Open ilammy opened 4 years ago
You want to install themis which is statically compiled with some backend (openssl/boringssl) to not install openssl/boringssl to your system? Or you want some API to configure themis at runtime from your app with already initialized backend engine (like some "engine" object from openssl)?
You want to install themis which is statically compiled with some backend (openssl/boringssl) to not install openssl/boringssl to your system?
This.
It's about providing libthemis-boringssl0
packages that ship Themis with statically linked BoringSSL, along with the current alternative of libthemis0
that are linked against the system's OpenSSL.
You want to install themis which is statically compiled with some backend (openssl/boringssl) to not install openssl/boringssl to your system?
I would even go as far as remove the statically compiled openssl/boringssl at all. My suspicion is that from the whole openssl API, soter uses a very limited set of crypto operations, which could be just embedded (cherry-picked) into the soter code directly. openssl comes also with an extended X.509 API that it's not needed.
IMHO there are a number of advantages of not depending on any underlying SSL library.
@gene-eu @vixentael what's your take on this? Andrei
openssl comes also with an extended X.509 API that it's not needed
Modern linkers have a dead code elimination pass and are able to remove whatever code is unused during static linkage. Admittedly, it's coarse because OpenSSL encryption API uses EVP abstraction and we're using it through that, so it's not like linker will remove everything besides exactly the code Soter uses. But it should remove the libcrypto
bits that Soter definitely does not use, such as ASN.1, PKCS, PEM, X.509 parsers, probably most of the BIO code, etc. It will leave everything transitively used from generic EVP API though. OpenSSL has algorithm-specific API so it should probably be possible to avoid including even more code, such as unneeded algorithm implementations, if that's really necessary. And just for completeness, Soter does not use libssl
or link against it, so there will be no TLS-related code if static linkage is used.
To put some numbers to where my mouth is, here are sizes that Themis currently has with typical builds on a typical x86_64 machine with Linux.
Crypto backend linkage | On-disk size | In-memory size |
---|---|---|
Dynamic OpenSSL * | 0.16 MB (+ OpenSSL) | 2.92 MB |
Static OpenSSL | 2.50 MB total | 2.49 MB |
Static BoringSSL | 0.97 MB total | 0.96 MB |
* This is what is shipped in packaged binary form, everything else are custom builds.
That said, it seems I have been overoptimistic about linker capabilities, but I'm still fairly sure that we can do something about size optimizations (they were never a priority).
If memory is premium and static linkage is used for Themis as well, it's possible to shave off even more because the linker will throw out parts of Themis/Soter that are not used. For example, if the application does not use Secure Session or Comparator, they won't be included along with ed25519 handling code that they need. It won't throw things like RSA support even if it's not needed though, but there is some room for tailored builds if someone really needs to be minimal.
Install themis which is statically compiled with some backend (openssl/boringssl) It's about providing libthemis-boringssl0 packages that ship Themis with statically linked BoringSSL, along with the current alternative of libthemis0 that are linked against the system's OpenSSL.
This changes responsibility to maintain/update crypto-engine from users to us. We don't follow Open/Boring/LibraSSL updates so carefully.
Also, I imagine situations, where app has 3 dependencies that use crypto-engine, if all of them are using static libs, it means 3 versions of crypto-engine will be installed (↑ app size, ↑ duplicated symbols?).
I'm not against shipping Themis with statically linked BoringSSL (libthemis-boringssl0
), but we are jumping into updating dependencies more often water. Especially with BoringSSL, as even Google doesn't support versioning and doesn't recommend to link to master.
which could be just embedded (cherry-picked) into the soter code directly
potential use for embedded devices and sensors with low resources available
being able to better interface with packages and framework such as SwiftNIO SSL that come with their own implementation of TLS
TLDR:
a. I'm completely against cherry-picking openssl/boringssl code into Soter and maintaining it on our own. Due to numerous reasons: security, "do not implement your own crypto", maintainability and speed of fixes.
b. I'm not against shipping yet-another-Themis with statically linked BoringSSL package, but it should solve some real world use-cases. What use-case are we trying to solve here?
libthemis-boringssl
is probably going to be a thing starting with Themis 0.14. It is already implemented in #683, but it definitely needs more testing.
Is your feature request related to a problem? Please describe. Current packaging options for Themis provide only packages that rely on system's OpenSSL. This is convenient on general-purpose server platforms. However, more and more deployments forgo TLS support entirely, leaving it to edge machines, with data-processing ones not having a need to include OpenSSL. Embedded systems may not fit the entire OpenSSL library too.
Describe the solution you'd like to see It would be nice for Themis to ship with prebuilt packages that don't depend on system OpenSSL, using embedded BoringSSL.
Describe alternatives you've considered Current alternative is to build Themis from source to use it with applications that already use BoringSSL and do not rely on systems's OpenSSL. This is more involved that installing it from the package, but should work.