[erlang-patches] TLS: add PSK and SRP cipher suites

Henrik Nord <>
Fri Oct 12 11:38:02 CEST 2012


refetching

On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> Hi Henrik,
>
> When I rebased my changes to the current master, a change crept in that
> shouldn't have:
>
> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
>
> I have removed it from my tree and pushed it.
>
> Andreas
>
> ----- Original Message -----
>> Thanks, I will refetch!
>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>> Hi,
>>>
>>> I have pushed a change that should fix the compile error. The
>>> buffer has
>>> a fixed length now.
>>>
>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
>>>
>>> Andreas
>>>
>>> ----- Original Message -----
>>>> Does not compile on Windows.
>>>>
>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>> dynamic
>>>> size is not supported by the C standard we use.
>>>> Use a static array instead, presuming that there is a reasonable
>>>> upper
>>>> limit of its size.
>>>>
>>>> /Sverker, Erlang/OTP
>>>>
>>>>
>>>>
>>>> Henrik Nord wrote:
>>>>> Hi
>>>>>
>>>>> I have added your branch to 'master'pu' for testing.
>>>>> Thank you for your contribution!
>>>>>
>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>     
>>>>>> Hi,
>>>>>>
>>>>>> Tree is rebased onto latest master.
>>>>>>
>>>>>> Andreas
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>       
>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>> 'master'
>>>>>>>
>>>>>>> Thank you for your contribution!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>         
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
>>>>>>>> 5487
>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>> usefulness
>>>>>>>> of those ciphers is rather limited, the one notable exception
>>>>>>>> being
>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>> (nPA).
>>>>>>>>
>>>>>>>> The test suite can only verify some PSK suites against openssl
>>>>>>>> as
>>>>>>>> currently no openssl version supports them all. There is patch
>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>> into
>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>> suites
>>>>>>>> and I have manually tested interoperability.
>>>>>>>>
>>>>>>>> Patch info:
>>>>>>>>
>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>> tls-psk-srp-suites
>>>>>>>>
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Andreas
>>>>>>>>           
>>>>>>> --
>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>
>>>>>>>
>>>>>>>         
>>>>>     
>> --
>> /Henrik Nord Erlang/OTP
>>
>>

-- 
/Henrik Nord Erlang/OTP



More information about the erlang-patches mailing list