[openssl-users] Reg : Openssl peak memory usage

Jakob Bohm jb-openssl at wisemo.com
Mon Oct 12 15:50:16 UTC 2015 

On 12/10/2015 09:39, Sindhu S. (sins) wrote:
>
> Hi all,
>
> We are planning to run on openwrt router(Embedded device) and trying 
> to understand the memory requirement.
>
> I would like to know,  what’s the run time memory ,peak memory .
>
> Please let me know ,if  there is  any documentation,  tool , or 
> command to do the same.
>
Because OpenSSL is a library, the memory requirement
depends a lot on whatever it is used for.

For example, if OpenSSL is used for the https web user
interface, some of the memory will be allocated for
each simultaneous connections from the web browser(s)
to the router.

If OpenSSL in a server is used for client certificate
validation (logging in with user certificates), there
should be additional memory used for every trusted CA
certificate in the configuration (because they all
need to be sent to the other end as part of the request
for user authentication).

If OpenSSL is used in an SSL client (such as curl or
wget), and the trusted CA certificates are stored in
the flash file system using the "hashed symlinks"
technique, there will usually only be a need to load
the actually used CA certificate into memory, while
the alternative of putting all the trusted CA
certificates in a single file requires them all to be
loaded into memory.

When using the openssl command line tool, the amount of
memory used depends heavily on the command and data
specified.

In the end, there is no substitute for measuring the
actual process memory usage during the actual intended
load scenarios.  For long running processes (such as
the http server process), this can be done by simply
reading the various files under /proc/<pid>/ and
comparing different uses and configurations.  For short
running processes (such as wget, curl or the openssl
command line tool), there is probably some generic
UNIX/Linux command to report this, similar to how the
"time" command can measure execution time.

> Below are the details of kernel version and openssl version.
>
> 519 => openssl version
>
> OpenSSL 1.0.1f 6 Jan 2014
>
(Pretty old, there have been lots of security fixes
since then).

> 521 => uname -a
>
> Linux snbi-tb-c 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 
> UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
Hmm, that looks like a desktop, most OpenWrt installs are
on MIPS or ARM, though I have seen it on low end x86 too
(such as Geode and Via CPUs).

P.S.

On most existing OpenWrt installs, there is actually
plenty of RAM, but a shortage of flash storage space,
though exceptions have occurred.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list