From owner-freebsd-arch@FreeBSD.ORG Fri Dec 10 10:24:45 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D80DD16A4CE; Fri, 10 Dec 2004 10:24:45 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F14C43D5E; Fri, 10 Dec 2004 10:24:45 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.8) with ESMTP id iBAAOiOB011963; Fri, 10 Dec 2004 02:24:44 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id iBAAOiNH011962; Fri, 10 Dec 2004 02:24:44 -0800 (PST) (envelope-from rizzo) Date: Fri, 10 Dec 2004 02:24:44 -0800 From: Luigi Rizzo To: Mark Murray Message-ID: <20041210022444.A11833@xorpc.icir.org> References: <41B96772.4010000@wadham.ox.ac.uk> <200412101014.iBAAEict086798@grovel.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200412101014.iBAAEict086798@grovel.grondar.org>; from markm@freebsd.org on Fri, Dec 10, 2004 at 10:14:44AM +0000 cc: Colin Percival cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2004 10:24:46 -0000 On Fri, Dec 10, 2004 at 10:14:44AM +0000, Mark Murray wrote: ... > > >>I was comparing /usr/lib/libcrypto.a (1.7 MB on my system) to the sum > > >>of the sizes of the object files built from my library code (38 kB). > > >> > > >>If you look at the number of lines of C files (counted using `wc -l` > > >>since I don't want to bother installing sloccount), my code is 1489 > > >>lines compared to openssl's 202982 lines. ... > > I don't have a version using openssl, but my key generation program > > (statically linked against my crypto code) is 37kB, while a program > > which calls RSA_generate_key (statically linked against openssl) is > > 240kB. So even under the most favourable conditions (adding overhead > > to my code but not to openssl) it's a size ratio of more than 6. > > Hmm. > > I must profess to having a degree of discomfort with duplicated > functionality. on the other hand, there are far too many reasons to prefer a small implementation over a dinosaur like openssl. Consider that people do use freebsd for small appliances where size does count, even for the time it takes to load and initialize all the unused code, and navigate through lists of indirections to reach the methods you actually need. But size apart, it does not give me a huge sense of security to use a 200k-lines-of-code library to do something that could be done in 1500. Even if highly scrutinized, 200k-lines is far beyond the review ability of the average human being, so the chance of bugs, however stupid they can be (but security holes are often like this) is a lot higher. cheers luigi > 240k is not a big binary, and it sounds like your applet is one that > may get heavy use. Its not built for speed; how much of a problem is > this? If OpenSSL grows hardware BigNum support, your app will not > benefit; how will this affect the user? Is size really a concern? > I can't find a disk smaller than 10 GB at my local dealer. > > M > -- > Mark Murray > iumop ap!sdn w,I idlaH > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"