Adding standalone RSA code
Luigi Rizzo
rizzo at icir.org
Fri Dec 10 02:24:46 PST 2004
On Fri, Dec 10, 2004 at 10:14:44AM +0000, Mark Murray wrote:
...
> > >>I was comparing /usr/lib/libcrypto.a (1.7 MB on my system) to the sum
> > >>of the sizes of the object files built from my library code (38 kB).
> > >>
> > >>If you look at the number of lines of C files (counted using `wc -l`
> > >>since I don't want to bother installing sloccount), my code is 1489
> > >>lines compared to openssl's 202982 lines.
...
> > I don't have a version using openssl, but my key generation program
> > (statically linked against my crypto code) is 37kB, while a program
> > which calls RSA_generate_key (statically linked against openssl) is
> > 240kB. So even under the most favourable conditions (adding overhead
> > to my code but not to openssl) it's a size ratio of more than 6.
>
> Hmm.
>
> I must profess to having a degree of discomfort with duplicated
> functionality.
on the other hand, there are far too many reasons to prefer a small
implementation over a dinosaur like openssl.
Consider that people do use freebsd for small
appliances where size does count, even for the time it takes
to load and initialize all the unused code, and navigate through
lists of indirections to reach the methods you actually need.
But size apart, it does not give me a huge sense of security to
use a 200k-lines-of-code library to do something that could be
done in 1500. Even if highly scrutinized, 200k-lines is far beyond
the review ability of the average human being, so the chance of
bugs, however stupid they can be (but security holes are often like this)
is a lot higher.
cheers
luigi
> 240k is not a big binary, and it sounds like your applet is one that
> may get heavy use. Its not built for speed; how much of a problem is
> this? If OpenSSL grows hardware BigNum support, your app will not
> benefit; how will this affect the user? Is size really a concern?
> I can't find a disk smaller than 10 GB at my local dealer.
>
> M
> --
> Mark Murray
> iumop ap!sdn w,I idlaH
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
More information about the freebsd-arch
mailing list