./security/bearssl, Implementation of the SSL/TLS protocol (RFC 5246)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.5, Package name: bearssl-0.5, Maintainer: pkgsrc-users

BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
written in C. It aims at offering the following features:

* Be correct and secure. In particular, insecure protocol versions
and choices of algorithms are not supported, by design;
cryptographic algorithm implementations are constant-time by
default.

* Be small, both in RAM and code footprint. For instance, a minimal
server implementation may fit in about 20 kilobytes of compiled
code and 25 kilobytes of RAM.

* Be highly portable. BearSSL targets not only "big" operating
systems like Linux and Windows, but also small embedded systems
and even special contexts like bootstrap code.

* Be feature-rich and extensible. SSL/TLS has many defined cipher
suites and extensions; BearSSL should implement most of them,
and allow extra algorithm implementations to be added afterwards,
possibly from third parties.

bearssl is considered alpha-quality software, which means that it
runs but it probably has bugs, some of which being certainly
exploitable vulnerabilities.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: c2c202803454c35a4a271d9f5e518295b8d76e01
RMD160: 5974baced77d83aace5a5eea31a3810d93a26e28
Filesize: 651.274 KB

Version history: (Expand)


CVS history: (Expand)


   2018-02-07 12:52:56 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
bearssl: update to 0.5. From Charlotte Koch.

Added support for the BoarSSL / Twrch test framework.
Header files now include the ritual mantras that make them compatible with C++.
Better Makefile behaviour with Clang (FreeBSD compatibility).
Worked around a bug of GCC 4.8 and 4.9 in 32-bit x86 mode.
Incoming application data after initiating closure is now properly ignored.
Some instances of (critical) Certificate Policies extensions are now ignored \ 
(when it is safe to do so).
Fixed some behavioural bugs with regards to renegotiation (all were failing safe).
Added encoded OID for hash functions in the public API, to help with using RSA \ 
signatures in non-SSL contexts.
Fixed bug in AES/CBC decryption on x86 with AES-NI opcode (this was breaking \ 
decryption with AES/CBC cipher suites and TLS 1.0 only).
Added an explicit stack buffer initialisation (some provably harmless accesses \ 
to uninitialised data were performed, Valgrind was not happy).
Fixed bug in the search tree for the cache of SSL sessions (occasional lock-ups).
Fixed bug in modular reduction in the special field for P-256 (this was \ 
infrequently breaking ECDSA signatures).
Added support for exporting keying material (RFC 5705).
Added new general-purpose API for AEAD implementations (in non-SSL contexts) and \ 
an AES/GCM implementation that follows that API.
Added a function to forget saved session parameter in the LRU cache.
Added a new ChaCha20 implementation that uses SSE2 on x86 architectures (both \ 
32-bit and 64-bit).
   2017-09-23 00:00:57 by Sebastian Wiedenroth | Files touched by this commit (3)
Log message:
bearssl: fix build on SunOS

Needs to link -lsocket -lnsl
   2017-06-14 03:14:30 by Alistair G. Crooks | Files touched by this commit (2) | Package updated
Log message:
Update bearssl from version 0.3 to version 0.4

Changes from previous version:

+ New AES and GHASH implementations for POWER8 processors (provides
AES/GCM at more than 2 gigabytes per second!).

+ Improved GHASH implementation with AES-NI opcodes (pclmulqdq).

+ New Poly1305 implementation with 64 -> 128 multiplications,
available on some 64-bit architectures.

+ New "i62" big-integer code with 64 -> 128 multiplications, available
on some 64-bit architectures (RSA is much faster).

+ Some mostly cosmetic patches to support very old systems (BearSSL
now compiles and run on Debian 2.2 "potato" from 2000, with GCC
2.95).
   2017-04-01 19:32:47 by Alistair G. Crooks | Files touched by this commit (1)
Log message:
Install the brssl utility program as an executable, not data
   2017-04-01 19:01:51 by Thomas Klausner | Files touched by this commit (4)
Log message:
Import bearssl-0.3 as security/bearssl.

BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
written in C. It aims at offering the following features:

* Be correct and secure. In particular, insecure protocol versions
  and choices of algorithms are not supported, by design;
  cryptographic algorithm implementations are constant-time by
  default.

* Be small, both in RAM and code footprint. For instance, a minimal
  server implementation may fit in about 20 kilobytes of compiled
  code and 25 kilobytes of RAM.

* Be highly portable. BearSSL targets not only "big" operating
  systems like Linux and Windows, but also small embedded systems
  and even special contexts like bootstrap code.

* Be feature-rich and extensible. SSL/TLS has many defined cipher
  suites and extensions; BearSSL should implement most of them,
  and allow extra algorithm implementations to be added afterwards,
  possibly from third parties.

bearssl is considered alpha-quality software, which means that it
runs but it probably has bugs, some of which being certainly
exploitable vulnerabilities.