wtls branch merged

Milan P. Stanic mps at arvanta.net
Sun Sep 12 19:36:13 CEST 2010


On Sun, 2010-09-12 at 20:13, Nikos Balkanas wrote:
> I don't believe so. The openssl RC5 is licensed under the openssl
> license (similar to kannel's).
> 
> http://www.openssl.org/source/license.html

Licence is for software implementation and it is free but the RC5
algorithm is patented, AFAIK. I'm not a lawyer and I don't all details
but I think that the RC5 cannot be used in USA (and possible other
countries) without licence from the patent holder (in that case RSA
Data Security).

A quick look at WTLS specification shows that the RC5 isn't mandatory
but optional.

> Yes it is necessary, as mentioned in a previous mail. Incorrectly I
> said that it is used in key generation. Actually it is one of the 3
> cipher algorithms used for content according to the wtls spec:
> 
> enum bulk_algorithms {
>        NULL_bulk,
>        RC5_CBC_40,
>        RC5_CBC_56,
>        RC5_CBC,
>        DES_CBC_40,
>        DES_CBC,
>        TRIPLE_DES_CBC_EDE,
>        IDEA_CBC_40,
>        IDEA_CBC_56,
>        IDEA_CBC
> };
> 
> This implementation supports the RC5 and DES algorithms. Not the IDEA.
> 
> Kannel already has wtls with RC5 for all these years, except that it
> doesn't work.
> 
> BR,
> Nikos
> 
> ----- Original Message ----- From: "Milan P. Stanic"
> <mps at arvanta.net>
> To: <devel at kannel.org>
> Sent: Sunday, September 12, 2010 7:42 PM
> Subject: Re: wtls branch merged
> 
> 
> >On Sun, 2010-09-12 at 17:35, Nikos Balkanas wrote:
> >>But you don't need an rpm if you build from sources. You have all
> >>the includes and sources that you need.
> >>If you are referring about the binary kannel rpms, these are
> >>seriously outdated. Besides rpms are for the masses, and wtls is for
> >>the few...You should disable wtls when building for the masses.
> >
> >It could be problem for distributors (RH, Debian, Suse, xxxBSD and
> >others) if they cannot distribute Kannel with WTLS enabled because RC5
> >is patented and distributors don't want to go court.
> >
> >Is the RC5 mandatory for WTLS?
> >
> >>Nikos
> >>.
> >>----- Original Message ----- From: "Rene Kluwen"
> >><rene.kluwen at chimit.nl>
> >>To: "'Nikos Balkanas'" <nbalkanas at gmail.com>; "'Alexander Malysh'"
> >><amalysh at kannel.org>
> >>Cc: "'Kannel Devel'" <devel at kannel.org>
> >>Sent: Sunday, September 12, 2010 5:29 PM
> >>Subject: RE: wtls branch merged
> >>
> >>
> >>>Okay... suppose you can build it in one step.
> >>>
> >>>That still won't solve the rpm dependency.
> >>>
> >>>== Rene
> >>>
> >>>-----Original Message-----
> >>>From: Nikos Balkanas [mailto:nbalkanas at gmail.com]
> >>>Sent: Sunday, 12 September, 2010 16:23
> >>>To: Rene Kluwen; 'Alexander Malysh'
> >>>Cc: 'Kannel Devel'
> >>>Subject: Re: wtls branch merged
> >>>
> >>>Actually it is not that bad. Openssl compiles from sources in one step:
> >>>
> >>>config threads no-krb5 shared enable-rc5 --prefix=/usr/local/64
> >>>
> >>>Clean, nothing to it.
> >>>
> >>>BR,
> >>>Nikos
> >>>----- Original Message ----- From: "Rene Kluwen"
> >>><rene.kluwen at chimit.nl>
> >>>To: "'Nikos Balkanas'" <nbalkanas at gmail.com>; "'Alexander Malysh'"
> >>><amalysh at kannel.org>
> >>>Cc: "'Kannel Devel'" <devel at kannel.org>
> >>>Sent: Sunday, September 12, 2010 5:12 PM
> >>>Subject: RE: wtls branch merged
> >>>
> >>>
> >>>>Hmmm... too much of a bother. I wonder if anybody still uses wap
> >>>>nowadays.
> >>>>
> >>>>Maybe in combination with mbuni, wap might be convenient. But
> >>even >>then,
> >>>>people won't use wtls.
> >>>>
> >>>>@Alexander: What dependencies does the pre-compiled package need when
> >>>>using
> >>>>this 'feature'? Because otherwise nobody (at least I won't) be able to
> >>>>install it from rpm, because the CentOS packages include
> >>openssl >>without
> >>>>RC5
> >>>>support. Not sure about other distributions.
> >>>>
> >>>>== Rene
> >>>>
> >>>>-----Original Message-----
> >>>>From: Nikos Balkanas [mailto:nbalkanas at gmail.com]
> >>>>Sent: Sunday, 12 September, 2010 15:58
> >>>>To: Rene Kluwen; 'Alexander Malysh'
