Re: Regarding openssl function ssl3_handshake_mac

Thu, 03 Jan 2008 05:22:23 -0800 

OK. So, this is after the rest of the calculations. OK understood!

Thanks !


Thanks and Regards,
Suchindra Chandrahas

Marek Marcola <[EMAIL PROTECTED]> wrote: 
On Thu, 2008-01-03 at 03:30 -0800, Suchindra Chandrahas wrote:
> Hi All,
>                Just went through this in openssl source in s3_enc.c:
> 
> static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
>              const char *sender, int len, unsigned char *p)
>         {
>         unsigned int ret;
>         int npad,n;
>         unsigned int i;
>         unsigned char md_buf[EVP_MAX_MD_SIZE];
>         EVP_MD_CTX ctx;
> 
>         EVP_MD_CTX_init(&ctx);
>         EVP_MD_CTX_copy_ex(&ctx,in_ctx);
> 
>         n=EVP_MD_CTX_size(&ctx);
>         npad=(48/n)*n;
> 
>         if (sender != NULL)
>                 EVP_DigestUpdate(&ctx,sender,len);
>         EVP_DigestUpdate(&ctx,s->session->master_key,
>                 s->session->master_key_length);
>         EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
>         EVP_DigestFinal_ex(&ctx,md_buf,&i);
> 
>         EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
>         EVP_DigestUpdate(&ctx,s->session->master_key,
>                 s->session->master_key_length);
>         EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
>         EVP_DigestUpdate(&ctx,md_buf,i);
>         EVP_DigestFinal_ex(&ctx,p,&ret);
> 
>         EVP_MD_CTX_cleanup(&ctx);
> 
> 
> This seems to be the function for generating the final md5 and sha
> hashes for client_finished messages. However, i am not able to find
> the handshake messages in the above EVP_DigestUpdates. But in RFC, the
> handshake messages are needed it says. Am i missing something here, or
> is this fine for an MD5 or SHA hash to be sent in client_finished
> message? Please let me know if i am wrong!!!
This function may be used to calculate client CertificateVerify hash and
client/server Finished hash (depending on function parameters) . Already
calculated hash of exchanged handshake packets is contained in in_ctx
structure.

Best regards,
-- 
Marek Marcola 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]


       
---------------------------------
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.

Reply via email to