[erlang-patches] TLS: add PSK and SRP cipher suites

Fredrik <>
Wed Jan 9 16:33:17 CET 2013


Hello Andreas,
Your patch has finally been into review and the response was:
"

  * The patch introduces new API options without documenting them.
  * The patch introduces new include file ssl_srp.hrl that I think shall
    be internal and put in src. It is undesirable to have records in the
    user API as it makes the user application compile time dependent on
    our code, better to use a proplist and then create the record
    internally. (Yes "sslsocket" is a record due to legacy)
  * The patch introduces new include file ssl_srp_primes.hrl I think it
    feels better to input such values as atoms and internaly uses the
    macros defined in this file, that would be more consistent with the
    rest of the API.
  * Functions in crypto being named TLS something seems a little
    strange, is this necessary?!

"
Please correct this and give me a notice when it is done.

BR Fredrik Gustafsson
Erlang OTP Team
On 10/12/2012 11:38 AM, Henrik Nord wrote:
> refetching
>
> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
>> Hi Henrik,
>>
>> When I rebased my changes to the current master, a change crept in that
>> shouldn't have:
>>
>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8 
>>
>>
>> I have removed it from my tree and pushed it.
>>
>> Andreas
>>
>> ----- Original Message -----
>>> Thanks, I will refetch!
>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>>> Hi,
>>>>
>>>> I have pushed a change that should fix the compile error. The
>>>> buffer has
>>>> a fixed length now.
>>>>
>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2 
>>>>
>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch 
>>>>
>>>>
>>>> Andreas
>>>>
>>>> ----- Original Message -----
>>>>> Does not compile on Windows.
>>>>>
>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>>> dynamic
>>>>> size is not supported by the C standard we use.
>>>>> Use a static array instead, presuming that there is a reasonable
>>>>> upper
>>>>> limit of its size.
>>>>>
>>>>> /Sverker, Erlang/OTP
>>>>>
>>>>>
>>>>>
>>>>> Henrik Nord wrote:
>>>>>> Hi
>>>>>>
>>>>>> I have added your branch to 'master'pu' for testing.
>>>>>> Thank you for your contribution!
>>>>>>
>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Tree is rebased onto latest master.
>>>>>>>
>>>>>>> Andreas
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>>> 'master'
>>>>>>>>
>>>>>>>> Thank you for your contribution!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
>>>>>>>>> 5487
>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>>> usefulness
>>>>>>>>> of those ciphers is rather limited, the one notable exception
>>>>>>>>> being
>>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>>> (nPA).
>>>>>>>>>
>>>>>>>>> The test suite can only verify some PSK suites against openssl
>>>>>>>>> as
>>>>>>>>> currently no openssl version supports them all. There is patch
>>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>>> into
>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>>> suites
>>>>>>>>> and I have manually tested interoperability.
>>>>>>>>>
>>>>>>>>> Patch info:
>>>>>>>>>
>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>>> tls-psk-srp-suites
>>>>>>>>>
>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites 
>>>>>>>>>
>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch 
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Andreas
>>>>>>>> -- 
>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>
>>>>>>>>
>>> -- 
>>> /Henrik Nord Erlang/OTP
>>>
>>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-patches/attachments/20130109/6a4ec88e/attachment.html>


More information about the erlang-patches mailing list