./security/bearssl, Implementation of the SSL/TLS protocol (RFC 5246)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.4, Package name: bearssl-0.4, Maintainer: pkgsrc-users

BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
written in C. It aims at offering the following features:

* Be correct and secure. In particular, insecure protocol versions
and choices of algorithms are not supported, by design;
cryptographic algorithm implementations are constant-time by
default.

* Be small, both in RAM and code footprint. For instance, a minimal
server implementation may fit in about 20 kilobytes of compiled
code and 25 kilobytes of RAM.

* Be highly portable. BearSSL targets not only "big" operating
systems like Linux and Windows, but also small embedded systems
and even special contexts like bootstrap code.

* Be feature-rich and extensible. SSL/TLS has many defined cipher
suites and extensions; BearSSL should implement most of them,
and allow extra algorithm implementations to be added afterwards,
possibly from third parties.

bearssl is considered alpha-quality software, which means that it
runs but it probably has bugs, some of which being certainly
exploitable vulnerabilities.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 3246db6d5949a86b1889c1921ae9496d7b962c47
RMD160: e0f40ea16bfa3fc729407ddb3e176fa4ea8c259e
Filesize: 618.556 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-14 03:14:30 by Alistair G. Crooks | Files touched by this commit (2) | Package updated
Log message:
Update bearssl from version 0.3 to version 0.4

Changes from previous version:

+ New AES and GHASH implementations for POWER8 processors (provides
AES/GCM at more than 2 gigabytes per second!).

+ Improved GHASH implementation with AES-NI opcodes (pclmulqdq).

+ New Poly1305 implementation with 64 -> 128 multiplications,
available on some 64-bit architectures.

+ New "i62" big-integer code with 64 -> 128 multiplications, available
on some 64-bit architectures (RSA is much faster).

+ Some mostly cosmetic patches to support very old systems (BearSSL
now compiles and run on Debian 2.2 "potato" from 2000, with GCC
2.95).
   2017-04-01 19:32:47 by Alistair G. Crooks | Files touched by this commit (1)
Log message:
Install the brssl utility program as an executable, not data
   2017-04-01 19:01:51 by Thomas Klausner | Files touched by this commit (4)
Log message:
Import bearssl-0.3 as security/bearssl.

BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
written in C. It aims at offering the following features:

* Be correct and secure. In particular, insecure protocol versions
  and choices of algorithms are not supported, by design;
  cryptographic algorithm implementations are constant-time by
  default.

* Be small, both in RAM and code footprint. For instance, a minimal
  server implementation may fit in about 20 kilobytes of compiled
  code and 25 kilobytes of RAM.

* Be highly portable. BearSSL targets not only "big" operating
  systems like Linux and Windows, but also small embedded systems
  and even special contexts like bootstrap code.

* Be feature-rich and extensible. SSL/TLS has many defined cipher
  suites and extensions; BearSSL should implement most of them,
  and allow extra algorithm implementations to be added afterwards,
  possibly from third parties.

bearssl is considered alpha-quality software, which means that it
runs but it probably has bugs, some of which being certainly
exploitable vulnerabilities.