Sam,
I will try this and incase have some questions then i will send an
email. Thanks.
- Harshvir
On Thu, Aug 19, 2010 at 10:02 AM, Sam Jantz <sjan...@gmail.com> wrote:
> Harchvir,
>
> I am working on a similar problem, and from all I've seen the
> information you are looking for is not stored in the context, but rather in
> the actual SSL_SESSION object. There is a function SSL_SESSION_print(BIO*
> bio, SSL_SESSION * ses), and SSL_SESSION_print_fp(FILE* fp, SSL_SESSION *
> ses). This will print out all of the session information including the
> Master Key, which is what you need to create the session secret keys. You
> can look at the source for these functions (one calls the other) in
> ssl_txt.c starting at line 90 (for Openssl version 1.0.0a at least). The
> SSL_SESSION is just a struct that can be access like normal, i.e.
> ses-><property>
>
> Linked here:
> http://www.rsa.com/products/bsafe/documentation/mesuite21html/dev_guide/structssl__session__st.html#mcert
> is
> a pretty good outline of what the struct has in it. It's not from Openssl,
> so there is no guarantee that it is accurate, but I've found it to be
> correct for what I need.
>
> As for actually generating the session secret keys, and doing the
> decryption, I am at a loss for this as well. I am working on it right now,
> and would love to hear of any ideas you, or anyone else reading this email,
> have. I know that you have to then take the master secret, and generate the
> 4 keys (client/server MAC, and client/server session key) and then the two
> initialization vectors in order from this using the pseudo random function
> along with the client random bits, and the server random bits.
> Unfortunately I do not know where to access these random bits from.
>
> For SSLv3 it looks like there is a function ssl3_generate_key_block(SSL
> *s, unsigned char *km, int num) that is in ssl/s3_enc.c at line 160 that
> will generate the keys for you given the right parameters, and then there is
> a TLS equivalent function called tls1_PRF() found int ssl/t1_enc.c at line
> 230. This one takes a lot more parameters, but does not require the SSL
> structure like the first one does. I hope that this helps, and please let
> me know if you find anything else, or successfully generate the keys.
>
> Happy to help,
>
> Sam
>
> On Thu, Aug 19, 2010 at 8:10 AM, Harshvir Sidhu <hvssi...@gmail.com>wrote:
>
>> Hi,
>> I am trying to get info from SSL_CTX created through TCP connection,
>> so that i can use that to encrypt/decrypt data and send through UDP. I am
>> trying to authenticate and share keys using SSL_Connect handshake method,
>> and then later extracting information from that CTX and encrypt data.
>> Any pointers for this will be great. Thanks.
>>
>> - Harshvir
>>
>>
>
>
>
> --
> Sam Jantz
> Software Engineer
>
>
