bearssl-devel - Development files for bearssl
||Development/Libraries/C and C++
BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written
in C. It aims at offering the following features:
* Be correct and secure. In particular, insecure protocol versions and
choices of algorithms are not supported, by design; cryptographic
algorithm implementations are constant-time by default.
* Be small, both in RAM and code footprint. For instance, a minimal
server implementation may fit in about 20 kilobytes of compiled code
and 25 kilobytes of RAM.
* Be highly portable. BearSSL targets not only “big” operating systems
like Linux and Windows, but also small embedded systems and even
special contexts like bootstrap code.
* Be feature-rich and extensible. SSL/TLS has many defined cipher
suites and extensions; BearSSL should implement most of them, and
allow extra algorithm implementations to be added afterwards,
possibly from third parties.
- Add the Security repository:
# zypper addrepo http://widehat.opensuse.org/opensuse/repositories/security/openSUSE_Tumbleweed/ security
- Install bearssl-devel rpm package:
# zypper install bearssl-devel
2018-08-15 - firstname.lastname@example.org
- Update to version 0.6
* Added general-purpose implementations of EAX and CCM modes
(including shared precomputation support for EAX).
* Added general-purpose RSA/OAEP implementation.
* Added general-purpose HKDF implementation.
* Added support for CCM and CCM_8 TLS cipher suites (RFC 6655
and RFC 7251).
* Added RSA and EC key generation.
* Added private key encoding support (?raw? and PKCS#8
formats, both in DER and PEM, for RSA and EC key pairs).
* Made Base64 encoding/decoding constant-time (with regards to
the encoded data bytes).
* Added a generic API for random seed providers.
* Added an extra DRBG based on AES/CTR + Hirose construction
* Some cosmetic fixes to avoid warnings with picky compilers.
* Makefile fix to achieve compatibility with OpenBSD.
* Fixed a bug in bit length computation for big integers (this
was breaking RSA signatures with some specific implementations
and key lengths).
* Made SSL/TLS client stricter in cipher suite selection (to
align with server behaviour).
- Refreshed bearssl-compile_flags.patch
2017-08-16 - email@example.com
- Update to version 0.5
* Added support for the BoarSSL / Twrch test framework.
* Header files now include the ritual mantras that make them
compatible with C++.
* Better Makefile behaviour with Clang (FreeBSD compatibility).
* Worked around a bug of GCC 4.8 and 4.9 in 32-bit x86 mode.
* Incoming application data after initiating closure is now
* Some instances of (critical) Certificate Policies extensions
are now ignored (when it is safe to do so).
* Fixed some behavioural bugs with regards to renegotiation
(all were failing safe).
* Added encoded OID for hash functions in the public API, to
help with using RSA signatures in non-SSL contexts.
* Fixed bug in AES/CBC decryption on x86 with AES-NI opcode
(this was breaking decryption with AES/CBC cipher suites and
TLS 1.0 only).
* Added an explicit stack buffer initialisation (some provably
harmless accesses to uninitialised data were performed,
Valgrind was not happy).
* Fixed bug in the search tree for the cache of SSL sessions
* Fixed bug in modular reduction in the special field for
P-256 (this was infrequently breaking ECDSA signatures).
* Added support for exporting keying material (RFC 5705).
* Added new general-purpose API for AEAD implementations (in
non-SSL contexts) and an AES/GCM implementation that follows
* Added a function to forget saved session parameter in the
* Added a new ChaCha20 implementation that uses SSE2 on x86
architectures (both 32-bit and 64-bit).
2017-04-13 - firstname.lastname@example.org
- Update to version 0.4
* New AES and GHASH implementations for POWER8 processors
(provides AES/GCM at more than 2 gigabytes per second!).
* Improved GHASH implementation with AES-NI opcodes
* New Poly1305 implementation with 64?128 multiplications,
available on some 64-bit architectures.
* New ?i62? big-integer code with 64?128 multiplications,
available on some 64-bit architectures (RSA is much faster).
* Some mostly cosmetic patches to support very old systems
(BearSSL now compiles and run on Debian 2.2 ?potato? from
2000, with GCC 2.95).