> >>>>Cc: 'Kannel Devel'
> >>>>Subject: Re: wtls branch merged
> >>>>
> >>>>Actually you get these errors because you didn't solve your
> >>rc5 issue >>and
> >>>>proceeded nevertheless.
> >>>>
> >>>>rc5 is needed for cryptography of wtls. Otherwise you won't be able to
> >>>>produce the keys. Either install openssl with rc5 enabled or build from
> >>>>sources with --enable-rc5. When you get these, your
> >>gw-config.h will >>set
> >>>>the
> >>>>
> >>>>correct directives and compile cleanly.
> >>>>
> >>>>After compilation, you will have to configure wtls group in your
> >>>>kannel.conf
> >>>>
> >>>>and produce a pair of self-signed RSA keys for that.
> >>>>
> >>>>BR,
> >>>>Nikos
> >>>>
> >>>>----- Original Message ----- From: "Nikos Balkanas"
> >>>><nbalkanas at gmail.com>
> >>>>To: "Rene Kluwen" <rene.kluwen at chimit.nl>; "'Alexander Malysh'"
> >>>><amalysh at kannel.org>
> >>>>Cc: "'Kannel Devel'" <devel at kannel.org>
> >>>>Sent: Sunday, September 12, 2010 4:45 PM
> >>>>Subject: Re: wtls branch merged
> >>>>
> >>>>
> >>>>>OK. I think you solved the RC5 issue. You need headers (openssl-devel)
> >>>>>with rc5 enabled.
> >>>>>
> >>>>>About the rest:
> >>>>>
> >>>>>After configure --with-wtls=openssl you should end up with
> >>>>>gw-config.h:
> >>>>>
> >>>>>/* Defined if we're using OpenSSL WTLS */
> >>>>>211: #define HAVE_WTLS_OPENSSL 1
> >>>>>
> >>>>>If not, enable it manually and rebuild.
> >>>>>
> >>>>>BR,
> >>>>>Nikos
> >>>>>----- Original Message ----- From: "Rene Kluwen"
> >>>>><rene.kluwen at chimit.nl>
> >>>>>To: "'Rene Kluwen'" <rene.kluwen at chimit.nl>; "'Nikos Balkanas'"
> >>>>><nbalkanas at gmail.com>; "'Alexander Malysh'" <amalysh at kannel.org>
> >>>>>Cc: "'Kannel Devel'" <devel at kannel.org>
> >>>>>Sent: Sunday, September 12, 2010 3:38 PM
> >>>>>Subject: RE: wtls branch merged
> >>>>>
> >>>>>
> >>>>>>Clearly I am missing something. After ./configure
> >>>>>>--with-wtls=openssl, I
> >>>>>>get:
> >>>>>>(openssl-devel is installed).
> >>>>>>
> >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:235:
> >>>>>>undefined reference
> >>>>>>to
> >>>>>>`private_key'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:236:
> >>>>>>undefined reference
> >>>>>>to
> >>>>>>`private_key'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:219:
> >>>>>>undefined reference
> >>>>>>to
> >>>>>>`x509_cert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/gw/wapbox.c:220:
> >>>>>>undefined reference
> >>>>>>to
> >>>>>>`x509_cert'
> >>>>>>libwap.a(wtls.o): In function `clientHello':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:453:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_choose_ciphersuite'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:472:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_choose_clientkeyid'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:484:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_choose_snmode'
> >>>>>>libwap.a(wtls.o): In function `wtls_event_handle':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_changecipherspec'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_changecipherspec'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:328:
> >>>>>>undefined
> >>>>>>reference to `is_critical_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:338:
> >>>>>>undefined
> >>>>>>reference to `is_warning_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:397:
> >>>>>>undefined
> >>>>>>reference to `packet_is_application_data'
> >>>>>>libwap.a(wtls.o): In function `serverHello':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:533:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_get_random'
> >>>>>>libwap.a(wtls.o): In function `wtls_event_handle':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:826:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_decrypt_pdu_list'
> >>>>>>libwap.a(wtls.o): In function `wtls_event_handle':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:77:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_clienthello'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:480:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_clienthello'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:210:
