[erlang-patches] TLS: add PSK and SRP cipher suites

Andreas Schultz aschultz@REDACTED
Thu Jan 10 19:07:31 CET 2013


Hi,

I'll work on this over the weekend, I expect to have a new version ready on Monday.

Andreas

----- Original Message -----
> Hello Andreas,
> Your patch has finally been into review and the response was:
> "
> 
>   * The patch introduces new API options without documenting them.
>   * The patch introduces new include file ssl_srp.hrl that I think shall
>     be internal and put in src. It is undesirable to have records in the
>     user API as it makes the user application compile time dependent on
>     our code, better to use a proplist and then create the record
>     internally. (Yes "sslsocket" is a record due to legacy)
>   * The patch introduces new include file ssl_srp_primes.hrl I think it
>     feels better to input such values as atoms and internaly uses the
>     macros defined in this file, that would be more consistent with the
>     rest of the API.
>   * Functions in crypto being named TLS something seems a little
>     strange, is this necessary?!
> 
> "
> Please correct this and give me a notice when it is done.
> 
> BR Fredrik Gustafsson
> Erlang OTP Team
> On 10/12/2012 11:38 AM, Henrik Nord wrote:
> > refetching
> >
> > On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> >> Hi Henrik,
> >>
> >> When I rebased my changes to the current master, a change crept in that
> >> shouldn't have:
> >>
> >> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
> >>
> >>
> >> I have removed it from my tree and pushed it.
> >>
> >> Andreas
> >>
> >> ----- Original Message -----
> >>> Thanks, I will refetch!
> >>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
> >>>> Hi,
> >>>>
> >>>> I have pushed a change that should fix the compile error. The
> >>>> buffer has
> >>>> a fixed length now.
> >>>>
> >>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
> >>>>
> >>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
> >>>>
> >>>>
> >>>> Andreas
> >>>>
> >>>> ----- Original Message -----
> >>>>> Does not compile on Windows.
> >>>>>
> >>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
> >>>>> dynamic
> >>>>> size is not supported by the C standard we use.
> >>>>> Use a static array instead, presuming that there is a reasonable
> >>>>> upper
> >>>>> limit of its size.
> >>>>>
> >>>>> /Sverker, Erlang/OTP
> >>>>>
> >>>>>
> >>>>>
> >>>>> Henrik Nord wrote:
> >>>>>> Hi
> >>>>>>
> >>>>>> I have added your branch to 'master'pu' for testing.
> >>>>>> Thank you for your contribution!
> >>>>>>
> >>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> Tree is rebased onto latest master.
> >>>>>>>
> >>>>>>> Andreas
> >>>>>>>
> >>>>>>> ----- Original Message -----
> >>>>>>>> Would you be so kind as to rebase this branch upon the latest
> >>>>>>>> 'master'
> >>>>>>>>
> >>>>>>>> Thank you for your contribution!
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
> >>>>>>>>> 5487
> >>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
> >>>>>>>>> usefulness
> >>>>>>>>> of those ciphers is rather limited, the one notable exception
> >>>>>>>>> being
> >>>>>>>>> the eID server protocol for German national identity cards
> >>>>>>>>> (nPA).
> >>>>>>>>>
> >>>>>>>>> The test suite can only verify some PSK suites against openssl
> >>>>>>>>> as
> >>>>>>>>> currently no openssl version supports them all. There is patch
> >>>>>>>>> that add some to openssl, but it has not been  incorporated
> >>>>>>>>> into
> >>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
> >>>>>>>>> suites
> >>>>>>>>> and I have manually tested interoperability.
> >>>>>>>>>
> >>>>>>>>> Patch info:
> >>>>>>>>>
> >>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
> >>>>>>>>> tls-psk-srp-suites
> >>>>>>>>>
> >>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>>>>>>>>
> >>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Regards
> >>>>>>>>> Andreas
> >>>>>>>> --
> >>>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>>
> >>>>>>>>
> >>> --
> >>> /Henrik Nord Erlang/OTP
> >>>
> >>>
> >
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------




More information about the erlang-patches mailing list