Harchvir,
I am working on a similar problem, and from all I've seen the
information you are looking for is not stored in the context, but rather in
the actual SSL_SESSION object. There is a function SSL_SESSION_print(BIO*
bio, SSL_SESSION * ses), and SSL_SESSION_print_fp(FILE* fp, SSL_SESSION *
ses). This will print out all of the session information including the
Master Key, which is what you need to create the session secret keys. You
can look at the source for these functions (one calls the other) in
ssl_txt.c starting at line 90 (for Openssl version 1.0.0a at least). The
SSL_SESSION is just a struct that can be access like normal, i.e.
ses-><property>
Linked here:
http://www.rsa.com/products/bsafe/documentation/mesuite21html/dev_guide/structssl__session__st.html#mcert
is
a pretty good outline of what the struct has in it. It's not from Openssl,
so there is no guarantee that it is accurate, but I've found it to be
correct for what I need.
As for actually generating the session secret keys, and doing the
decryption, I am at a loss for this as well. I am working on it right now,
and would love to hear of any ideas you, or anyone else reading this email,
have. I know that you have to then take the master secret, and generate the
4 keys (client/server MAC, and client/server session key) and then the two
initialization vectors in order from this using the pseudo random function
along with the client random bits, and the server random bits.
Unfortunately I do not know where to access these random bits from.
For SSLv3 it looks like there is a function ssl3_generate_key_block(SSL *s,
unsigned char *km, int num) that is in ssl/s3_enc.c at line 160 that will
generate the keys for you given the right parameters, and then there is a
TLS equivalent function called tls1_PRF() found int ssl/t1_enc.c at line
230. This one takes a lot more parameters, but does not require the SSL
structure like the first one does. I hope that this helps, and please let
me know if you find anything else, or successfully generate the keys.
Happy to help,
Sam
On Thu, Aug 19, 2010 at 8:10 AM, Harshvir Sidhu <hvssi...@gmail.com> wrote:
> Hi,
> I am trying to get info from SSL_CTX created through TCP connection, so
> that i can use that to encrypt/decrypt data and send through UDP. I am
> trying to authenticate and share keys using SSL_Connect handshake method,
> and then later extracting information from that CTX and encrypt data.
> Any pointers for this will be great. Thanks.
>
> - Harshvir
>
>
--
Sam Jantz
Software Engineer
