Re: OpenSSL in an embedded environment
My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: Gregg Gibson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL in an embedded environment
On Fri, 04 May 2001 08:52:13 -0400 "Gregg Gibson" [EMAIL PROTECTED] wrote: My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: "Gregg Gibson" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL in an embedded environment
I am also thinking about to port openssl to an embedded system and noticed the the discussion. What sizes have you come down to ? and does your embeded system have filestorage ? fopen() or is the certificates stored in char []? The core question is what i takes to port it to an embeded system. Best Regards Andreas Bäck [EMAIL PROTECTED] 05/04/01 03:58PM On Fri, 04 May 2001 08:52:13 -0400 Gregg Gibson [EMAIL PROTECTED] wrote: My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: Gregg Gibson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] http://www.rondan.co.jp [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL in an embedded environment
On Fri, 04 May 2001 21:58:44 +0900 RONDAN [EMAIL PROTECTED] wrote: On Fri, 04 May 2001 08:52:13 -0400 "Gregg Gibson" [EMAIL PROTECTED] wrote: My plan is to use OpenSSL to provide crypto for ucd-snmp (which uses des, md5, and sha) and ssl for a web server (using rsa, 3des, and sha or md5). I will also use it for certificate generation. I'm going to do some code and makefile editing to get rid of everything else I can, which I think includes bf, dh, dsa, hmac, idea, md2, md4, mdc2, pkcs7, rc2, rc4, rc5, and ripemd. Does that sound reasonable? From: Dr S N Henson Subject: Re: OpenSSL in embedded environment Date: Sat, 28 Apr 2001 13:45:09 -0700 You may well have some 'fiddling' to substantially reduce the size of OpenSSL. It all depends on what you want to use it for and what support you need. For example if you don't need PKCS#12 support you can delete everything in crypto/pkcs12. Then the fiddling starts because it probably wont compile any more and you'll have to edit makefiles and source files that reference PKCS#12 code. If you're just doing crypto without SSL or any ASN1 support you can probably delete almost everything. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ - Original Message - From: "Gregg Gibson" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 30, 2001 8:59 AM Subject: Resending: OpenSSL in an embedded environment I apoligize for sending this question again. The email account I was using has proved to be too unreliable, so I have switched to a different account. Has anyone had any experience with OpenSSL in an embedded environment? I'm trying to trim libcrypto.a and libssl.a down to a reasonable size for an embedded project. I've turned off all but the few ciphers that I need, and that only trimmed off about 200kB. (The ciphers that I kept are des, rsa, md5, and sha.) I'd like to get both of those libraries to be much smaller. Any suggestions? _ Get your FREE download of MSN Explorer at http://explorer.msn.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] $BO@CL!!!&!!#R#O#N#D#A#N(B $B%[!<%`%Z!<%8!!!'(Bhttp://www.rondan.co.jp $BEE;R%a!<%k!'([EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL in an embedded environment
I have (possibly) a similar problem. But just for the sake of completeness, is anyone aware of a port to VxWorks? If I could hook up with the poor sod that's been through this before that would probably save my hair at least. -lee __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]