[openssl-users] Doubt regarding ExtendedMasterSecret
Stiju Easo
stiju.easo at gmail.com
Sun May 7 18:10:19 UTC 2017
On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 30/04/17 19:51, Stiju Easo wrote:
> > Hi ,
> >
> > I got the answer to this, and now the question looks bit stupid.
> > Generation of master key is different in case of "Extended Master
> > Secret" ,
> >
> > I still have a doubt, what would be the contents in SSL*
> > s->s3->handshake_buffer?
> > I need to manually set this for my tool, i assume it holds both
> > client and server handshakes, am i right?
> >
> >
> > if i am right , in openssl , i just need to populate
> > s3->handshake_buffer and set flags to s->session->flags &
> > SSL_SESS_FLAG_EXTMS.
> > only unknown thing i have is s3->handshake_buffer , what value to
> > copy there.
>
> handshake_buffer is a mem BIO that contains a copy of all the handshake
> messages sent and received so far - but only sometimes. Dependant on how
> the handshake proceeds sometimes this buffer stays active for a while.
> Other times it gets released early and instead we keep a rolling hash of
> the handshake messages.
>
as per my understanding, if I set Handshake_buffer with all
SSL3_RT_HANDSHAKE, it should work, right?
I had gone through RFC's regarding this, there is no clear statement
regarding what is included.
I assume everything from CLIENT HELLO to FINISHED.
I had verified implementation in Wireshark, they generate Extended master
secret by hashing all handshakes.
>
> The problem is your code is reaching right into the internals of libssl
> and playing around with the internal state. In OpenSSL 1.1.0 you will be
> unable to do that (the SSL struct is opaque).
>
This is hurting me, right now.
>
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
--
Stiju Easo
The unexamined life is not worth living for man.
Socrates, in Plato, Dialogues, Apology
Greek philosopher in Athens (469 BC - 399 BC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170507/822ca210/attachment.html>
More information about the openssl-users
mailing list