Topic: Compatibility of CyaSSL library with OpenSSL

Hello,

I am in a process of analyzing CyaSSL library (v1.9.0) over OpenSSL library. Found that CyaSSL library is light weight and consumes less memory footprint as compared to OpenSSL.

However I was not able to find few of the functionalities provided by OpenSSL.
OpenSSL provides thread functions like

- CRYPTO_num_locks
- CRYPTO_set_locking_callback
- CRYPTO_set_id_callback

for the application to register callback functions for providing proper thread synchronization (locking mechanism). Does CyaSSL provide any alternative to the above functions?

Also functionalities like ones listed below are missing:

- RAND_add
- BIO_new_file
- PEM_read_bio_DHparams
- SSL_CTX_set_tmp_dh
- SSLv23_method
- SSL_CTX_set_verify_depth
- load_dh_params


There are few functions which are defined empty as TODO or listed as not implemented as they are not needed in GoAhead.


Does this imply that CyaSSL compatibility with OpenSSL is currently for few functionalities as required in GoAhead or is there some other version that has enhanced compatibility with OpenSSL?

Would appreciate your comments on this.

Thanks,
Deepak

Share

Re: Compatibility of CyaSSL library with OpenSSL

Hi Deepak,

- CRYPTO_num_locks
- CRYPTO_set_locking_callback
- CRYPTO_set_id_callback

We haven't implemented the above 3 functions because they're not needed in CyaSSL (but you can find placeholders for them in ssl.c).  For CyaSSL thread safety, please look at section VI of our "CyaSSL Additional Features" document (http://yassl.com/yaSSL/Docs_CyaSSL_Addi … tures.html).  Unlike OpenSSL, CyaSSL avoids using global data, static data, and the sharing of objects.

- BIO_new_file
- PEM_read_bio_DHparams
- SSL_CTX_set_verify_depth
- load_dh_params

CyaSSL doesn't support the above functions.  RAND_add and setting tmp_dh are handled internally by CyaSSL.

- SSLv23 method

CyaSSL provides SSLv23_client_method() and SSLv23_server_method() to use for this.

CyaSSL's OpenSSL compatibility layer is not fully complete.  Instead we provide a subset of the most commonly-used functions from OpenSSL to allow for ease of porting CyaSSL embedded SSL into existing OpenSSL projects (about 200 out of their 4000 functions).  Very often, even though CyaSSL doesn't have the exact function you might be looking for from OpenSSL, it should have similar functionality.

Our OpenSSL Compatibility layer is expanded as we encounter new porting efforts.  The comments you see about GoAhead are just indications those functions were brought to our attention during that port.

Regards,
Chris