Sign In | Register

Committed to Code

XySSL

General
Development
Community
Edit

XySSL is an open-source cryptographic library for embedded systems. It provides standard crypto block: AES, SHA-1, X.509, etc. as well as higher lever protocols: SSL v3 and TLS v1. XySSL has been ported on a number of architectures, including ARM, PowerPC, MIPS, and Motorola 68000. Its already small memory footprint can be easily reduced to 50k for a basic SSL client or server, by modifying a single .h configuration file. XySSL is currently used in several open-source (GPL) and closed-source projects, such as Adobe's flash player.

[UPDATE 2008-12-31] As of now, XySSL is no longer maintained by Christophe Devine. The current project manager is Paul Bakker, and the new site can be accessed at: http://polarssl.org/

This project is managed by Christophe Devine.

Project Tags Tagged as md5 base64 x509 authentication sha-1 cross-platform gpl sha-256 des security bsd portable cryptography 3des embedded library crypto tls aes ssl privacy rsa

Code Analysis

News

XySSL 0.9 released

Posted about 4 years ago

From the changelog:
* Added support for ciphersuite: SSL_RSA_AES_128_SHA
* Enabled support for large files by default in aescrypt2.c
* Preliminary openssl wrapper contributed by David Barrett
* Fixed a bug in ssl_write() that ... [More] caused the same payload to
be sent twice in non-blocking mode when send returns EAGAIN
* Fixed ssl_parse_client_hello(): session id and challenge must
not be swapped in the SSLv2 ClientHello (found by Greg Robson)
* Added user-defined callback debug function (Krystian Kolodziej)
* Before freeing a certificate, properly zero out all cert. data
* Fixed the "mode" parameter so that encryption/decryption are
not swapped on PadLock; also fixed compilation on older versions
of gcc (bug reported by David Barrett)
* Correctly handle the case in padlock_xcryptcbc() when input or
ouput data is non-aligned by falling back to the software
implementation, as VIA Nehemiah cannot handle non-aligned buffers
* Fixed a memory leak in x509parse_crt() which was reported by Greg
Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to
Matthew Page who reported several bugs
* Fixed x509_get_ext() to accept some rare certificates which have
an INTEGER instead of a BOOLEAN for BasicConstraints::cA.
* Added support on the client side for the TLS "hostname" extension
(patch contributed by David Patino)
* Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty
string is passed as the CN (bug reported by spoofy)
* Added an option to enable/disable the BN assembly code
* Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1)
* Disabled obsolete hash functions by default (MD2, MD4); updated
selftest and benchmark to not test ciphers that have been disabled
* Updated x509parse_cert_info() to correctly display byte 0 of the
serial number, setup correct server port in the ssl client example
* Fixed a critical denial-of-service with X.509 cert. verification:
peer may cause xyssl to loop indefinitely by sending a certificate
for which the RSA signature check fails (bug reported by Benoit)
* Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC,
HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512
* Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin)
* Modified ssl_parse_client_key_exchange() to protect against
Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well
as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack
* Updated rsa_gen_key() so that ctx->N is always nbits in size
* Fixed assembly PPC compilation errors on Mac OS X, thanks to
David Barrett and Dusan Semen
Download links:
xyssl-0.9-gpl.tgz |
xyssl-0.9-bsd.tgz [Less]

February '08 update

Posted over 4 years ago

I'm glad to announce that after a couple months of non-activity, development has now resumed. At this point changes will mostly consist of bug fixes, with the release of xyssl-0.9 targeted at the end of the month.

Mailing-list update, new subversion server

Posted over 4 years ago

The mailing list is currently down, as the main database was lost;
regretably it was not included in the rsync backup. It is recommended
to use the forum instead, for the time being.

In other news, an SVN server has been set up. It can be accessed from:

http://xyssl.org/code/svn/

XySSL 0.8 released

Posted over 4 years ago

From the changelog:
* Modified the HMAC functions to handle keys larger
than 64 bytes, thanks to Stephane Desneux and gary ng
* Fixed ssl_read_record() to properly update the handshake
message digests, which fixes IE6/IE7 ... [More] client authentication
* Cleaned up the XYSSL* #defines, suggested by Azriel Fasten
* Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan
* Added user-defined callbacks for handling I/O and sessions
* Added lots of debugging output in the SSL/TLS functions
* Added preliminary X.509 cert. writing by Pascal Vizeli
* Added preliminary support for the VIA PadLock routines
* Added AES-CFB mode of operation, contributed by chmike
* Added an SSL/TLS stress testing program (ssl_test.c)
* Updated the RSA PKCS#1 code to allow choosing between
RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett
* Updated ssl_read() to skip 0-length records from OpenSSL
* Fixed the make install target to comply with *BSD make
* Fixed a bug in mpi_read_binary() on 64-bit platforms
* mpi_is_prime() speedups, thanks to Kevin McLaughlin
* Fixed a long standing memory leak in mpi_is_prime()
* Replaced realloc with malloc in mpi_grow(), and set
the sign of zero as positive in mpi_init() (reported
by Jonathan M. McCune)
Download links:
xyssl-0.8-lgpl.tgz |
xyssl-0.8-bsd.tgz [Less]

New offsite site backups

Posted over 4 years ago

Thanks to rsync.net, a complete backup
of both xyssl.org and libtom.org has been setup. This will help ensure
that the sites can be brought back online quickly, in case a server crash
happens again
(better safe than sorry).

Read all XySSL articles…

Edit RSS feeds.

Ohloh Analysis Summary

Updated about 4 years ago

View All Possible Factoids

World Activity Map

World Map

Project Links

Homepage
xyssl.org | Edit
Download
xyssl.org | Edit
Forums
xyssl.org | Edit
Documentation
See All Documentation Links
Licensed Under
GNU General Public License v2.0 or later and New BSD License | Edit

Related Projects by Tags

Crypto++

CyaSSL

PolarSSL

pyOpenSSL

TropicSSL