Size of Libgcrypt (and other libraries) and subsequent performance

Simon Josefsson simon at josefsson.org
Thu Apr 24 12:07:06 CEST 2008 

"Ashish Gupta" <ashishg2dec at gmail.com> writes:

> Hi,
>
> The size of the libraries (especially libgcrypt) claimed at
> http://www.gnu.org/software/gnutls/comparison.html is much lower than what
> is produced by default (note, the size claimed is 367kb whereas the defaule
> build for libgcrypt results in close of 1.2MB shared object). Can someone
> help in understanding how these binaries were created for the Debian and how
> can this much optimization be achieved?

Did you strip the library?  Debian libraries are stripped.

On my debian testing system, libgcrypt is now 421kb.  I'm not sure why
it is has grown so much.  If you are short on size, you could disable
some of the rarely used ciphers: whirlpool, twofish, serpent, seed,
tiger.  TLS never needs those algorithms.

> The default build of libgcrypt (1.2MB) is relatively comparable to the size
> of libcrypto (1.3MB) (used with openssl). Hence the effective load time of
> the (similar) programs using both these libraries yeilds better performance
> on openssl.

I think your libgcrypt value should be ~420kb, otherwise you are
comparing stripped libraries with unstripped libraries.

> The sample client timings as observed over itierations (taking into
> account TLB) gives:
>
> ashish at ashish-desktop:~/Atemp/SSLExamples$ time ./gnutls/client
> Finished
>
> real    0m0.294s
> user    0m0.046s
> sys     0m0.092s
> ashish at ashish-desktop:~/Atemp/SSLExamples$ time ./openssl/client
> FINISHED
>
> real    0m0.117s
> user    0m0.004s
> sys     0m0.004s

Thanks for providing these test cases!  I'll see if I can reproduce your
values, and if I can optimize anything.

> The necessary programs are also attached. Both the programs simply connect
> to the same server over the internet and issue same queries. No
> certification check is done in either.
>
> In case I can provide more information on this please let me know.

Connecting to a server over the internet seems somewhat unreliable, but
if you run the tests many times and compare averages it may be OK.

/Simon

More information about the Gnutls-devel mailing list