I use the following OpenSSL functions to verify the MACs of incoming TLS
messages:
HMAC_CTX_init()
HMAC_Init_ex()
HMAC_Update();
HMAC_Final();
HMAC_CTX_cleanup();
This works fine for most messages in an TLS stream, including handshakes,
alerts, and application data. It also works after repeated session
renegotiations (Hello Requests).
There are two main exceptions: the MAC of a ChangeCipherSpec (content type =
20) and SessionTicket (handshake type = 04) never computes correctly. I'm
stumped; if the code was wrong, it would not have worked for the thousands
of other TLS messages in the stream (before and after the ChangeCipherSpecs
and SessionTickets).
Is there something about ChangeCipherSpecs and SessionTickets that I should
be aware of when computing MACs?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
