[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5] crypto: Implement TLS Pre-Shared Keys (PSK).
From: |
Richard W.M. Jones |
Subject: |
Re: [Qemu-devel] [PATCH v5] crypto: Implement TLS Pre-Shared Keys (PSK). |
Date: |
Fri, 29 Jun 2018 18:40:29 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Fri, Jun 29, 2018 at 06:03:43PM +0100, Daniel P. Berrangé wrote:
> On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> > diff --git a/crypto/tlssession.c b/crypto/tlssession.c
> > index 96a02deb69..50df64e0a9 100644
> > --- a/crypto/tlssession.c
> > +++ b/crypto/tlssession.c
> > @@ -21,6 +21,7 @@
> > #include "qemu/osdep.h"
> > #include "crypto/tlssession.h"
> > #include "crypto/tlscredsanon.h"
> > +#include "crypto/tlscredspsk.h"
> > #include "crypto/tlscredsx509.h"
> > #include "qapi/error.h"
> > #include "qemu/acl.h"
> > @@ -88,6 +89,8 @@ qcrypto_tls_session_pull(void *opaque, void *buf, size_t
> > len)
> > return session->readFunc(buf, len, session->opaque);
> > }
> >
> > +#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
> > +#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
>
> Unfortunately in testing this I learn ECDHE-PSK is only supported when
> using GNUTLS >= 3.0, so can you make this conditional based on
> GNUTLS_VERSION_MAJOR >= 3
GnuTLS 3.0 was released in 2011, and the last 2.x version seems to be
from 2009. Do we need to support such old versions?
I looked at the configure script. It seems as if we will try to use
any version of GnuTLS, even ancient ones (although other sub-features
require later versions of GnuTLS). But if I'm understanding it
correctly, by forcing both GnuTLS >= 3.0.0 and Nettle we could
eliminate all the conditionals there, except for one Nettle test.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top