| # |
|
Thu Nov 27 07:45:29 2008 |
thomwu@cisco.com - Ticket created
|
|
|
This patch is the first portion of SRP (RFC 5054) support in OpenSSL.
The original work to add SRP to OpenSSL was done by the EdelKey project
(http://www.edelweb.fr/EdelKey/). I am updating these patches for the
latest
development version of OpenSSL (0.9.9) and submitting them for
integration.
This first patch only includes support for the 'crypto/srp' directory
and the
'openssl/srp' command, as well as the 'no-srp' conditional compilation
directive in 'configure'. This does NOT yet include support for TLS/SRP
ciphersuites, which will be added in an upcoming patch.
This patch applies cleanly against the 20081125 and 20081126 dev
snapshots.
|
| # |
|
Thu Nov 27 13:43:21 2008 |
steve - Correspondence added
|
|
|
|
> [thomwu@cisco.com - Thu Nov 27 07:45:29 2008]:
>
> This patch is the first portion of SRP (RFC 5054) support in OpenSSL.
>
> The original work to add SRP to OpenSSL was done by the EdelKey project
> (http://www.edelweb.fr/EdelKey/). I am updating these patches for the
> latest
> development version of OpenSSL (0.9.9) and submitting them for
> integration.
>
> This first patch only includes support for the 'crypto/srp' directory
> and the
> 'openssl/srp' command, as well as the 'no-srp' conditional compilation
> directive in 'configure'. This does NOT yet include support for TLS/SRP
>
> ciphersuites, which will be added in an upcoming patch.
>
> This patch applies cleanly against the 20081125 and 20081126 dev
> snapshots.
>
>
A few initial comments.
The copyright notice in srp.c gives the impression Eric Young wrote that
file... I'm assuming he didn't and it is a combination of work from
other files in apps he did write.
The indentation in srp.c (perhaps as a result) is very inconsistent.
Indentation in other files doesn't follow the "standard" of the rest of
OpenSSL (well most of it).
In a couple of files the low level SHA1 digest API is used directly.
That should be avoided because it precludes use of ENGINEs in future.
Use EVP instead.
|
| # |
|
Thu Nov 27 13:43:22 2008 |
RT_System - Status changed from 'new' to 'open'
|
|
|
|
|
| # |
|
Tue Dec 02 01:10:52 2008 |
thomwu@cisco.com - Correspondence added
|
|
|
This updated patch supersedes the previous patch submitted for this
issue and addresses the issues raised earlier. This patch also includes
the 'srptest' unit test. This patch applies cleanly against the
20081201 dev snapshot.
|
| # |
|
Mon Dec 15 18:56:40 2008 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9. SRP
ciphersuites are implemented in libssl, and the SRP algorithm is
implemented in "crypto/srp". This patch applies cleanly to the 20081215
dev snapshot and supersedes the earlier patches submitted under this
ticket. A unit test for SRP is included, and the integration tests have
also been extended to cover the SRP ciphersuites.
Please incorporate this patch into 0.9.9, and send me any comments or
suggestions. I am working with a group at Cisco that is looking forward
to using SRP ciphersuites in an upcoming product. Thanks for the
helpful comments on the previous patches - they were very useful towards
improving the patches for this submission.
Tom
|
| # |
|
Wed Jan 14 23:07:40 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090113 dev snapshot. This version of
the patch supercedes the earlier patches submitted under this ticket.
Please let me know if the code is ready to be integrated into 0.9.9-dev,
or if there are any improvements still needed.
Thanks,
Tom
|
| # |
|
Wed Mar 04 23:38:37 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090304 dev snapshot. This version of
the patch supercedes the earlier patches submitted under this ticket.
Please let me know what the next steps are for the integration of this
patch into OpenSSL 0.9.9.
Thanks,
Tom
|
| # |
|
Thu Apr 02 23:50:58 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090402 dev snapshot as well as 1.0.0
beta1. This version of the patch supercedes the earlier patches
submitted
under this ticket. Please let me know what the next steps are for the
integration of this patch into OpenSSL 0.9.9 and 1.0.0.
