Re: [gnutls-dev] GnuTLS 1.4.0 release candidate 1

[Emile van Bergen]

Hi,

On Tue, Mar 21, 2006 at 06:51:35PM +0100, Simon Josefsson wrote:

> We expect to release 1.4.0 shortly, and anything you'd like to change
> in the software or in the final announcement (which will look much
> like the below) should be sent to us within a few days...

[SNIP]

> ** Support for TLS Inner application (TLS/IA).  This is per
>    draft-funk-tls-inner-application-extension-01, and is compatible
>    with the recent -02 version too.

I have a patch for that with a proposed API change, hope the FSF's
confirmation of the copyright assignment reaches you in time for you to
review it.

> ** New APIs to access the TLS Pseudo-Random-Function (PRF) and the
>    client and server random fields in a session.  This is primarily
>    intended for when GnuTLS is used as a component in other
>    authentication protocols, such as the EAP mechanism PEAP and TTLS.

I also have a patch for that; it's attached. The purpose is to allow you
to use the higher level PRF function (the one that derives from the
TLS MSK and the randoms) for generating IV material, that's supposed to
be dependent on the randoms, but not on the MSK.

This is useful for PEAPv2 etc. Basically, the server_random_first flag
is changed to a 'type' flag that contains the server_random_first flag
and a 'empty_master_secret' flag in bits 0 and 1, respectively.

Of course one could pull the randoms manually and then call the raw PRF,
but this seemed the cleaner way to do it.

Cheers,


Emile.

-- 
E-Advies - Emile van Bergen           address@hidden      
tel. +31 (0)78 6136282           http://www.e-advies.nl

gnutls-1.3.4-evb0-1-prf.diff
Description: Text document

signature.asc
Description: Digital signature