> >>>>>>undefined
> >>>>>>reference to `clienthellos_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:231:
> >>>>>>undefined
> >>>>>>reference to `is_warning_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:240:
> >>>>>>undefined
> >>>>>>reference to `is_critical_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:281:
> >>>>>>undefined
> >>>>>>reference to `clienthellos_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:421:
> >>>>>>undefined
> >>>>>>reference to `is_critical_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:431:
> >>>>>>undefined
> >>>>>>reference to `is_warning_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_changecipherspec'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_changecipherspec'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:528:
> >>>>>>undefined
> >>>>>>reference to `is_critical_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:538:
> >>>>>>undefined
> >>>>>>reference to `is_warning_alert'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_finished'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:302:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_userdata'
> >>>>>>libwap.a(wtls.o): In function `exchange_keys':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:627:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_decrypt_key'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:638:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_get_rsapublickey'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:654:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_calculate_prf'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_hash'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:710:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_calculate_prf'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_hash'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:751:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_calculate_prf'
> >>>>>>libwap.a(wtls.o): In function `wtls_event_handle':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:132:
> >>>>>>undefined
> >>>>>>reference to `wtls_get_rsapublickey'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:493:
> >>>>>>undefined
> >>>>>>reference to `packet_is_application_data'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
> >>>>>>undefined
> >>>>>>reference to `certificates_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:292:
> >>>>>>undefined
> >>>>>>reference to `clienthellos_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_finished'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_userdata'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:502:
> >>>>>>undefined
> >>>>>>reference to `finishes_are_indentical'
> >>>>>>libwap.a(wtls.o): In function `exchange_keys':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls.c:684:
> >>undefined >>>>reference
> >>>>>>to
> >>>>>>`wtls_decrypt_pdu_list'
> >>>>>>libwap.a(wtls.o): In function `wtls_event_handle':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
> >>>>>>undefined
> >>>>>>reference to `clientkeyexchanges_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
> >>>>>>undefined
> >>>>>>reference to `certifcateverifys_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
> >>>>>>undefined
> >>>>>>reference to `changecipherspecs_are_identical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:406:
> >>>>>>undefined
> >>>>>>reference to `finishes_are_indentical'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_finished'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:314:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_userdata'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_finished'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
> >>>>>>undefined
> >>>>>>reference to `packet_contains_userdata'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_state-decl.h:514:
> >>>>>>undefined
