[erlang-patches] SSL: export some session key material and make the TLS PRF accessible
Ingela Anderton Andin
ingela@REDACTED
Thu Feb 23 12:32:59 CET 2012
Hi!
I looked into this a bit and I would prefer not to have have a function
that exports security parameters as this is not really desirable and also
kind of unnecessary as you send them back to the SSL/TLS-gen-fsm process.
I think there should be a function prf
-type security_parm_name() :: master_secret | client_random | server_random
prf(tls_version(), Secret::binary() | security_param_name(), Label::binary(),
Seed:: [binary()| security_parm_name()], WantedLen::non_neg_integer()) -> {ok, binary()} | {error, reason()}
Then the erlang SSL/TLS-fsm process will replace all
security_param_name-instances with the value of the corresponding
security parameter
before calling the prf-function.
I think there is no need for an {'EXIT, term()} return if necessary to
catch something {error, Reason} is sufficient and the Reason can provide the
information it was a caught EXIT if that could be interesting in that
particular case, it is not always for example consider the following catch
connect(Host, Port, Socket, Options, User, CbInfo, Timeout) ->
try start_fsm(client, Host, Port, Socket, Options, User, CbInfo,
Timeout)
catch
exit:{noproc, _} ->
{error, ssl_not_started}
end.
Regards Ingela Erlang/OTP team Ericsson AB
Andreas Schultz wrote:
> Hi,
>
> Please fetch:
>
> git fetch git://github.com/RoadRunnr/otp.git tls-export-stuff
>
> Export some session key material and make the TLS PRF accessible
>
> Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as
> transport layer need to generate additional application specific
> key material. One way to generate such material is to use the TLS
> PRF and key material from the TLS session itself.
>
> This change adds a function to access the required key material and
> makes a TLS session PRF accessible.
>
> https://github.com/RoadRunnr/otp/compare/tls-export-stuff
> https://github.com/RoadRunnr/otp/compare/tls-export-stuff.patch
>
> Regards
> Andreas
>
>
More information about the erlang-patches
mailing list