Topic: [SOLVED] wolfSSL minimal RSA build

Hi!

I need as small as possible build of wolfssl.lib (Windows, Visual Studio) with full RSA support (key-pair generation, encryption/decryption). Without any build flags and additional definitions the lib file size was about 1.8 Mb. I used some flags from manual such as NO_DSA and size became ~1.4MB.
I also saw in manual that its possible to get a 20-100 Kb version somehow. Or its only PSK version?
What i have to do to reduce the size < 200 Kb at least?



Many thanks to your answers)

Share

2 (edited by Kaleb J. Himes 2016-11-08 14:59:06)

Re: [SOLVED] wolfSSL minimal RSA build

Hi borodatiyPupok,

Just one question before suggesting configuration settings. Do you need TLS/SSL, are you building a networked application or do you purely only need RSA key gen and RSA encrypt/decrypt? Are you expecting any other functionality whatsoever?

I also saw in manual that its possible to get a 20-100 Kb version somehow. Or its only PSK version?
What i have to do to reduce the size < 200 Kb at least?

20 Kb is PSK only, and would be very difficult to achieve with public key algorithms. To get < 200Kb we'll have to determine your use case IE answers to the above question.


Kind Regards,

Kaleb

Re: [SOLVED] wolfSSL minimal RSA build

Hi borodatiyPupok,

If that is indeed your desired use case here are some defines to get you started. You should add these to the file <wolfssl-root>\IDE\WIN\user_settings.h on your windows platform. If you are just using the library project you can place these inside the "WOLFSSL_LIB" section.

#undef  TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT

/* for maximum security */
#undef  WC_RSA_BLINDING
#define WC_RSA_BLINDING

#undef  NO_DSA
#define NO_DSA

/* saves some space, reference <wolfssl-root>/wolfssl/wolfcrypt/error-crypt.h 
 * for determining an error codes meaning instead.
 */
#undef  NO_ERROR_STRINGS
#define NO_ERROR_STRINGS

#undef  NO_WOLFSSL_MEMORY
#define NO_WOLFSSL_MEMORY

#undef  NO_DH
#define NO_DH

#undef  NO_AES
#define NO_AES

#undef  NO_CODING
#define NO_CODING

#undef  WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE

#undef  NO_RC4
#define NO_RC4

#undef  NO_MD5
#define NO_MD5

#undef  NO_SHA
#define NO_SHA

#undef  NO_OLD_TLS
#define NO_OLD_TLS

#undef  NO_HC128
#define NO_HC128

#undef  NO_RABBIT
#define NO_RABBIT

#undef  HAVE_HASHDRBG
#define HAVE_HASHDRBG

#undef  NO_MD4
#define NO_MD4

#undef  NO_PWDBASED
#define NO_PWDBASED

#undef  WOLFCRYPT_ONLY
#define WOLFCRYPT_ONLY

#undef  USE_FAST_MATH
#define USE_FAST_MATH

Regards,

Kaleb

Re: [SOLVED] wolfSSL minimal RSA build

Thanks for your answer!

Yeah, i need only RSA key gen and RSA encrypt/decrypt, no client/server stuff and other crypto algorithms.
I tried to insert your code in config.h, recompiled "wolfssl" project, but lib size is still big - 968 Kb. I dont understand this.
Here my "user_settings.h" file:

#ifndef _WIN_USER_SETTINGS_H_
#define _WIN_USER_SETTINGS_H_

/* Verify this is Windows */
#ifndef _WIN32
#error This user_settings.h header is only designed for Windows
#endif

/* Configurations */
#if defined(HAVE_FIPS)
    /* FIPS */
    #define OPENSSL_EXTRA
    #define HAVE_THREAD_LS
    #define WOLFSSL_KEY_GEN
    #define HAVE_AESGCM
    #define HAVE_HASHDRBG
    #define WOLFSSL_SHA384
    #define WOLFSSL_SHA512
    #define NO_PSK
    #define NO_HC128
    #define NO_RC4
    #define NO_RABBIT
    #define NO_DSA
    #define NO_MD4
#elif defined(WOLFSSL_LIB)
    /* The lib */

    //#define OPENSSL_EXTRA
    //#define WOLFSSL_RIPEMD
    //#define WOLFSSL_SHA512
    #define NO_PSK
    //#define HAVE_EXTENDED_MASTER
    //#define WOLFSSL_SNIFFER
    
//"WOLFSSL_LIB" section.