Thanks,
Tom
|
| # |
|
Sat Apr 11 00:12:18 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090410 dev snapshot as well as the
0410 snapshot of 1.0.0. This version of the patch supercedes the earlier
patches submitted under this ticket. Please let me know what the next
steps are for the integration of this patch into OpenSSL 0.9.9 and
1.0.0.
Thanks,
Tom
|
| # |
|
Wed May 13 23:55:21 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090513 dev snapshot. This version of
the patch supercedes the earlier patches submitted under this ticket.
Please let me know what the next steps are for the integration of this
patch into OpenSSL 0.9.9 and 1.0.0.
Thanks,
Tom
|
| # |
|
Wed Jun 03 19:40:55 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 0.9.9, and has been
updated to apply cleanly to the 20090603 dev snapshot. This version of
the patch supercedes the earlier patches submitted under this ticket.
Please let me know what the next steps are for the integration of this
patch into OpenSSL 1.0.0 and 1.1.0.
Thanks,
Tom
|
| # |
|
Mon Jul 13 19:34:06 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 1.0.0 and 1.1.0, and
has
been updated to apply cleanly to the 20090713 dev snapshot. This version
of the patch supercedes the earlier patches submitted under this ticket.
Please let me know what the next steps are for the integration of this
patch into OpenSSL 1.0.0 and 1.1.0.
Thanks,
Tom
|
| # |
|
Mon Aug 03 22:01:43 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 1.0.0 and 1.1.0, and
has been updated to apply cleanly to the 20090803 dev snapshot. This
version of the patch supercedes the earlier patches submitted under this
ticket. Please let me know what the next steps are for the integration
of this patch into OpenSSL 1.0.0 and 1.1.0.
Thanks,
Tom
|
| # |
|
Sun Aug 09 17:27:00 2009 |
steve - Correspondence added
|
|
|
|
> [thomwu@cisco.com - Mon Aug 03 22:01:43 2009]:
>
> This patch adds full RFC 5054 support in OpenSSL 1.0.0 and 1.1.0, and
> has been updated to apply cleanly to the 20090803 dev snapshot. This
> version of the patch supercedes the earlier patches submitted under this
> ticket. Please let me know what the next steps are for the integration
> of this patch into OpenSSL 1.0.0 and 1.1.0.
>
Since 1.0.0 is in a feature freeze this wont be applied to that. After
1.0.0 release it can be considered for 1.0.1 and 1.1.0.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
|
| # |
|
Wed Sep 09 23:16:37 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
> Since 1.0.0 is in a feature freeze this wont be applied to
> that. After 1.0.0 release it can be considered for 1.0.1 and 1.1.0.
>
> Steve.
I've updated the patch for the 2009-09-09 main line snapshot. Let me
know if there are any other changes that should be made before
integrating the patch into either 1.0.1 or 1.1.0.
Tom
|
| # |
|
Fri Oct 30 23:51:18 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 1.0.1 and 1.1.0, and
has been updated to apply cleanly to the 20091030 dev snapshot. This
version of the patch supercedes the earlier patches submitted under this
ticket. Please let me know what the next steps are for the integration
of this patch into OpenSSL 1.0.1 and 1.1.0.
Thanks,
Tom
|
| # |
|
Fri Dec 18 22:07:36 2009 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 1.0.1 and 1.1.0, and
has been updated to apply cleanly to the 20091218 dev snapshot. This
version of the patch supercedes the earlier patches submitted under this
ticket. Please let me know what the next steps are for the integration
of this patch into OpenSSL 1.0.1 and 1.1.0.
Thanks,
Tom
|
| # |
|
Tue Feb 09 01:55:13 2010 |
thomwu@cisco.com - Correspondence added
|
|
|
This patch adds full RFC 5054 support in OpenSSL 1.0.1 and 1.1.0, and
has been updated to apply cleanly to the 20100208 dev snapshot. This
version of the patch supercedes the earlier patches submitted under this
ticket. Please let me know what the next steps are for the integration
of this patch into OpenSSL 1.0.1 and 1.1.0.
Thanks,
Tom
|