> >>>>>>reference to `finishes_are_indentical'
> >>>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_dump':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1156: undefined
> >>>>>>reference
> >>>>>>to `pduName'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1159: undefined
> >>>>>>reference
> >>>>>>to `hsName'
> >>>>>>libwap.a(wtls_pdu.o): In function `wtls_payload_dump':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1128: undefined
> >>>>>>reference
> >>>>>>to `pduName'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1134: undefined
> >>>>>>reference
> >>>>>>to `alertName'
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1131: undefined
> >>>>>>reference
> >>>>>>to `hsName'
> >>>>>>libwap.a(wtls_pdu.o): In function `wtls_pdu_pack':
> >>>>>>/home/system/adm_rene/svn/pam/trunk/wap/wtls_pdu.c:1106: undefined
> >>>>>>reference
> >>>>>>to `wtls_encrypt'
> >>>>>>collect2: ld returned 1 exit status
> >>>>>>
> >>>>>>
> >>>>>>-----Original Message-----
> >>>>>>From: devel-bounces at kannel.org [mailto:devel-bounces at kannel.org] On
> >>>>>>Behalf
> >>>>>>Of Rene Kluwen
> >>>>>>Sent: Sunday, 12 September, 2010 14:35
> >>>>>>To: 'Nikos Balkanas'; 'Alexander Malysh'
> >>>>>>Cc: 'Kannel Devel'
> >>>>>>Subject: RE: wtls branch merged
> >>>>>>
> >>>>>>I get:
> >>>>>>
> >>>>>>Configuring WTLS support ...
> >>>>>>checking for WTLS library... openssl
> >>>>>>checking for RSA_new in -lcrypto... yes
> >>>>>>checking openssl/objects.h usability... yes
> >>>>>>checking openssl/objects.h presence... yes
> >>>>>>checking for openssl/objects.h... yes
> >>>>>>checking openssl/rc5.h usability... no
> >>>>>>checking openssl/rc5.h presence... no
> >>>>>>checking for openssl/rc5.h... no
> >>>>>>configure: WARNING: OpenSSL installation seems to lack RC5 algorithm!
> >>>>>>
> >>>>>>Is this bad?
> >>>>>>
> >>>>>>== Rene
> >>>>>>
> >>>>>>
> >>>>>>-----Original Message-----
> >>>>>>From: devel-bounces at kannel.org [mailto:devel-bounces at kannel.org] On
> >>>>>>Behalf
> >>>>>>Of Nikos Balkanas
> >>>>>>Sent: Sunday, 12 September, 2010 13:16
> >>>>>>To: Alexander Malysh
> >>>>>>Cc: Kannel Devel
> >>>>>>Subject: Re: wtls branch merged
> >>>>>>
> >>>>>>Hi,
> >>>>>>
> >>>>>>Reporting from Solaris 10.5 amd64, 64bit compilation.
> >>>>>>Configured --with-wtls=openssl
> >>>>>>
> >>>>>>1) Compilation: Clean. A couple of unrelated warnings fixed.
> >>>>>>Attaching
> >>>>>>patch.
> >>>>>>
> >>>>>>2) Emulators used:
> >>>>>>
> >>>>>>a) Openwave SDK 6.2.2 wap: no problems (connection tested)
> >>>>>>b) Nokia NMBS 4.0: no problems (connection & connectionless tested)
> >>>>>>
> >>>>>>Sites tested, following through links:
> >>>>>>
> >>>>>>http://wap.google.com
> >>>>>>http://wap.yahoo.com
> >>>>>>http://m.facebook
> >>>>>>
> >>>>>>Only facebook had a warning with nokia's emulator (b) about
> >>>>>>unsupported
> >>>>>>content. This was not observed with Openwave (a) and in any
> >>case it >>>>is
> >>>>>>related to wap, not wtls. The same happens in plain wtp
> >>>>>>communication.
> >>>>>>
> >>>>>>Overall a succesful merge.
> >>>>>>
> >>>>>>Thanks,
> >>>>>>Nikos
> >>>>>>----- Original Message -----
> >>>>>>From: "Alexander Malysh" <amalysh at kannel.org>
> >>>>>>To: "Kannel Devel" <devel at kannel.org>
> >>>>>>Cc: "Nikos Balkanas" <nbalkanas at gmail.com>
> >>>>>>Sent: Sunday, September 12, 2010 1:04 PM
> >>>>>>Subject: wtls branch merged
> >>>>>>
> >>>>>>
> >>>>>>>Hi together,
> >>>>>>>
> >>>>>>>just merged and commited wtls branch into trunk.
> >>>>>>>Please check it and let me know if something went wrong.
> >>>>>>>
> >>>>>>>Thanks,
> >>>>>>>Alexander Malysh
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >
> >-- 
> >Kind regards,  Milan
> >--------------------------------------------------
> >Arvanta, IT Security        http://www.arvanta.net
> >Please do not send me e-mail containing HTML code.
> >
> 

-- 
Kind regards,  Milan
--------------------------------------------------
Arvanta, IT Security        http://www.arvanta.net
Please do not send me e-mail containing HTML code.



More information about the devel mailing list