Smaller SSL/TLS
BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features:
* Be correct and secure. In particular, insecure protocol versions and choices of algorithms
are not supported, by design; cryptographic algorithm implementations are constant-time
by default.
* Be small, both in RAM and code footprint. For instance, a minimal server implementation
may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM.
* Be highly portable. BearSSL targets not only “big” operating systems like Linux and
Windows, but also small embedded systems and even special contexts like bootstrap code.
* Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions;
BearSSL should implement most of them, and allow extra algorithm implementations to be
added afterwards, possibly from third parties.
- Sources inherited from project security
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:redwil:15.4/bearssl && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
bearssl-0.6.tar.gz | 0000765094 747 KB | |
bearssl-compile_flags.patch | 0000000336 336 Bytes | |
bearssl.changes | 0000006972 6.81 KB | |
bearssl.spec | 0000003644 3.56 KB |
Revision 6 (latest revision is 7)
- Update to version 0.6 * Added general-purpose implementations of EAX and CCM modes (including shared precomputation support for EAX). * Added general-purpose RSA/OAEP implementation. * Added general-purpose HKDF implementation. * Added support for CCM and CCM_8 TLS cipher suites (RFC 6655 and RFC 7251). * Added RSA and EC key generation. * Added private key encoding support (“raw” and PKCS#8 formats, both in DER and PEM, for RSA and EC key pairs). * Made Base64 encoding/decoding constant-time (with regards to the encoded data bytes). * Added a generic API for random seed providers. * Added an extra DRBG based on AES/CTR + Hirose construction for reseeding. * Some cosmetic fixes to avoid warnings with picky compilers. * Makefile fix to achieve compatibility with OpenBSD. * Fixed a bug in bit length computation for big integers (this was breaking RSA signatures with some specific implementations and key lengths). * Made SSL/TLS client stricter in cipher suite selection (to align with server behaviour). - Refreshed bearssl-compile_flags.patch
Comments 0