Thanks Merek. Will start working on this. Any docs that might have implementations of this in some code snippet forms, because i am not so well versed with MD5/Crypto libraries ?
Thanks and Regards, Suchindra Chandrahas Marek Marcola <[EMAIL PROTECTED]> wrote: Hello, > I have been able to complete handshake till > client_finished message. However, i am a little confused in > client_finished message. Here is what i understand: > > client finished message as given in RFC draft, is: > > > > enum { client(0x434C4E54), server(0x53525652) } Sender; > > struct { > opaque md5_hash[16]; > opaque sha_hash[20]; > } Finished; > > md5_hash MD5(master_secret + pad2 + > MD5(handshake_messages + Sender + > master_secret + pad1)); > sha_hash SHA(master_secret + pad2 + > SHA(handshake_messages + Sender + > master_secret + pad1)); > > handshake_messages All of the data from all handshake messages > up to but not including this message. This > > is only data visible at the handshake layer > and does not include record layer headers. > > > > However, i am not able to understand what they mean by handshake_messages > > Is it: > > client_random_number sent in client_hello message [28] + > server_random_number received in server_hello_message [28] + > client_random_number sent in client_key_exchange [48 bits] > ??? No, it is FULL handshake packets data, without SSL Record header and without ChangeCipherSpec packet (which is not handshake packet). > Also, to form a md5 hash, shall i use: > > > > MD5_CTX ctx; > MD5_Init(&ctx); > > and repeat > MD5_Update(&ctx,,length of handshake_messages); > > till i exhaust all messages Yes. > Is PRF function in TLS easier than this, because, i read somewhere > that, in TLS, we have: > > master secret = PRF(server random number, client random number, pre > master secret) > > key_material = PRF(master secret, client random number, server random > number) TLS PRF uses standard HMAC while SSL3 uses some special algorithm. But you must implement PRF (witch looks similar to SSL3 method). Best regards, -- Marek Marcola ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] --------------------------------- Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more!