[openssl-users] Doubt regarding ExtendedMasterSecret
stiju.easo at gmail.com
Sun May 7 18:10:19 UTC 2017
On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <matt at openssl.org> wrote:
> On 30/04/17 19:51, Stiju Easo wrote:
> > Hi ,
> > I got the answer to this, and now the question looks bit stupid.
> > Generation of master key is different in case of "Extended Master
> > Secret" ,
> > I still have a doubt, what would be the contents in SSL*
> > s->s3->handshake_buffer?
> > I need to manually set this for my tool, i assume it holds both
> > client and server handshakes, am i right?
> > if i am right , in openssl , i just need to populate
> > s3->handshake_buffer and set flags to s->session->flags &
> > SSL_SESS_FLAG_EXTMS.
> > only unknown thing i have is s3->handshake_buffer , what value to
> > copy there.
> handshake_buffer is a mem BIO that contains a copy of all the handshake
> messages sent and received so far - but only sometimes. Dependant on how
> the handshake proceeds sometimes this buffer stays active for a while.
> Other times it gets released early and instead we keep a rolling hash of
> the handshake messages.
as per my understanding, if I set Handshake_buffer with all
SSL3_RT_HANDSHAKE, it should work, right?
I had gone through RFC's regarding this, there is no clear statement
regarding what is included.
I assume everything from CLIENT HELLO to FINISHED.
I had verified implementation in Wireshark, they generate Extended master
secret by hashing all handshakes.
> The problem is your code is reaching right into the internals of libssl
> and playing around with the internal state. In OpenSSL 1.1.0 you will be
> unable to do that (the SSL struct is opaque).
This is hurting me, right now.
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users