[erlang-patches] SSL: export some session key material and make the TLS PRF accessible

Ingela Anderton Andin <>
Thu Feb 23 12:32:59 CET 2012


I looked into this a bit and I would prefer not to have have a function 
that exports security parameters as this is not really desirable and also
kind of unnecessary as you send them back to the SSL/TLS-gen-fsm process.

I think there should be a function prf

-type security_parm_name() :: master_secret | client_random | server_random

prf(tls_version(), Secret::binary() | security_param_name(), Label::binary(), 
    Seed:: [binary()| security_parm_name()], WantedLen::non_neg_integer()) -> {ok, binary()} | {error, reason()} 

Then the erlang SSL/TLS-fsm process will replace all 
security_param_name-instances with the value of the corresponding 
security parameter
before calling the prf-function. 

I think there is no need for an {'EXIT, term()} return  if necessary to 
catch something {error, Reason} is sufficient and the Reason can provide the
information it was a caught EXIT if that could be interesting in that 
particular case, it is not always  for example consider the following catch

connect(Host, Port, Socket, Options, User, CbInfo, Timeout) ->
    try start_fsm(client, Host, Port, Socket, Options, User, CbInfo,
    exit:{noproc, _} ->
        {error, ssl_not_started}

Regards Ingela  Erlang/OTP team Ericsson AB

Andreas Schultz wrote:
> Hi,
> Please fetch:
>   git fetch git://github.com/RoadRunnr/otp.git tls-export-stuff
> Export some session key material and make the TLS PRF accessible
> Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as
> transport layer need to generate additional application specific
> key material. One way to generate such material is to use the TLS
> PRF and key material from the TLS session itself.
> This change adds a function to access the required key material and
> makes a TLS session PRF accessible.
> https://github.com/RoadRunnr/otp/compare/tls-export-stuff
> https://github.com/RoadRunnr/otp/compare/tls-export-stuff.patch
> Regards
> Andreas

More information about the erlang-patches mailing list