Re: Regarding construction of MasterSecret in ssl v3 handshake

Thu, 13 Dec 2007 08:01:53 -0800 

Suchindra Chandrahas wrote:
> Hi Jimmy,
>                      RFC-2246 is for TLS v1. However, i am going for SSL
> v3. I don't know whether there is any function for the same. I went
> through ssl3_enc.c in openssl code:
> 

ssl3_generate_master_secret() is the equivalent one for ssl3. Although
it takes some of the needed parameters from the SSL structure passed to
it; so you can't use it the same way as tls1_PRF(). But you could use
the code as reference for your PRF code.

> int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned
> char *p,
>              int len)
>         {
>         static const unsigned char *salt[3]={
> #ifndef CHARSET_EBCDIC
>                 (const unsigned char *)"A",
>                 (const unsigned char *)"BB",
>                 (const unsigned char *)"CCC",
> #else
>                 (const unsigned char *)"\x41",
>                 (const unsigned char *)"\x42\x42",
>                 (const unsigned char *)"\x43\x43\x43",
> #endif
>                 };
>         unsigned char buf[EVP_MAX_MD_SIZE];
>         EVP_MD_CTX ctx;
>         int i,ret=0;
>         unsigned int n;
> 
>         EVP_MD_CTX_init(&ctx);
>         for (i=0; i<3; i++)
>                 {
>                 EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
>                 EVP_DigestUpdate(&ctx,salt[i],strlen((const char
> *)salt[i]));
>                 EVP_DigestUpdate(&ctx,p,len);
>                 EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
>                         SSL3_RANDOM_SIZE);
>                 EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
>                         SSL3_RANDOM_SIZE);
>                 EVP_DigestFinal_ex(&ctx,buf,&n);
> 
>                 EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
>                 EVP_DigestUpdate(&ctx,p,len);
>                 EVP_DigestUpdate(&ctx,buf,n);
>                 EVP_DigestFinal_ex(&ctx,out,&n);
>                 out+=n;
>                 ret+=n;
>                 }
>         EVP_MD_CTX_cleanup(&ctx);
>         return(ret);
>         }
> 
> 
> I guess *p above is pointer to premaster secret. I am doing the same
> thing here, only that EVP_Digest_Update is replaced
> MD5_Update/SHA_Update. I am not still sure whether my algorithm is
> correct or not!
> 

you can call the specific _Update functions; provided you don't forget
to also call the corresponding _Init function.

-jb
-- 
Don't have a sig to call my own; care to donate a fortune?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to