[openssl-users] Extracting decrypt key for AES from openssl on client side

Viktor Dukhovni openssl-users at dukhovni.org
Thu Nov 15 15:17:52 UTC 2018

> On Nov 15, 2018, at 9:30 AM, Short, Todd via openssl-users <openssl-users at openssl.org> wrote:
> I have seen this done for hardware acceleration; where the crypto chip can do everything except the handshake.
> (In fact, this mechanism protected at least one device that I know of from the Heartbleed debacle, since the hardware crypto did not understand the record type.)
> Look at how the kernel handles TLS, and how the keys are extracted from OpenSSL:
> https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt
> https://github.com/openssl/openssl/pull/5253

Well, it takes more than just extracting a key.  One also needs to know
the cipher mode, and if not AEAD then the MAC algorithm and whether the
EtM extension has been negotiated, and with TLS 1.3 be prepared to
process keyUpdate messages, post handshake session tickets, ...


More information about the openssl-users mailing list