> -----Original Message----- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Dave Thompson > Sent: Thursday, August 23, 2012 2:31 AM > To: openssl-users@openssl.org > Subject: RE: About the encrypted premaster length. > > > From: owner-openssl-us...@openssl.org On Behalf Of Tayade, Nilesh > > Sent: Wednesday, 22 August, 2012 16:13 > [...] > Only for RSA key-exchange (which is the most commonly used). > For DH* and ECDH* suites ClientKeyExchange is quite different. > (Not to mention Kerberos or PreShared.) [...] > > If I am correct, the length depends upon the RSA key size > > (128bytes for 1024bit key). Is there some way to know before > > hand if the RSA key being used is 1024bits or different (some > > information in certificates etc.)? So that based on that I > > could look for the encrypted premaster length. > > > Yes, an RSA EncryptedPremaster value is the same size as the > server's RSA public key, in and taken from the server's cert. > (Or to be exact, the same size as the modulus in the key; > the public key as distributed contains some additional data, > usually only a little, and thus is slightly larger.) > > But you don't need to "look for" the length of this value. > It is encoded as a vector in SSL/TLS, which means it has a > length prefix right in the protocol message. See 4.7 and 4.3 > in RFC5246 (likely the same earlier, but I didn't re-check). > And it's the only field in the (CKE) message which has a length > header, and typically that message is the only message in the > (handshake) record which as a length header.
Thanks, yes the initial bytes denote the length. I have another basic question. Does the size of decrypted premaster always remain 48bytes (irrespective of encrypted premaster is 128bytes or 256bytes)? I tried decrypting the encrypted_premaster as RSA_private_decrypt(length, encrypte_premaster, decrypted_premaster, rsa, RSA_PKCS1_PADDING) and it resulted into 48bytes decrypted premaster even for the length = 128bytes. -- Thanks, Nilesh ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
