Re: OpenSSL in an embedded environment

[Gregg Gibson]

My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
will also use it for certificate generation.

I'm going to do some code and makefile editing to get rid of everything else 
I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
pkcs7, rc2, rc4, rc5, and ripemd.

Does that sound reasonable?


From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
28 Apr 2001 13:45:09 -0700

You may well have some 'fiddling' to substantially reduce the size of 
OpenSSL. It all depends on what you want to use it for and what support you 
need.

For example if you don't need PKCS#12 support you can delete everything in 
crypto/pkcs12.

Then the fiddling starts because it probably wont compile any more and 
you'll have to edit makefiles and source files that reference PKCS#12 code.

If you're just doing crypto without SSL or any ASN1 support you can 
probably delete almost everything.

Steve.
--
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__




  - Original Message -
  From: Gregg Gibson [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Monday, April 30, 2001 8:59 AM
  Subject: Resending: OpenSSL in an embedded environment
 
 
   I apoligize for sending this question again.  The email account I was
  using
   has proved to be too unreliable, so I have switched to a different
  account.
  
   Has anyone had any experience with OpenSSL in an embedded environment?
I'm
   trying to trim libcrypto.a and libssl.a down to a reasonable size for 
an
   embedded project. I've turned off all but the few ciphers that I need,
and
   that only trimmed off about 200kB. (The ciphers that I kept are des,
rsa,
   md5, and sha.) I'd like to get both of those libraries to be much
smaller.
   Any suggestions?
  

_
Get your FREE download of MSN Explorer at http://explorer.msn.com

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL in an embedded environment

[RONDAN]

On Fri, 04 May 2001 08:52:13 -0400
"Gregg Gibson" [EMAIL PROTECTED] wrote:

 My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
 md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
 will also use it for certificate generation.
 
 I'm going to do some code and makefile editing to get rid of everything else 
 I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
 pkcs7, rc2, rc4, rc5, and ripemd.
 
 Does that sound reasonable?
 
 
 From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
 28 Apr 2001 13:45:09 -0700
 
 You may well have some 'fiddling' to substantially reduce the size of 
 OpenSSL. It all depends on what you want to use it for and what support you 
 need.
 
 For example if you don't need PKCS#12 support you can delete everything in 
 crypto/pkcs12.
 
 Then the fiddling starts because it probably wont compile any more and 
 you'll have to edit makefiles and source files that reference PKCS#12 code.
 
 If you're just doing crypto without SSL or any ASN1 support you can 
 probably delete almost everything.
 
 Steve.
 --
 Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
 Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
 Celo Communications: http://www.celocom.com/
 Core developer of the   OpenSSL project: http://www.openssl.org/
 Business Email: [EMAIL PROTECTED] PGP key: via homepage.
 __
 
 
 
 
   - Original Message -
   From: "Gregg Gibson" [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Monday, April 30, 2001 8:59 AM
   Subject: Resending: OpenSSL in an embedded environment
  
  
I apoligize for sending this question again.  The email account I was
   using
has proved to be too unreliable, so I have switched to a different
   account.
   
Has anyone had any experience with OpenSSL in an embedded environment?
 I'm
trying to trim libcrypto.a and libssl.a down to a reasonable size for 
 an
embedded project. I've turned off all but the few ciphers that I need,
 and
that only trimmed off about 200kB. (The ciphers that I kept are des,
 rsa,
md5, and sha.) I'd like to get both of those libraries to be much
 smaller.
Any suggestions?
   
 
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL in an embedded environment

[Andreas Back]

I am also thinking about to port openssl to an embedded system and noticed the 
the discussion. 
What sizes have you come down to ? and does your embeded system have filestorage ? 
fopen() or is the certificates 
stored in char []?

The core question is what i takes to port it to an embeded system.

Best Regards

Andreas Bäck



 [EMAIL PROTECTED] 05/04/01 03:58PM 

On Fri, 04 May 2001 08:52:13 -0400
Gregg Gibson [EMAIL PROTECTED] wrote:

 My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
 md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
 will also use it for certificate generation.
 
 I'm going to do some code and makefile editing to get rid of everything else 
 I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
 pkcs7, rc2, rc4, rc5, and ripemd.
 
 Does that sound reasonable?
 
 
 From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
 28 Apr 2001 13:45:09 -0700
 
 You may well have some 'fiddling' to substantially reduce the size of 
 OpenSSL. It all depends on what you want to use it for and what support you 
 need.
 
 For example if you don't need PKCS#12 support you can delete everything in 
 crypto/pkcs12.
 
 Then the fiddling starts because it probably wont compile any more and 
 you'll have to edit makefiles and source files that reference PKCS#12 code.
 
