It's been a while since I applies OpenSSL to a pure embedded
environment, but it's quite doable.

No RAM figures available now, but such are very application dependent
anyway (how many connections are open at the same time; how many SSL
contexts, etc.etc.); I find coding the functionality in a portable way
so that you can run it on a desktop box too (Win32 or UNIX) is quite
useful here as well: there you've got a plethora of tools to monitor
task memory usage, so you can see what the footprint will be about.
(Compiler and platform differences...)

One can cut down the ROM footprint of OpenSSL as well by configuring
it to use a reduced number of crypto algorithms (the various 'no-xyz'
config options, where xyz is a cipher, e.g. no-rc5).
Then there's the choice whether or not to support 'engines' and you
can also select which SSL protocols you wish to support in your
embedded build (NO_SSL2), further reducing your code size.

>From there, it's stripping some definition tables, which reference
functions, e.g. in the SSL, EVP and BIO sections, which, when you want
to eke out every last byte of ROM space, must be done by tweaking the
code in a few spots. This helps the linker as a few more functions can
then be discarded. But take heed: this is reduction process which is
highly dependent on your particular needs.

Since OpenSSL uses several standard C run-time library calls (such as
the FILE* I/O functions -- which can be stripped as well, using NO_FP)
I have found that the easiest route there is to simulate those when
the embedded system does not offer such libraries.

It's been too long ago and my brain is too fuzzy about it to mention
RAM/ROM foo5tprint numbers now I obtained that way back then. The
major work on this was back around Y2K.


So far, my 2 cents.


On Tue, Sep 29, 2009 at 8:29 PM, Jose Stein <jlui...@gmail.com> wrote:
> Hello,
>
> I am looking for benchmarks on OpenSSL RAM usage in embedded devices. Also
> trying to find ways to reduce it. Any pointers?
>
> I understand it should be an FAQ but does not seem to be in the list.
>
> Thanks,
>
> JLS
>



-- 
Met vriendelijke groeten / Best regards,

Ger Hobbelt

--------------------------------------------------
web:    http://www.hobbelt.com/
        http://www.hebbut.net/
mail:   g...@hobbelt.com
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to