cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: stripping out unneccesary parts of libcrypto for smallestfootprint possible

From: Paul Romero <paulr_at_rcom-software.com>
Date: Wed, 08 Dec 2010 08:42:03 -0800

Hi Rhys:

This is not a complete solution but, these are the
flags I used to minimize the size of libgcrypt for
use with SFTP and SMTP. The flags enable SSL/TLS.
The desirability of disabling assembly stubs and
shared libraries depends the OS and CPU in the
target environment.

--disable-asm --disable-shared --enable-static
--enable-ciphers=arcfour,blowfish,des,aes
--enable-pubkey_ciphers=dsa,rsa
--enable-digests=md5,rmd160,sha1,sha256

RHYS TWELVES wrote:

> Thanks guys for all your suggestions.. Unfortunately, commercail
> restrictions mean I cannot look at using PolarSSL, and axTLS may come
> too late in my delivery schedule, but I've taken on board the
> suggestion to make the static const char*'s non-relocatable. One more
> question on this...If I know in advance from the web server host,
> which scheme they will be using (SSL2 or SSL3, SHA-256, etc), and I
> will only be communicating with that one site, can I just rip out all
> the encryption/decryption engine code for the other
> schemes? Cheers,-rhys
>
> -----------------------------------------------------------------------
> From: "Hu, Eric" <EHu_at_directv.com>
> To: libcurl development <curl-library_at_cool.haxx.se>
> Sent: Tuesday, 7 December, 2010 18:52:35
> Subject: RE: stripping out unneccesary parts of libcrypto for smallest
> footprint possible
>
> > > Unfortunately, the memory footprint of a cut-down (no-asm, no-des,
>
> > no-dsa,
> > > no-md2, no-rc2, no-rc4, no-cast, no-bf, no-krb5, no-hw) libcrypto
> is
> > still
> > > too much ~800kb.
> >
> > Depending on your licensing requirements, you might have a look at
> > polarssl.
> > Libcurl can be built to use it instead of openssl, and it weighs
> only
> > around 200kb.
> >
> > http://polarssl.org/
> >
> > - Jeff
> >
> I'm working on adding axTLS support right now and should have it ready
> in a week or two. It's even smaller than polarssl (<60k), but may not
> have all the features you're looking for. For instance, it only
> supports TLSv1 (ie, no SSLv3).
>
> http://axtls.sourceforge.net/
>
> Eric
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
> ----------------------------------------------------------------
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

--
Paul Romero
RCOM Communications Software
Phone/Fax: (510)339-2628
E-Mail: paulr_at_rcom-software.com

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-12-08