 If you're just doing crypto without SSL or any ASN1 support you can 
 probably delete almost everything.
 
 Steve.
 --
 Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/ 
 Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
 Celo Communications: http://www.celocom.com/ 
 Core developer of the   OpenSSL project: http://www.openssl.org/ 
 Business Email: [EMAIL PROTECTED] PGP key: via homepage.
 __
 
 
 
 
   - Original Message -
   From: Gregg Gibson [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Sent: Monday, April 30, 2001 8:59 AM
   Subject: Resending: OpenSSL in an embedded environment
  
  
I apoligize for sending this question again.  The email account I was
   using
has proved to be too unreliable, so I have switched to a different
   account.
   
Has anyone had any experience with OpenSSL in an embedded environment?
 I'm
trying to trim libcrypto.a and libssl.a down to a reasonable size for 
 an
embedded project. I've turned off all but the few ciphers that I need,
 and
that only trimmed off about 200kB. (The ciphers that I kept are des,
 rsa,
md5, and sha.) I'd like to get both of those libraries to be much
 smaller.
Any suggestions?
   
 
 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com 
 
 __
 OpenSSL Project http://www.openssl.org 
 User Support Mailing List[EMAIL PROTECTED] 
 Automated List Manager   [EMAIL PROTECTED] 
 

 



http://www.rondan.co.jp 
[EMAIL PROTECTED] 



__
OpenSSL Project http://www.openssl.org 
User Support Mailing List[EMAIL PROTECTED] 
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: OpenSSL in an embedded environment

[RONDAN]

On Fri, 04 May 2001 21:58:44 +0900
RONDAN [EMAIL PROTECTED] wrote:

 
 On Fri, 04 May 2001 08:52:13 -0400
 "Gregg Gibson" [EMAIL PROTECTED] wrote:
 
  My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, 
  md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5).  I 
  will also use it for certificate generation.
  
  I'm going to do some code and makefile editing to get rid of everything else 
  I can, which I think includes bf, dh, dsa, hmac, idea,  md2, md4, mdc2, 
  pkcs7, rc2, rc4, rc5, and ripemd.
  
  Does that sound reasonable?
  
  
  From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 
  28 Apr 2001 13:45:09 -0700
  
  You may well have some 'fiddling' to substantially reduce the size of 
  OpenSSL. It all depends on what you want to use it for and what support you 
  need.
  
  For example if you don't need PKCS#12 support you can delete everything in 
  crypto/pkcs12.
  
  Then the fiddling starts because it probably wont compile any more and 
  you'll have to edit makefiles and source files that reference PKCS#12 code.
  
  If you're just doing crypto without SSL or any ASN1 support you can 
  probably delete almost everything.
  
  Steve.
  --
  Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
  Personal Email: [EMAIL PROTECTED] Senior crypto engineer, 
  Celo Communications: http://www.celocom.com/
  Core developer of the   OpenSSL project: http://www.openssl.org/
  Business Email: [EMAIL PROTECTED] PGP key: via homepage.
  __
  
  
  
  
- Original Message -
From: "Gregg Gibson" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 30, 2001 8:59 AM
Subject: Resending: OpenSSL in an embedded environment
   
   
 I apoligize for sending this question again.  The email account I was
using
 has proved to be too unreliable, so I have switched to a different
account.

 Has anyone had any experience with OpenSSL in an embedded environment?
  I'm
 trying to trim libcrypto.a and libssl.a down to a reasonable size for 
  an
 embedded project. I've turned off all but the few ciphers that I need,
  and
 that only trimmed off about 200kB. (The ciphers that I kept are des,
  rsa,
 md5, and sha.) I'd like to get both of those libraries to be much
  smaller.
 Any suggestions?

  
  _
  Get your FREE download of MSN Explorer at http://explorer.msn.com
  
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing List[EMAIL PROTECTED]
  Automated List Manager   [EMAIL PROTECTED]
  
 
  
 
 $BO@CL!!!&!!#R#O#N#D#A#N(B   
 
 $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
 $BEE;R%a!<%k!'([EMAIL PROTECTED]
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing List[EMAIL PROTECTED]
 Automated List Manager   [EMAIL PROTECTED]
 

 

$BO@CL!!!&!!#R#O#N#D#A#N(B   

$B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp
$BEE;R%a!<%k!'([EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: OpenSSL in an embedded environment

[Dilkie, Lee]

I have (possibly) a similar problem. But just for the sake of completeness, is anyone 
aware of a port to VxWorks? If I could hook up with the poor sod that's been through 
this before that would probably save my hair at least.

-lee
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]