I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is: - websocket - auth_ephemeral - tls - stun - outbound - osp - auth_identity
FYI, for the modules I've created the usage of OpenSSL is: - websocket: SHA1() is used to create the key in the WebSocket handshake response. - auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password based on the username and secret key and openssl/sha.h is included for "#define SHA_DIGEST_LENGTH" - outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and RAND_bytes() is used to get cryptographically strong pseudo-random bytes for the secret key
- stun: not sure about this as a lot of the code was copied from core
Hi, Peter...
Thanks for the information.... is this also available somewhere on the Wiki? Where should it fit better? In the compilation instructions? Or letting it on the modules would be enough? --- Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for "#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes for the secret key
- stun: not sure about this as a lot of the code was copied from core
No. This information is incomplete and I have only provided this information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.
One of the actions from the meeting was to produce a wiki page documenting _ALL_ external libraries for each module. I do not have time to this.
Regards,
Peter
On 28 May 2013, at 01:26, Edson - Lists 4lists@gmail.com wrote:
Hi, Peter...
Thanks for the information.... is this also available somewhere on the Wiki? Where should it fit better? In the compilation instructions? Or letting it on the modules would be enough?
Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for "#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes for the secret key
- stun: not sure about this as a lot of the code was copied from core
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
28 maj 2013 kl. 10:15 skrev Peter Dunkley peter.dunkley@crocodile-rcs.com:
No. This information is incomplete and I have only provided this information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.
I was worried about the initialization of OpenSSL libraries. The problem we had in Asterisk was that Asterisk initialized several times and external libraries could do that as well - like jabber and database libraries. I think Kevin solved that by creating a small shim that made sure that only one call could be made. I can see that it can happen here as well with postgresql client libraries initializing OpenSSL by itself.
One of the actions from the meeting was to produce a wiki page documenting _ALL_ external libraries for each module. I do not have time to this.
I think we can do that in doxygen. I will copy the macros I created for Asterisk to produce a doxygen page with all the links.
/O
Regards,
Peter
On 28 May 2013, at 01:26, Edson - Lists 4lists@gmail.com wrote:
Hi, Peter...
Thanks for the information.... is this also available somewhere on the Wiki? Where should it fit better? In the compilation instructions? Or letting it on the modules would be enough?
Edson.
Em 27/05/2013 20:48, Peter Dunkley escreveu:
I created another module that links with OpenSSL.
The current list of (non-obsolete) modules that link with OpenSSL is:
- websocket
- auth_ephemeral
- tls
- stun
- outbound
- osp
- auth_identity
FYI, for the modules I've created the usage of OpenSSL is:
- websocket: SHA1() is used to create the key in the WebSocket handshake
response.
- auth_ephemeral: HMAC(EVP_sha1(), ...) is used to calculate the password
based on the username and secret key and openssl/sha.h is included for "#define SHA_DIGEST_LENGTH"
- outbound: HMAC(EVP_sha1(), ...) is used to encode the flow token and
RAND_bytes() is used to get cryptographically strong pseudo-random bytes for the secret key
- stun: not sure about this as a lot of the code was copied from core
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
On 28.05.2013 10:20, Olle E. Johansson wrote:
28 maj 2013 kl. 10:15 skrev Peter Dunkleypeter.dunkley@crocodile-rcs.com:
No. This information is incomplete and I have only provided this information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.
I was worried about the initialization of OpenSSL libraries. The problem we had in Asterisk was that Asterisk initialized several times and external libraries could do that as well - like jabber and database libraries. I think Kevin solved that by creating a small shim that made sure that only one call could be made. I can see that it can happen here as well with postgresql client libraries initializing OpenSSL by itself.
I remember that we had the postgresql openssl initialization problem already in Kamailio (or was it ser?) and it was solved by having the other module linking to openssl statically.
regards Klaus
On 5/28/13 11:06 AM, Klaus Darilion wrote:
On 28.05.2013 10:20, Olle E. Johansson wrote:
28 maj 2013 kl. 10:15 skrev Peter Dunkleypeter.dunkley@crocodile-rcs.com:
No. This information is incomplete and I have only provided this
information as there was a discussion about OpenSSL during the recent developer meeting - this mailing list is the correct place to continue and conclude this discussion.
I was worried about the initialization of OpenSSL libraries. The problem we had in Asterisk was that Asterisk initialized several times and external libraries could do that as well - like jabber and database libraries. I think Kevin solved that by creating a small shim that made sure that only one call could be made. I can see that it can happen here as well with postgresql client libraries initializing OpenSSL by itself.
I remember that we had the postgresql openssl initialization problem already in Kamailio (or was it ser?) and it was solved by having the other module linking to openssl statically.
This is not an issue anymore, now tls module is the one initializing first. Everything works fine for the latest several stable releases.
Cheers, Daniel
-
Daniel-Constantin Mierla -
Edson - Lists -
Klaus Darilion -
Olle E. Johansson -
Peter Dunkley