I'm trying to merge the work from Martin Witzel (openssl-e dated from
Nov. 2003) to reduce the OpensSSL footprint (for 386'er x86). With
OpenSSL 0.9.7 is was able to reduce the library size down to
1070834 bytes libcrypto.a
159774 bytes libssl.a
if only DES, MD5, RSA and SHA are used. Now with OpenSSL 0.9.8 the libs
are much bigger
1208692 bytes libcrypto.a
no-sha256 no-sha512 no-ec no-hw? These are largest 0.9.8 "newcomers"
according to 'size libcrypto.a | sort -n'. I suppose you already do
no-sha0? On related note, no-asm doesn't necessarily mean smaller code,
rather contrary...
and I was not able to remove DSA (yes, I know RFC2246 requires DSA but
OpenVPN is linked staticly without TLS support so this is not a
concern). The resulting OpenVPN binary is 208623 bytes larger which
quite much.
I have a couple of questions:
a) I wonder if there is anyone else working on something to reduce the
footprint from OpenSSL?
You can now run into #ifdef OPENSSL_SMALL_FOOTPRINT clauses in OpenSSL
code. Simplest way to engage it is to pass -DOPENSSL_SMALL_FOOTPRINT
argument at ./config command line. But don't hold your breath, at least
not for now, as it still affects very few modules, most notably sha,
bignum and des [in HEAD]. And it should be naturally complemented with
"optimize for size" compiler flag, e.g. in gcc context -O2 is appropriate.
c) If I get the previous openssl-e patch set working again is there a
way to get the patch merged to the OpenSSL core?
Common mistake contributors tend to do is suggesting large intrusive
patches for released code-bases. Intrusive patches are less likely to
get through there, so forget stable releases! Target the development
branch! You have way better chances there. Don't accumulate too much
changes for submission, suggest smaller patches and complement them with
meaningful rationale. Describe the problems you've ran into, instead of
just "this fixed my problem." Another keyword is to motivate OpenSSL
team members somehow. E.g. explicitly state what free software project
you're working on, provide reference and tell why it's important. A.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
