How To Contribute

Suggestions, comments, patches and other contributions are welcome. They should simply be sent to me (pornin@bolet.org) by email. Here are some basic rules about contributions:

  • I have strong notions of unity and harmony of software. This means that I will rewrite any patch suggestion, if only to keep the coding style consistent, or to better match long-term goals that I have not made explicit.

  • If I reject a suggestion, I will normally explain why, though I cannot promise that the explanation will be convincing. Even rejected suggestions have value, since they force me to put the underlying concepts into words.

  • Resulting code uses the MIT license, listing me (and only me) as the author. I will still list contributors in the section below.

Most needed contributions at this point are audits and tests: read the code, use it, torture it, try to crash it, and report. Remember that one of the goals is that the source code should be usable as a teaching instrument, so lack of internal comments is to be treated as a bug.

Acknowledgements

Since BearSSL was first published, various people gave some of their time to make it a better library. I want to express my gratitude in their efforts to help BearSSL reach its goals.

A special mention goes to Miha Petelin (@TildalWave), who made the Web site graphical design, logo, colour choices and HTML/CSS styling.

David Edelsohn (IBM) and the Oregon State University provided access to a couple of VM using the POWER8 architecture, thereby allowing the development of cryptographic implementations that leverage the specific opcodes of these processors.

The following individuals contributed in various ways; they are listed in alphabetical order: Alfred Agrell, Laurent Bercot, Daniel J. Bernstein, Ori Bernstein, David Freitag, Doug Hogan, Tim Hudson, Szymon Kitowski, Tanja Lange, Mike Edward Moras, Quentin Rameau, Zeev Tarantov, Antony Vennard, David Wong.

One especially tricky (and nasty) bug was found by libFuzzer, and, impressively, this was found with purely automatic fuzzing.

(I expect – and hope – that this list will grow over time, and I probably already forgot some people, so if you feel that your name should be included, don’t hesitate to drop me an email.)