On Wed, Jan 30, 2013 at 06:15:27PM +0000, Viktor Dukhovni wrote:
> If 96-bits is not enough, one needs to get at the master secret
> on both sides, and run that through a KDF together with client
> and server random plus a suitable application-specific salt.
>
> Does OpenSSL provide a public interface for getting at the master
> secret or otherwise generating application-specific derived keys?
If the OP does not mind potential future binary compatibility
issues, and is willing to use non-public interfaces, then
the master secret can be accessed via:
SSL *ssl;
/* ... */
SSL_SESSION *sess = SSL_get_session(ssl);
/* Internal interface */
int mlen = sess->master_key_length;
unsigned char *mkey = sess->master_key;
/* Internal interface + The handshake protocol MUST NOT be SSLv2 */
unsigned char *crand = ssl->s3->client_random; /* SSL3_RANDOM_SIZE */
unsigned char *srand = ssl->s3->server_random; /* SSL3_RANDOM_SIZE */
These are sufficient to generate a session unique key via a suitable KDF
salted with an application-specific string.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
