Date: Fri, 10 Dec 2004 02:24:44 -0800 From: Luigi Rizzo <rizzo@icir.org> To: Mark Murray <markm@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code Message-ID: <20041210022444.A11833@xorpc.icir.org> In-Reply-To: <200412101014.iBAAEict086798@grovel.grondar.org>; from markm@freebsd.org on Fri, Dec 10, 2004 at 10:14:44AM %2B0000 References: <41B96772.4010000@wadham.ox.ac.uk> <200412101014.iBAAEict086798@grovel.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 10, 2004 at 10:14:44AM +0000, Mark Murray wrote: ... > > >>I was comparing /usr/lib/libcrypto.a (1.7 MB on my system) to the sum > > >>of the sizes of the object files built from my library code (38 kB). > > >> > > >>If you look at the number of lines of C files (counted using `wc -l` > > >>since I don't want to bother installing sloccount), my code is 1489 > > >>lines compared to openssl's 202982 lines. ... > > I don't have a version using openssl, but my key generation program > > (statically linked against my crypto code) is 37kB, while a program > > which calls RSA_generate_key (statically linked against openssl) is > > 240kB. So even under the most favourable conditions (adding overhead > > to my code but not to openssl) it's a size ratio of more than 6. > > Hmm. > > I must profess to having a degree of discomfort with duplicated > functionality. on the other hand, there are far too many reasons to prefer a small implementation over a dinosaur like openssl. Consider that people do use freebsd for small appliances where size does count, even for the time it takes to load and initialize all the unused code, and navigate through lists of indirections to reach the methods you actually need. But size apart, it does not give me a huge sense of security to use a 200k-lines-of-code library to do something that could be done in 1500. Even if highly scrutinized, 200k-lines is far beyond the review ability of the average human being, so the chance of bugs, however stupid they can be (but security holes are often like this) is a lot higher. cheers luigi > 240k is not a big binary, and it sounds like your applet is one that > may get heavy use. Its not built for speed; how much of a problem is > this? If OpenSSL grows hardware BigNum support, your app will not > benefit; how will this affect the user? Is size really a concern? > I can't find a disk smaller than 10 GB at my local dealer. > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041210022444.A11833>