Re: Discussions on development of the OpenSSL library: is the openssl footprintoptimization an attractive axis of enhancement

Thu, 28 Nov 2002 11:17:33 -0800 

On Thu, Nov 28, 2002 at 05:11:10PM +0100, [EMAIL PROTECTED] wrote:
> I'm currently involved in security projects that aim to embed in industrial
> devices ( minimal hardware ) an ssl extension of implemented protocols. The
> targeted footprint of the ssl library must be less than 80k bytes. (
> available memory on devices is < 300k  ).
> 
> Current available solutions are based on existing, proprietary and cost
> expensive library.
> 
> Another( preferred) way is to base our work on the current openssl
> implementation and then to optimize it. But in this case, the main question
> I have is : if we make such contribution to the openssl project, could we
> expect that these enhancements will be integrated in the current project ?

We have seen several inquiries on a small-footprint OpenSSL library,
so I am sure that quite a lot of people would be interested in your
project.
With respect to integration into OpenSSL: we are definitely interested.
You should however be aware, that the acceptance will depend on the
quality and intrusiveness of the patch you create.
I would therefore recommend to discuss required changes early, maybe
the overall concept you intend to apply, so that the work can be
coordinated effectively. Maybe you will find other people wishing
to work with you on this issue.

Please be aware, that you are in front of a not-so-simple task.
Using SSL requires cryptographic algorithms which will need bignum
support. Certificates must be checked, such that ASN.1 support must
be there and the verification itself of course must be present.
Did you know, that TLS defines a maximum message size of 16k?
This means that you at least need 5% of your precious 300k as a buffer
for one connection for just the incoming data?

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to