[openssl-users] Doubt regarding ExtendedMasterSecret

Mon May 8 07:48:56 UTC 2017

On 07/05/17 19:10, Stiju Easo wrote:
> On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 30/04/17 19:51, Stiju Easo wrote:
>     > Hi ,
>     >
>     >    I got the answer to this, and now the question looks bit stupid.
>     >    Generation of master key is different in case of "Extended Master
>     > Secret" ,
>     >
>     >    I still have a doubt, what would be the contents in   SSL*
>     > s->s3->handshake_buffer?
>     >    I need to manually set this for my tool, i assume it holds both
>     > client and server handshakes, am i right?
>     >
>     >
>     >    if i am right , in openssl , i just need to populate
>     > s3->handshake_buffer and set  flags to  s->session->flags &
>     > SSL_SESS_FLAG_EXTMS.
>     >    only unknown thing i have is  s3->handshake_buffer , what value to
>     > copy there.
> 
>     handshake_buffer is a mem BIO that contains a copy of all the handshake
>     messages sent and received so far - but only sometimes. Dependant on how
>     the handshake proceeds sometimes this buffer stays active for a while.
>     Other times it gets released early and instead we keep a rolling hash of
>     the handshake messages.
> 
> 
> as per my understanding, if I set Handshake_buffer with all
> SSL3_RT_HANDSHAKE, it should work, right?
> I had gone through RFC's regarding this,  there is no clear statement
> regarding what is included.
> I assume everything from CLIENT HELLO to FINISHED.

Yeah, that should probably work, although most likely you would be
keeping it beyond the point that is necessary. Typically the
handshake_buffer gets freed mid-handshake when we no longer need it (and
we swap to a rolling hash instead). You'd have to read the code to
understand the precise details of that. I'm not sure if there would be
ill effects to having it set up longer than necessary. Either way, you
are "voiding your warranty" by playing around with this stuff.

Matt

> 
> I had verified implementation in Wireshark, they generate
> Extended master secret by hashing all handshakes. 
> 
> 
>     The problem is your code is reaching right into the internals of libssl
>     and playing around with the internal state. In OpenSSL 1.1.0 you will be
>     unable to do that (the SSL struct is opaque).
> 
> 
> This is hurting me, right now.
>  
> 
> 
>     Matt
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
> 
> -- 
> 
>                                                                        
>               Stiju Easo
> 
>   
>  The unexamined life is not worth living for man.
>       Socrates, in Plato, Dialogues, Apology
>       Greek philosopher in Athens (469 BC - 399 BC)
> 
> 
> 