<div dir="ltr"><br><div><span style="font-size:12.8px"><br></span></div><div><br></div><div><div><span style="font-size:12.8px"><br></span></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><span style="font-size:12.8px"><br></span></div></blockquote></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-"><br>
<br>
On 30/04/17 19:51, Stiju Easo wrote:<br>
> Hi ,<br>
><br>
> I got the answer to this, and now the question looks bit stupid.<br>
> Generation of master key is different in case of "Extended Master<br>
> Secret" ,<br>
><br>
> I still have a doubt, what would be the contents in SSL*<br>
> s->s3->handshake_buffer?<br>
> I need to manually set this for my tool, i assume it holds both<br>
> client and server handshakes, am i right?<br>
><br>
><br>
> if i am right , in openssl , i just need to populate<br>
> s3->handshake_buffer and set flags to s->session->flags &<br>
> SSL_SESS_FLAG_EXTMS.<br>
> only unknown thing i have is s3->handshake_buffer , what value to<br>
> copy there.<br>
<br>
</span>handshake_buffer is a mem BIO that contains a copy of all the handshake<br>
messages sent and received so far - but only sometimes. Dependant on how<br>
the handshake proceeds sometimes this buffer stays active for a while.<br>
Other times it gets released early and instead we keep a rolling hash of<br>
the handshake messages.<br></blockquote><div><br></div><div><span style="font-size:12.8px">as per my understanding, if </span>I<span style="font-size:12.8px"> set Handshake_buffer with all SSL3_RT_HANDSHAKE, it should work, right?</span></div><div><span style="font-size:12.8px">I had gone through RFC's regarding this, there is no clear statement regarding what is included.</span></div><div><span style="font-size:12.8px">I assume everything from CLIENT HELLO to FINISHED.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I had verified implementation in Wireshark, they generate Extended master secret by hashing all handshakes.</span> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
The problem is your code is reaching right into the internals of libssl<br>
and playing around with the internal state. In OpenSSL 1.1.0 you will be<br>
unable to do that (the SSL struct is opaque).<br></blockquote><div><br></div><div>This is hurting me, right now.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-HOEnZb"><font color="#888888"><br>
Matt<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><br> Stiju Easo<br><br> <br> The unexamined life is not worth living for man.<br> Socrates, in Plato, Dialogues, Apology<br> Greek philosopher in Athens (469 BC - 399 BC)<br><br></div>
</div></div>