TLS keying material exporters allow additional keying material to be
derived from existing TLS channel. This exported keying material can then
be used for a variety of purposes.
- Changes in the patch are made on to of crypto layer and that's reason why
they should work for both crypto backends
Channel Binding Key based on TLS Keying Material Exporters [RFC 5705 ] allow
additional keying material to be derived from existing TLS channel. This
exported keying material can then be used for a variety of purposes.
TLS allows client and server to establish keying material for use in the
upper
TLS Keying Material Exporters [RFC 5705 ] allow
additional keying material to be derived from existing TLS channel. This
exported keying material can then be used for a variety of purposes.
TLS allows client and server to establish keying material for use in the
upper layers between the TLS
gs,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net>
* Copyright (C) 2010 Fox Crypto B.V. <open...@fox-it.com>
* Copyright (C) 2008-2013 David Sommerseth <d...@use
pto B.V. <open...@fox-it.com>
* Copyright (C) 2008-2013 David Sommerseth <d...@users.sourceforge.net>
+ * Copyright (C) 2014 Daniel Kubec <n...@rtfm.cz>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Gene
ved when crypto backend support ( currently openssl >= 1.0.2 )
>From b577afe5c076b9f93ff6112c9efb7966f32f86a3 Mon Sep 17 00:00:00 2001
From: Daniel Kubec <n...@rtfm.cz>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu, 24 Apr 2014 18:17:17 +0200
Subject: [PATCH 1/1] Channel
rom d6c231cae830e1045c2debdb04a166e4b81f363e Mon Sep 17 00:00:00 2001
From: Daniel Kubec <n...@rtfm.cz>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Wed, 14 May 2014 12:37:30 +0200
Subject: [PATCH 1/2] TLS Keying Material Exporters [RFC 5705] allows additional
keying material to
be derived from existing TL
:00:00 2001
From: Daniel Kubec <n...@rtfm.cz>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon, 26 May 2014 14:55:32 +0200
Subject: [PATCH] Added support for TLS Keying Material Exporters [RFC 5705].
Keying Material Exporter allow additional keying material to be derived from
exi
ORTER".
This option requires OpenSSL 1.0.1 or newer.
Regards
Daniel
On Thu, Jun 05, 2014 at 11:28:16PM +0200, David Sommerseth wrote:
> On 26/05/14 15:25, Daniel Kubec wrote:
> > Add support for TLS Keying Material Exporters [RFC 5705].
> >
> > Keying Material Exporter a
n Mon, Feb 23, 2015 at 04:51:34PM +0100, Daniel Kubec wrote:
>>>> Keying Material Exporter [RFC 5705] Patch rebased to actual
>>>> master branch.
>>
>>> There definitely needs to be much(!) more documentation about
>>> this, maybe an extra .txt file
melig.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 02/03/15 01:03, daniel kubec wrote:
>> Greetings Steffan, David and Gert
>>
>> Thank you very much for your comments.
>>
>> 1) log level switched to D_TLS_DEBUG_MED 2) ekm_size re
or "crypto/authentication"
plugin developers and they should know what they are doing.
Maybe Let's try to discuss that using IRC.
Daniel
On 6 March 2015 at 19:45, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Mon, Mar 02, 2015 at 01:03:38AM +0100, daniel kubec wrote:
ought (D)TLS channel and/or app layer.
Daniel
On 9 March 2015 at 20:02, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Mon, Mar 09, 2015 at 07:26:28PM +0100, daniel kubec wrote:
>> It is actually well defines mechanism for "crypto/authentication"
>> p
about some real
example with doc/specs based on existing general mechanism and
references in doc/keying-material-exporter.txt
Best Regards
Daniel
On 10 March 2015 at 09:08, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Mon, Mar 09, 2015 at 08:46:10PM +0100, daniel kubec wro
Hi Gert, Steffan and David !
There is Sample HTTP (SSO) OpenVPN Plugin with http.client.py and
http-server.py scripts based on OpenVPN's RFC-5705 support.
OpenVPN plugin examples.Daniel Kubec <n...@rtfm.cz>
Examples provided:
sso.c -- HTTP (SSO) Example
Hi David,
Thank You for your comments. It makes sense to me.
Can you apply your fixes into patches or it's up to me ?
King Regards
Daniel
On 9 October 2015 at 17:27, David Sommerseth
<openvpn.l...@topphemmelig.net> wrote:
> On 23/02/15 17:02, daniel kubec wrote:
>> -
Ok, Thank You for these changes :)
Daniel
On 9 October 2015 at 18:09, David Sommerseth
<openvpn.l...@topphemmelig.net> wrote:
> On 09/10/15 17:54, daniel kubec wrote:
>> Hi David,
>>
>> Thank You for your comments. It makes sense to me.
>> Can you apply your fi
rom 65c273f4d2eb63a26d270b870e303d5eff99cd0a Mon Sep 17 00:00:00 2001
From: Daniel Kubec <n...@rtfm.cz>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Wed, 27 Apr 2016 07:40:31 +0200
Subject: [PATCH 1/1] Exported keying material is always sizeof(unsigned char *)
There is patch
I am very fascinated - Travis is super cool :-) I building and even
running / testing (qemu userland emulation) quite complex build
matrix. clang/gcc several OSX/Version + multiple sdk version,
Win32/64, Linux + sdk on many architectures.
Actually building my kbuild build system fork on x86_32,
19 matches
Mail list logo