CyaSSL
Encyclopedia
CyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source
, implementation of SSL (SSL 3, TLS 1.0, 1.1, and TLS 1.2) built in the C language
. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including those defined by SSL and TLS
. CyaSSL also includes an OpenSSL
compatibility interface with the most commonly used OpenSSL functions.
, Linux
, Mac OS X
, Solaris, FreeBSD
, NetBSD
, OpenBSD
, embedded linux
, Haiku, OpenWrt
, iPhone
, Android, Nintendo Wii
and Gamecube
through DevKitPro support, QNX
, VxWorks
, MontaVista
, ThreadX
, Tron
variants, NonStop
, OpenCL
, Micrium's MicroC/OS-II
, and FreeRTOS
.
, the world's most popular open source database. Through bundling with MySQL, yaSSL has achieved extremely high distribution volumes in the millions.
Today CyaSSL is used in both open source and commercial projects. CyaSSL is included in many types of network devices such as smart devices on automobiles, IP phones, mobile phones, routers, printers, and credit card scanners.
, 3DES, ARC4, HC-128, MD2
, MD4
, MD5
, SHA-1, SHA-2
, RIPEMD-160, DSS
, Diffie-Hellman, Random Number Generation, Large Integer support, and base 16/64 encoding/decoding. An experimental cipher called Rabbit
, a public domain stream cipher from the EU's eSTREAM project, is also included. Rabbit is potentially useful to those encrypting streaming media in high performance, high demand environments. Support for a FIPS validated crypto module is provided by CryptoPP, below.
can also be used to handle cryptography and crypto related details. RSA, DES
, 3DES, ARC4, MD5
, SHA-1, and DSS
are currently used by CyaSSL, as well as Crypto++'s cryptographically secure random number generator, large Integer support, and base64 encoding/decoding. Crypto++ includes a precompiled FIPS 140-2 level one crypto module (for Windows) that may be used as well.
public key encryption. The addition of NTRU in CyaSSL+ was a result of the partnership between yaSSL and Security Innovations. NTRU works well in mobile and embedded environments due to the reduced bit size needed to provide the same security as other public key systems. In addition, it's not vulnerable to quantum attacks. Several cipher suites utilizing NTRU are available with CyaSSL+ including AES-256, RC4, and HC-128.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
, implementation of SSL (SSL 3, TLS 1.0, 1.1, and TLS 1.2) built in the C language
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including those defined by SSL and TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
. CyaSSL also includes an OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
compatibility interface with the most commonly used OpenSSL functions.
Platforms
CyaSSL is currently available for Win32/64Windows API
The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces available in the Microsoft Windows operating systems. It was formerly called the Win32 API; however, the name "Windows API" more accurately reflects its roots in 16-bit Windows and its support on...
, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, Solaris, FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
, NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
, OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
, embedded linux
Embedded Linux
Embedded Linux is the use of Linux in embedded computer systems such as mobile phones, personal digital assistants, media players, set-top boxes, and other consumer electronics devices, networking equipment, machine control, industrial automation, navigation equipment and medical instruments...
, Haiku, OpenWrt
OpenWrt
OpenWrt is a Linux distribution primarily targeted at routing on embedded devices. It comprises a set of about 2000 software packages, installed and uninstalled via the opkg package management system. OpenWrt can be configured using the command-line interface of BusyBox ash, or the web interface...
, iPhone
IPhone
The iPhone is a line of Internet and multimedia-enabled smartphones marketed by Apple Inc. The first iPhone was unveiled by Steve Jobs, then CEO of Apple, on January 9, 2007, and released on June 29, 2007...
, Android, Nintendo Wii
Wii
The Wii is a home video game console released by Nintendo on November 19, 2006. As a seventh-generation console, the Wii primarily competes with Microsoft's Xbox 360 and Sony's PlayStation 3. Nintendo states that its console targets a broader demographic than that of the two others...
and Gamecube
Nintendo GameCube
The , officially abbreviated to NGC in Japan and GCN in other regions, is a sixth generation video game console released by Nintendo on September 15, 2001 in Japan, November 18, 2001 in North America, May 3, 2002 in Europe, and May 17, 2002 in Australia...
through DevKitPro support, QNX
QNX
QNX is a commercial Unix-like real-time operating system, aimed primarily at the embedded systems market. The product was originally developed by Canadian company, QNX Software Systems, which was later acquired by Canadian BlackBerry-producer Research In Motion.-Description:As a microkernel-based...
, VxWorks
VxWorks
VxWorks is a real-time operating system developed as proprietary software by Wind River Systems of Alameda, California, USA. First released in 1987, VxWorks is designed for use in embedded systems.- History :...
, MontaVista
MontaVista
MontaVista Software is a software developer that develops embedded Linux system software, development tools, and related software. Its products are targeted at other corporations developing embedded systems such as automotive electronics, communications equipment, mobile phones, and other...
, ThreadX
ThreadX
ThreadX, developed and marketed by Express Logic, Inc. of San Diego, California, USA, is a real-time operating system . Similar RTOSes are available from other vendors such as VxWorks, Nucleus RTOS, OSE, QNX, LynxOS, etc...
, Tron
TRON Project
TRON is an open real-time operating system kernel design, and is an acronym for "The Real-time Operating system Nucleus". The project was started by Prof. Dr. Ken Sakamura of the University of Tokyo in 1984...
variants, NonStop
NonStop
NonStop can refer to the line of HP Integrity NonStop computers, the line of Tandem NonStop computers that preceded them, or the NonStop OS operating system that is designed for them. NonStop systems are based on an integrated hardware/software stack...
, OpenCL
OpenCL
OpenCL is a framework for writing programs that execute across heterogeneous platforms consisting of CPUs, GPUs, and other processors. OpenCL includes a language for writing kernels , plus APIs that are used to define and then control the platforms...
