OPENSSL_SMALL_FOOTPRINT

Manish Patel manish.patel2 at broadcom.com
Mon Apr 24 13:59:10 UTC 2023 

Hi,

  I am trying to upgrade from 1.1.1c to 3.0.8.

However doing so increases the libcrypto.a size tremendously.

Some .so we create increased by 1.6MB, which is ~38% increase.

It increases our final binary size by 1.1M which is ~27% increase
to our previous (using 1.1.1c) binary and very much unacceptable
in our environment.

Above increase is despite of reducing all unused modules as follows:
  no-afalgeng \
  no-aria \
  no-asan \
  no-asm \
  no-async \
  no-autoalginit \
  no-autoerrinit \
  no-autoload-config \
  no-bf \
  no-blake2 \
  no-camellia \
  no-capieng \
  no-cast \
  no-comp \
  no-cms \
  no-crypto-mdebug \
  no-crypto-mdebug-backtrace \
  no-ct \
  no-deprecated \
  no-devcryptoeng \
  no-dgram \
  no-dsa \
  no-dso \
  no-dtls \
  no-dynamic-engine \
  no-ec2m \
  no-ecdh \
  no-ecdsa \
  no-ec_nistp_64_gcc_128 \
  no-egd \
  no-engine \
  no-err \
  no-external-tests \
  no-filenames \
  no-fuzz-libfuzzer \
  no-fuzz-afl \
  no-gost \
  no-heartbeats \
  no-hw \
  no-idea \
  no-makedepend \
  no-md2 \
  no-md4 \
  no-mdc2 \
  no-msan \
  no-multiblock \
  no-nextprotoneg \
  no-pinshared \
  no-ocb \
  no-ocsp \
  no-pic \
  no-posix-io \
  no-psk \
  no-rc2 \
  no-rc4 \
  no-rc5 \
  no-rdrand \
  no-rfc3779 \
  no-rmd160 \
  no-scrypt \
  no-sctp \
  no-seed \
  no-shared \
  no-siphash \
  no-sm2 \
  no-sm3 \
  no-sm4 \
  no-sock \
  no-srp \
  no-srtp \
  no-sse2 \
  no-ssl \
  no-ssl2 \
  no-ssl-trace \
  no-static-engine \
  no-stdio \
  no-threads \
  no-tls \
  no-ts \
  no-ubsan \
  no-ui-console \
  no-unit-test \
  no-whirlpool \
  no-weak-ssl-ciphers \
  no-zlib \
  no-zlib-dynamic \
  no-ssl3 \
  no-ssl3-method \
  no-tls1 \
  no-tls1-method \
  no-tls1_1 \
  no-tls1_1-method \
  no-tls1_2 \
  no-tls1_2-method \
  no-tls1_3 \
  no-dtls1 \
  no-dtls1-method \
  no-dtls1_2 \
  no-dtls1_2-method \
  no-acvp-tests \
  no-cached-fetch \
  no-cmp \
  no-dso \
  no-fips \
  no-fips-securitychecks \
  no-ktls \
  no-loadereng \
  no-module \
  no-padlockeng \
  no-siv \
  no-tests \
  no-trace \
  no-uplink \

I introduced OPENSSL_SMALL_FOOTPRINT, which barely reduced size by ~100KB!
Any ideas?

Thank you
Manish.



-- 
This electronic communication and the information and any files transmitted 
with it, or attached to it, are confidential and are intended solely for 
the use of the individual or entity to whom it is addressed and may contain 
information that is confidential, legally privileged, protected by privacy 
laws, or otherwise restricted from disclosure to anyone else. If you are 
not the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, you are hereby notified that any use, 
copying, distributing, dissemination, forwarding, printing, or copying of 
this e-mail is strictly prohibited. If you received this e-mail in error, 
please return the e-mail to the sender, delete it from your computer, and 
destroy any printed copy of it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4211 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230424/a504d325/attachment-0001.p7s>

More information about the openssl-users mailing list