Hi All,
Just went through this in openssl source in s3_enc.c:
static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
const char *sender, int len, unsigned char *p)
{
unsigned int ret;
int npad,n;
unsigned int i;
unsigned char md_buf[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_copy_ex(&ctx,in_ctx);
n=EVP_MD_CTX_size(&ctx);
npad=(48/n)*n;
if (sender != NULL)
EVP_DigestUpdate(&ctx,sender,len);
EVP_DigestUpdate(&ctx,s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
EVP_DigestFinal_ex(&ctx,md_buf,&i);
EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
EVP_DigestUpdate(&ctx,s->session->master_key,
s->session->master_key_length);
EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
EVP_DigestUpdate(&ctx,md_buf,i);
EVP_DigestFinal_ex(&ctx,p,&ret);
EVP_MD_CTX_cleanup(&ctx);
This seems to be the function for generating the final md5 and sha hashes for
client_finished messages. However, i am not able to find the handshake messages
in the above EVP_DigestUpdates. But in RFC, the handshake messages are needed
it says. Am i missing something here, or is this fine for an MD5 or SHA hash to
be sent in client_finished message? Please let me know if i am wrong!!!
Thanks and Regards,
Suchindra Chandrahas
---------------------------------
Never miss a thing. Make Yahoo your homepage.
