RE: Generation of the Finished message

Marek Marcola Sun, 09 Dec 2007 16:41:57 -0800

Hello,
> Your description seems like on Certificate Verify message?
> I was talking about Finished message.
Finished message is build with two hashes:


dgst1=md1(hs_msgs+label+master_secret+48*0x36)
dgst1=md1(master_secret+48*0x5c+dgst1)

dgst2=md2(hs_msgs+label+master_secret+40*0x36)
dgst2=md2(master_secret+40*0x5c+dgst2)

where md1=MD5 (for RSA) and md2=SHA1 (for RSA and DSA)
label="CLNT" for client, label="SRVR" for server.

This two digests is then encrypted with negotiated symmetric algorithm
(with padding for block ciphers) and sent to peer.
Peer decrypts SSL packet, calculates your own digests and compares
(peer drops connection if digests differs). 

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

RE: Generation of the Finished message

Reply via email to