#undef  TFM_TIMING_RESISTANT
//#define TFM_TIMING_RESISTANT

/* for maximum security */
#undef  WC_RSA_BLINDING
//#define WC_RSA_BLINDING

#undef  NO_DSA
#define NO_DSA

/* saves some space, reference <wolfssl-root>/wolfssl/wolfcrypt/error-crypt.h
* for determining an error codes meaning instead.
*/
#undef  NO_ERROR_STRINGS
#define NO_ERROR_STRINGS

#undef  NO_WOLFSSL_MEMORY
#define NO_WOLFSSL_MEMORY

#undef  NO_DH
#define NO_DH

#undef  NO_AES
#define NO_AES

#undef  NO_CODING
#define NO_CODING

#undef  WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE

#undef  NO_RC4
#define NO_RC4

#undef  NO_MD5
#define NO_MD5

#undef  NO_SHA
#define NO_SHA

#undef  NO_OLD_TLS
#define NO_OLD_TLS

#undef  NO_HC128
#define NO_HC128

#undef  NO_RABBIT
#define NO_RABBIT

#undef  HAVE_HASHDRBG
//#define HAVE_HASHDRBG

#undef  NO_MD4
#define NO_MD4

#undef  NO_PWDBASED
#define NO_PWDBASED

#undef  WOLFCRYPT_ONLY
#define WOLFCRYPT_ONLY

#undef  USE_FAST_MATH
#define USE_FAST_MATH
    

#else
    /* The servers and clients */
    #define OPENSSL_EXTRA
    #define NO_PSK
#endif /* HAVE_FIPS */

#endif /* _WIN_USER_SETTINGS_H_ */

I also attached compilation result screenshot.

Share

Re: [SOLVED] wolfSSL minimal RSA build

Hmm I dont see my attachment. Here s a link for it:
https://postimg.org/image/a7ifvslg5/

Share

6 (edited by Kaleb J. Himes 2016-11-14 14:00:54)

Re: [SOLVED] wolfSSL minimal RSA build

Hi borodatiyPupok,

The image you sent shows the static lib only. To see the true size of an application could you try compiling the application that will statically link to wolfssl.lib and check the resulting size of the app? The static lib will contain many portions of code that will get optimized out in an executable. Also I suspect you may be building one of the Debug builds with the size you are seeing. In MSVS go to "Build->Configuration Manager...-> set wolfssl to "Release" ".

To illustrate I'll include the build sizes I see with DEBUG and RELEASE builds and also compare the lib size to the executable size:

DEBUG BUILD for x64:

-rwx------+ 1 boz_windows None  839680 Oct 24 08:19 testsuite.exe
-rwx------+ 1 boz_windows None  608332 Oct 24 08:19 testsuite.ilk
-rwx------+ 1 boz_windows None 1338368 Oct 24 08:19 testsuite.pdb
-rwx------+ 1 boz_windows None 1940904 Oct 24 08:19 wolfssl.lib

lib           = 1,940,904 (nearly 2 Mb)
testsuite.exe = 839,680    (839K)

NOTE: The .lib is much larger than testsuite.exe but testsuite.exe is compiled with the static library. You can see much of the code was optimized out for testsuite.exe

RELEASE BUILD for x64:

-rwx------+ 1 boz_windows None  390144 Nov 14 12:46 testsuite.exe
-rwx------+ 1 boz_windows None  969728 Nov 14 12:46 testsuite.pdb
-rwx------+ 1 boz_windows None 3346028 Nov 14 12:46 wolfssl.lib

lib           = 3,346,028 (3.3 Mb)
testsuite.exe = 390,144    (390K)

Even though the .lib is larger in release mode you can see the executable is far more optimized (839k to 390k) so the size was reduced by more than half. I did these tests with the default configure settings of the windows project. Please try comparing the same with your configure settings and let me know the results.

Re: [SOLVED] wolfSSL minimal RSA build

I compiled rsa key generation code and linked wolfssl lib in 'Release' mode.
EXE file is about 50Kb. Magic smile

Really appreciate your help, Kaleb. You're great!

Share

Re: [SOLVED] wolfSSL minimal RSA build

Hi borodatiyPupok,

I am thrilled we were able to get the executable down to an acceptable size for your needs! Thank you for using the wolfSSL support forums.


Warm Regards,

Kaleb