Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Resending: OpenSSL in an embedded environment

343 views
Skip to first unread message

Gregg Gibson

unread,
Apr 30, 2001, 9:02:10 AM4/30/01
to
I apoligize for sending this question again. The email account I was using
has proved to be too unreliable, so I have switched to a different account.

Has anyone had any experience with OpenSSL in an embedded environment? I'm
trying to trim libcrypto.a and libssl.a down to a reasonable size for an
embedded project. I've turned off all but the few ciphers that I need, and
that only trimmed off about 200kB. (The ciphers that I kept are des, rsa,
md5, and sha.) I'd like to get both of those libraries to be much smaller.
Any suggestions?

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Greg Stark

unread,
Apr 30, 2001, 10:39:03 AM4/30/01
to
No problem; Dr. Henson did attempt an answer to your question; see
(http://www.mail-archive.com/openss...@openssl.org/msg18489.html)


_____________________________________
Greg Stark
Ethentica, Inc.
gst...@ethentica.com
_____________________________________

Greg Stark

unread,
Apr 30, 2001, 4:27:54 PM4/30/01
to

Greg Stark

unread,
Apr 30, 2001, 5:45:31 PM4/30/01
to

Gregg Gibson

unread,
May 1, 2001, 3:44:45 AM5/1/01
to

Johan Adolfsson

unread,
May 2, 2001, 6:12:34 AM5/2/01
to
I have made some testing with Axis ETRAX100 chip and 2.038 uClinux and
the ETRAX100LX chip with Linux 2.4 (both using uC-libc).
A statically linked sslwrap is about 570kB and if I remove some cryptos
it goes down to about 470kB
(no-asm no-threads no-idea no-cast no-bf no-rc2 no-md2 no-md4
no-ripemd no-dsa no-dh no-dso )

I setup sslwrap to do forwarding to the boa webserver so I can do https,
(there are probably some more cryptos that can be removed and still make
it usable for https)

Still huge, but doable on 2MB flash, 8MB RAM system using Linux 2.4 and MMU.
On 2.0.38 uClinux (without MMU) it's hardly doable due to memory constraints
(in 2.4 I use cramfs instead of romfs så I get a lot of more RAM free)
If you have an MMU, running multiple instances of sslwrap (or stunnel)
is not that expensive since they can share the code in memory.

The openssl build system needs some patching to make openssl
crosscompilable.
(Some problem with openssh (autoconf is even worse at cross compile
support))

/Johan


> ----- Original Message -----
> From: "Gregg Gibson" <gibs...@hotmail.com>
> To: <openss...@openssl.org>
> Sent: Monday, April 30, 2001 8:59 AM
> Subject: Resending: OpenSSL in an embedded environment
>
>

0 new messages