Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →
Top 23 C Encryption Projects
-
Project mention: Okta Bcrypt incident lessons for designing better APIs | news.ycombinator.com | 2025-02-05
In Node, you would commonly reach for the builtin core "node:crypto" module to run cryptographic functionality like this. I wondered why that wasn't used here, but bcryptjs was. After digging into it a little, node doesn't ship with core support for bcrypt, because it's not supported by OpenSSL.
The node crypto module is essentially an API that offloads crypto work to OpenSSL. If we dig into OpenSSL, they won't support bcrypt. Bcrypt won't be supported by OpenSSL because of reasons to do with standardisation. https://github.com/openssl/openssl/issues/5323
Since bcrypt is not a "standardised" algorithm, it makes me wonder why Okta used it, at all?
I remember in uni studying cryptography for application development and even then, back in 2013, it was used and recommended, but not standardised. it says a lot that 12 years on it still hasn't been.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Project mention: VeraCrypt: Disk encryption with strong security based on TrueCrypt | news.ycombinator.com | 2024-10-31
-
-
Project mention: OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011 | news.ycombinator.com | 2024-07-30
I started writing s2n the day after Heartbleed and the first lines of code were for the stuffer interface. A stuffer is a buffer for stuff, and it's like Java buffered I/O for C. You can get a flavor from reading the header: https://github.com/aws/s2n-tls/blob/main/stuffer/s2n_stuffer...
The implementation is incredibly simple. Treat all blocks of memory as blob with a known size and then read/write into those blobs with a cursor to track progress and bounds checks on every access. Fence all serialization/deserialization through a safe low level interface. Not only do you get memory safety (which we later proved using formal reasoning) ... but when you're parsing message formats it lends itself to a declarative coding style that makes it very clear what the structure is. You can also do lifecycle things, like erasing sensitive memory with zeroes when you're done with it, making sure things don't show up in core dumps, etc. BoringSSL introduced a Crypto_bytes API that also did some of this plus bounds checking, and retrofit it into OpenSSL.
OpenSSL on the other hand is a horrific mash up of raw pointer arithmetic, ad-hoc parsers interleaved with business logic and control flow. I could never keep it straight, and it always scared me to review.
-
wolfssl
The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
Project mention: Embedded TLS Library for Applications, Devices, and the Cloud | news.ycombinator.com | 2024-12-29 -
I would create a mesh wifi. (similar https://reticulum.network/, tox https://github.com/TokTok/c-toxcore etc)
-
Themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
magma
The magma server daemon, is an encrypted email system with support for SMTP, POP, IMAP, HTTP and MOLTEN,. Additional support for DMTP and DMAP is currently in active development. (by lavabit)
-
LibTomCrypt
LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
-
-
-
Cronos
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners. (by Idov31)
-
-
-
-
-
-
-
-
-
disco-c
A tiny C cryptographic library to encrypt sessions, authenticate messages, sign, hash, etc. based only on SHA-3 and Curve25519
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
C Encryption discussion
C Encryption related posts
-
Okta Bcrypt incident lessons for designing better APIs
-
The QUIC API OpenSSL will not provide
-
Encryption: ciphers, digests, salt, IV
-
Where Is HTTP/3?
-
VeraCrypt: Disk encryption with strong security based on TrueCrypt
-
OpenSSL 3.4.0
-
Improve post-2038 compatibility of time_t usage
-
A note from our sponsor - CodeRabbit
coderabbit.ai | 8 Feb 2025
Index
What are some of the best open-source Encryption projects in C? This list will help you:
# | Project | Stars |
---|---|---|
1 | OpenSSL | 26,565 |
2 | VeraCrypt | 7,233 |
3 | GmSSL | 5,361 |
4 | s2n | 4,560 |
5 | wolfssl | 2,396 |
6 | c-toxcore | 2,334 |
7 | Themis | 1,889 |
8 | magma | 1,817 |
9 | LibTomCrypt | 1,617 |
10 | Minizip-ng | 1,280 |
11 | enchive | 632 |
12 | Cronos | 565 |
13 | pgsodium | 563 |
14 | libdime | 413 |
15 | sqleet | 379 |
16 | lurch | 289 |
17 | VeraCrypt-DCS | 138 |
18 | mkinitcpio-ykfde | 110 |
19 | libcrux | 99 |
20 | CatCrypto | 70 |
21 | disco-c | 66 |
22 | libsodium-signcryption | 62 |
23 | rvault | 35 |