The changes to generate_cert.go snuck in by accident. One makes it use crypto/rand instead of ...
15 years, 2 months ago
(2010-10-27 09:03:03 UTC)
#3
The changes to generate_cert.go snuck in by accident. One
makes it use crypto/rand instead of opening /dev/urandom
itself and the other simply makes it compile.
The changes aren't necessary for the rest of the patch set.
Also, this is just the first step in supporting more cipher suites. I'm almost done ...
15 years, 2 months ago
(2010-10-27 09:22:50 UTC)
#4
Also, this is just the first step in supporting
more cipher suites. I'm almost done with the code
to actually *use* the other ciphers/HMACs.
I wanted to get some feedback to see if I'm on the
right track.
Thanks.
Do you have plans to add a stream.Cipher interface? I'm currently reworking conn.go to support ...
15 years, 2 months ago
(2010-10-28 22:53:04 UTC)
#8
Do you have plans to add a stream.Cipher interface?
I'm currently reworking conn.go to support both
stream and block cipher modes (with an eye towards
a future AEAD mode).
http://codereview.appspot.com/2747042/diff/11001/src/pkg/crypto/tls/cipher_su...
File src/pkg/crypto/tls/cipher_suites.go (right):
http://codereview.appspot.com/2747042/diff/11001/src/pkg/crypto/tls/cipher_su...
src/pkg/crypto/tls/cipher_suites.go:10: cblock "crypto/block"
On 2010/10/27 14:23:09, agl wrote:
> I would just omit 'cblock'. It's even a longer name!
This was less intrusive than changing conn.go
to use a different name for its block type.
It's your call.
http://codereview.appspot.com/2747042/diff/11001/src/pkg/crypto/tls/cipher_su...
src/pkg/crypto/tls/cipher_suites.go:43: var iv []byte // TODO(ality): Securely
generate an IV
On 2010/10/27 14:23:09, agl wrote:
> The IV comes from the master secret key material.
Is this true? I thought it was only required to
be a cryptographically secture random number.
On Mon, Nov 1, 2010 at 4:05 PM, Adam Langley <agl@chromium.org> wrote: > On vacation. ...
15 years, 2 months ago
(2010-11-04 16:25:46 UTC)
#14
On Mon, Nov 1, 2010 at 4:05 PM, Adam Langley <agl@chromium.org> wrote:
> On vacation. Back tomorrow.
I'm working on a crypto/cipher package to replace crypto/block. Let me
get it out this weekend and then we can get it into shape for TLS.
AGL
Adam Langley <agl@chromium.org> once said: > On Mon, Nov 1, 2010 at 4:05 PM, Adam ...
15 years, 1 month ago
(2010-12-02 12:37:09 UTC)
#15
Adam Langley <agl@chromium.org> once said:
> On Mon, Nov 1, 2010 at 4:05 PM, Adam Langley <agl@chromium.org> wrote:
> > On vacation. Back tomorrow.
>
> I'm working on a crypto/cipher package to replace crypto/block. Let me
> get it out this weekend and then we can get it into shape for TLS.
Ping.
On Tue, Dec 7, 2010 at 12:50 PM, <rsc@golang.org> wrote: > mostly leaving for agl ...
15 years, 1 month ago
(2010-12-07 18:07:46 UTC)
#17
On Tue, Dec 7, 2010 at 12:50 PM, <rsc@golang.org> wrote:
> mostly leaving for agl but you did not
> reply to my last set of comments
Yes, I need to do work on this. I'm afraid that it's behind a lot of
other things at the moment.
AGL
rsc: Sorry. I didn't notice your previous comments. agl: Could you say a bit about ...
15 years, 1 month ago
(2010-12-07 19:44:26 UTC)
#18
rsc:
Sorry. I didn't notice your previous comments.
agl:
Could you say a bit about your plans for the
tls package? I'm working on some code that
relies on this CL and other changes I've yet
to submit for review (i.e. support for DH
w/ephemeral keys and a des package). If you
don't have the time, I'd be willing to
volunteer.
http://codereview.appspot.com/2747042/diff/28001/src/pkg/crypto/tls/cipher_su...
File src/pkg/crypto/tls/cipher_suites.go (right):
http://codereview.appspot.com/2747042/diff/28001/src/pkg/crypto/tls/cipher_su...
src/pkg/crypto/tls/cipher_suites.go:26: hmacNull = iota
On 2010/11/01 19:33:14, rsc1 wrote:
> are the enums necessary?
> can you use func variables in the table instead,
> so that instead of hmacSHA1 you'd use hmac.NewSHA1?
Yes, I can use funcs for the hmac algorithms
but not for the ciphers since they can return
either a stream or block interface.
http://codereview.appspot.com/2747042/diff/28001/src/pkg/crypto/tls/cipher_su...
src/pkg/crypto/tls/cipher_suites.go:68: type blockCipher interface {
On 2010/12/07 17:50:13, rsc wrote:
> why is this here instead of importing crypto/block?
I put it here so the code that checks the
interface type in conn.go would look
symmetrical. Not a solid reason, I admit.
It should probably just use the interfaces
in agl's new crypto/cipher package.
Adam Langley <agl@chromium.org> once said: > p.s. if anything sucks for you with the current ...
15 years, 1 month ago
(2010-12-15 18:20:06 UTC)
#22
Adam Langley <agl@chromium.org> once said:
> p.s. if anything sucks for you with the current
> code, please let me know!
I'm going through it right now. Thanks for doing
this.
Anthony
Issue 2747042: code review 2747042: crypto/tls: changes to support adding more cipher suites
(Closed)
Created 15 years, 2 months ago by ality
Modified 15 years, 1 month ago
Reviewers: agl, rsc, agl1
Base URL:
Comments: 15
