[openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g(Internet mail)

taochen via RT rt at openssl.org
Fri Mar 11 01:36:55 UTC 2016


Sorry for no documentation.

In SRP6a, after the client and server calculate a common session key, they must prove to each other that their keys are idential to finish authentication.
That is client send the M1, and server verifies M1 and responses with M2, then client verifies M2.
I notice that both the 1.0.2 and the master are not provide the method of calculate M1, M2, that is what the patch does.

 Hopefully, the patch will be added to the next release.
Thank you.

From: Salz, Rich via RT<mailto:rt at openssl.org>
Date: 2016-03-10 23:01
To: taochen(陈涛)<mailto:taochen at tencent.com>
CC: openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>
Subject: RE: [openssl-dev] [openssl.org #4410] [PATCH] add calculation of M1, M2 in srp, based on 1_0_2g(Internet mail)

We need a little more explanation.

Is this a new feature?  Being added to 1.0.2? (That won't be accepted, only fixes go into released branches.)  Or is this something that was dropped and should be restored?

Unfortunately, the 1.1 freeze deadline is in 24 hours.  This won't make it into 1.1 unless it is a bug-fix.

I also noticed that there is no documentation of these new functions.


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410
Please log in as guest with password guest if prompted

����


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4410
Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list