfIJbEnU/NpG0dsUcEeZ3sdNksXOxlFWvuzhMgcnFHBnuDmg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101295+1787277+3901457@groups.io;
	dmarc=fail header.from=<yi1.li@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1679027330410672.4413860518101;
 Thu, 16 Mar 2023 21:28:50 -0700 (PDT)
Return-Path: <bounce+27952+101295+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 66OZYY1788612xOKhYxFvMKw;
 Thu, 16 Mar 2023 21:28:50 -0700
X-Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web11.12291.1679027327871365227
 for <devel@edk2.groups.io>;
 Thu, 16 Mar 2023 21:28:49 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="322029724"
X-IronPort-AV: E=Sophos;i="5.98,267,1673942400";
   d="scan'208";a="322029724"
X-Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Mar 2023 21:28:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10651"; a="630153811"
X-IronPort-AV: E=Sophos;i="5.98,267,1673942400";
   d="scan'208";a="630153811"
X-Received: from liyi4-desktop.ccr.corp.intel.com ([10.239.153.82])
  by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Mar 2023 21:28:38 -0700
From: "Li, Yi" <yi1.li@intel.com>
To: devel@edk2.groups.io
Cc: Yi Li <yi1.li@intel.com>
Subject: [edk2-devel] [edk2-staging/OpenSSL11_EOL 4/7] Readme: 0315 update
Date: Fri, 17 Mar 2023 12:28:16 +0800
Message-Id: 
 <4affc0f9504ad7f1a2164ad3877eb6ed4a8d41b6.1679026329.git.yi1.li@intel.com>
In-Reply-To: <cover.1679026329.git.yi1.li@intel.com>
References: <cover.1679026329.git.yi1.li@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,yi1.li@intel.com
X-Gm-Message-State: Yz1mbSTvRFfaEy94wtVk8j9ex1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1679027330;
 bh=dUn2rEvqtTp27cnaYsQ3f+qvmk4+/ViEMdxU1y9PM2w=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=K2vzFJryCk/c6hf61LwQUY/0B05JT/bPDbRe0Ng5ANRbdGzWEa0bvgrSViFZAD+sFe9
 cPK7zb63NgaISZKD5YXiepAHDb/UvLArUlx3Ae8cv7Z19rXiD9b4xVlT8RgkxkIpts/Th
 +tVkVEpeie3f2S0yYB0H6EQ0X0LZ32RYmSs=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1679027332259100012
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Yi Li <yi1.li@intel.com>
---
 CryptoPkg/Readme-OpenSSL3.0.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/CryptoPkg/Readme-OpenSSL3.0.md b/CryptoPkg/Readme-OpenSSL3.0.md
index 8a0fc6afb0..3d4afa8ac1 100644
--- a/CryptoPkg/Readme-OpenSSL3.0.md
+++ b/CryptoPkg/Readme-OpenSSL3.0.md
@@ -21,14 +21,14 @@ Will update latest result here (Build based on Intel pl=
atform).
 |-----------------|------------|------------|------------| =20
 |CryptoPei        |   386      |    398     |    3.1%    | =20
 |CryptoPeiPreMem  |   31       |    31      |    0%      | =20
-|CryptoDxe        |   804      |    917     |    14%     | =20
-|CryptoSmm        |   558      |    636     |    14%     | =20
+|CryptoDxe        |   804      |    886     |    10.1%   | =20
+|CryptoSmm        |   558      |    604     |    8.2%    | =20
=20
 | LZMA Compressed |   1.1.1    |    3.0     |   percent  | =20
 |-----------------|------------|------------|------------| =20
-|CryptoDxe        |   311      |    360     |    15%     | =20
-|CryptoSmm        |   211      |    248     |    17%     | =20
-|FV (Dxe+Smm)     |   357      |    423     |    18%     | =20
+|CryptoDxe        |   311      |    350     |    12.2%   | =20
+|CryptoSmm        |   211      |    238     |    12.8%   | =20
+|FV (Dxe+Smm)     |   357      |    412     |    15.4%   | =20
=20
 ## Limitation
=20
@@ -64,11 +64,10 @@ MD5 --> PEM --> CryptoPem(Ec\RsaGetPrivateKeyFromPem): =
used in Pkcs7Sign and Uni
=20
 ### 3.Disable algorithm auto init
 Add -DOPENSSL_NO_AUTOALGINIT will disable OpenSsl from adding all digests =
and ciphers at initialization time. =20
-Can reduce the size by ~20KB. =20
+Can reduce the size by 27KB. =20
 #### Risk:
 OPENSSL_NO_AUTOALGINIT Will break PKCS7, Authenticode and Ts due to OpenSs=
l bug: =20
 https://github.com/openssl/openssl/issues/20221 =20
-Currently only available when compiling PEI. =20
=20
 ### 4.Cut Name/NID mapping
 There are some unreasonably huge arrays(~110KB) in the obj_dat.h and obj_x=
ref.h, like: =20
@@ -79,6 +78,7 @@ Removing unnecessary data can reduce the size by ~50KB.
 1. DXE and SMM use more functions than PEI, so can only reduce fewer size.=
 =20
 2. Need a detailed script or readme. The best way is to automatically cut =
through openssl config, raised issue in community: =20
 https://github.com/openssl/openssl/issues/20260 =20
+3. Will break Authticode API if applied to DXE SMM. =20
=20
 ### 5.Hash API downgrade (for PeiPreMem)
 High level API (EVP) will introduce provider and NID mapping which can inc=
rease size extremely. =20
@@ -97,8 +97,10 @@ This will become workaround if openssl doesn't accept su=
ch changes.
 https://github.com/liyi77/openssl/commits/openssl-3.0-POC =20
 Such as: =20
 remove x509 print function - 7KB =20
-remove unused ras ameth - 7KB =20
+remove unused rsa ameth - 7KB =20
 remove unused x509 extentions - 19KB =20
+remove unused bio enc - 3KB =20
+remove unused bio prov - 4KB =20
 ...
 #### Risk:
 This is workaround.
--=20
2.31.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101295): https://edk2.groups.io/g/devel/message/101295
Mute This Topic: https://groups.io/mt/97666990/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-