Hi Andy, 4347, section 4.2.6 "However, in order to remove sensitivity to fragmentation, the Finished MAC MUST be computed as if each handshake message had been send as a single fragment."
My interpretation is that you re-assemble all fragments and fix the handshake header as if it is a single fragment before MAC calculation. (ie. with frag_len = len, frag_offset = 0) Thanks, Alex. On 9/26/07, Andy Polyakov <[EMAIL PROTECTED]> wrote: > > > 4) Handshake "headers" are omitted in the signature computation in > > both CertificateVerify and Finished messages. > > (RFC 4347 does not clearly state what is to be included. However, > > according to the TLS v1.1 (RFC 4346), it shall be the complete handshake > > message, starting from Handshake.msg_type. However, OpenSSL starts at > > Handshake.body) > > 4347 specifies that signature computation must be insensitive to > fragmentation. Handshake header is not same as in TLS and payload is > therefore natural choice for such invariant. Would you suggest to hash > fictitious header with message type and length? Have you asked for > comment on this elsewhere? A. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] >