, Micrium's MicroC/OS-II
MicroC/OS-II
MicroC/OS-II , is a low-cost priority-based pre-emptive real-time multitasking operating system kernel for microprocessors, written mainly in the C programming language...
, and FreeRTOS
FreeRTOS
FreeRTOS is a real-time operating system for embedded devices, being ported to several microcontrollers. It is distributed under the GPL with an optional exception...
.
History
The first major user of CyaSSL/yaSSL was MySQLMySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, the world's most popular open source database. Through bundling with MySQL, yaSSL has achieved extremely high distribution volumes in the millions.
Today CyaSSL is used in both open source and commercial projects. CyaSSL is included in many types of network devices such as smart devices on automobiles, IP phones, mobile phones, routers, printers, and credit card scanners.
Protocols
CyaSSL for embedded SSL implements the SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2 protocols.CTaoCrypt
By default, CyaSSL uses the cryptographic services provided by CTaoCrypt which is based in part on Crypto++ (see below). CTaoCrypt strives to be more portable while only providing the functionality necessary for SSL type needs. CTaoCrypt Provides RSA, DESDES
-Computing:* Data Encryption Standard* DirectShow Editing Services, an Application Programming Interface-Medical:* Diethylstilbestrol, a synthetic estrogen and the origin of the phrase "DES daughter"* DES gene, which encodes the Desmin protein...
, 3DES, ARC4, HC-128, MD2
MD2
The MD2 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers. MD2 is specified in RFC 1319...
, MD4
MD4
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms....
, MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, SHA-1, SHA-2
SHA-2
In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
, RIPEMD-160, DSS
DSS
DSS can refer to:Government and politics* Diplomatic Security Service, an agency in the U.S. Department of State* Defense Security Service, an agency in the U.S. Department of Defense...
, Diffie-Hellman, Random Number Generation, Large Integer support, and base 16/64 encoding/decoding. An experimental cipher called Rabbit
Rabbit (cipher)
Rabbit is a high-speed stream cipher first presented in February 2003 at the 10th FSE workshop. In May 2005, it was submitted to the eSTREAM project of the ECRYPT network....
, a public domain stream cipher from the EU's eSTREAM project, is also included. Rabbit is potentially useful to those encrypting streaming media in high performance, high demand environments. Support for a FIPS validated crypto module is provided by CryptoPP, below.
Crypto++
Crypto++Crypto++
Crypto++ is a free and open source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open source and non-commercial projects, as well as businesses...
can also be used to handle cryptography and crypto related details. RSA, DES
DES
-Computing:* Data Encryption Standard* DirectShow Editing Services, an Application Programming Interface-Medical:* Diethylstilbestrol, a synthetic estrogen and the origin of the phrase "DES daughter"* DES gene, which encodes the Desmin protein...
, 3DES, ARC4, MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, SHA-1, and DSS
DSS
DSS can refer to:Government and politics* Diplomatic Security Service, an agency in the U.S. Department of State* Defense Security Service, an agency in the U.S. Department of Defense...
are currently used by CyaSSL, as well as Crypto++'s cryptographically secure random number generator, large Integer support, and base64 encoding/decoding. Crypto++ includes a precompiled FIPS 140-2 level one crypto module (for Windows) that may be used as well.
NTRU
CyaSSL+ includes NTRUNTRUEncrypt
The NTRUEncrypt public key cryptosystem, also known as the NTRU encryption algorithm, is a lattice-based alternative to RSA and ECC and is based on the shortest vector problem in a lattice...
public key encryption. The addition of NTRU in CyaSSL+ was a result of the partnership between yaSSL and Security Innovations. NTRU works well in mobile and embedded environments due to the reduced bit size needed to provide the same security as other public key systems. In addition, it's not vulnerable to quantum attacks. Several cipher suites utilizing NTRU are available with CyaSSL+ including AES-256, RC4, and HC-128.
Product history
Milestones in CyaSSL development include:- CyaSSL version 2.0.0rc3 was released on September 28, 2011
- CyaSSL version 2.0.0rc2 was released on June 6, 2011
- CyaSSL version 2.0.0rc1 was released on May 2, 2011
- CyaSSL version 1.9.0 was released on March 2, 2011
- CyaSSL version 1.8.0 was released on December 23, 2010
- CyaSSL version 1.6.0 was released on August 27, 2010.
- CyaSSL version 1.5.0 was released on May 11, 2010.
- CyaSSL version 1.4.0 was released on February 18, 2010.
- CyaSSL version 1.3.0 was released on January 21, 2010.
- CyaSSL version 1.2.0 was released on November 2, 2009.
- CyaSSL version 1.1.0 was released on September 2, 2009.
- CyaSSL version 1.0.6 was released on August 3, 2009.
- CyaSSL version 1.0.3 was released on May 10, 2009.
- CyaSSL version 1.0.2 was released on April 2, 2009.
- CyaSSL version rc3-1.0.0 was released on February 25, 2009.
- CyaSSL version rc2-1.0.0 was released on January 21, 2009.
- CyaSSL version rc1-1.0.0 was released on December 17, 2008.
See also
- Transport Layer SecurityTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
- Comparison of TLS ImplementationsComparison of TLS ImplementationsThe Transport Layer Security protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software and sometimes choosing between the available implementations can be tough...
- GnuTLSGnuTLSGnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of...
- Network Security ServicesNetwork Security ServicesIn computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME...
- MatrixSSLMatrixSSLMatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms....
- OpenSSLOpenSSLOpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
- PolarSSLPolarSSLPolarSSL is a dual licensed implementation of the SSL and TLS protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses...