Doubt regarding ExtendedMasterSecret

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Doubt regarding ExtendedMasterSecret

Stiju Easo
Hi,


   I had a tool similar to SSLDump , which could decrypt SSL traffic (like Man in Middle).
   for this, I used to copy needed data to SSL* and used to call tls1_enc/ssl3_enc  to decrypt data.
   Everything used to work fine extended master secret came up in SSL header, 
   even if it has empty value (just the place holder) as in pic attached.
Inline image 1
   the SSL decryption failed, with -1 error from tls1_enc
        "-1: if the record's padding/AEAD-authenticator is invalid or, if sending,
         an internal error occurred."
   on further debugging failure happens in EVP_Cipher().
    
   I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior. 
   
   the doubt I have is 
   1) if I have Extended Master Secret Extention type (with value 0)  in my data,  should I need to set something to SSL context so that.
   2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value appearing in ExtendedMasterSecret?  I just want to ignore wat ever appearing in the header as of now. for this will 1.0.2 will do, given I resolve item (1)


--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt regarding ExtendedMasterSecret

Stiju Easo
Hi ,

   I got the answer to this, and now the question looks bit stupid.
   Generation of master key is different in case of "Extended Master Secret" ,
   
   I still have a doubt, what would be the contents in   SSL* s->s3->handshake_buffer?
   I need to manually set this for my tool, i assume it holds both client and server handshakes, am i right?


   if i am right , in openssl , i just need to populate s3->handshake_buffer and set  flags to  s->session->flags & SSL_SESS_FLAG_EXTMS.
   only unknown thing i have is  s3->handshake_buffer , what value to copy there.

  
Regards
Stiju

   
   
   

On Fri, Apr 28, 2017 at 10:35 PM, Stiju Easo <[hidden email]> wrote:
Hi,


   I had a tool similar to SSLDump , which could decrypt SSL traffic (like Man in Middle).
   for this, I used to copy needed data to SSL* and used to call tls1_enc/ssl3_enc  to decrypt data.
   Everything used to work fine extended master secret came up in SSL header, 
   even if it has empty value (just the place holder) as in pic attached.
Inline image 1
   the SSL decryption failed, with -1 error from tls1_enc
        "-1: if the record's padding/AEAD-authenticator is invalid or, if sending,
         an internal error occurred."
   on further debugging failure happens in EVP_Cipher().
    
   I tried OpenSSL1.1 and OpenSSL1.0.2, both has the same behavior. 
   
   the doubt I have is 
   1) if I have Extended Master Secret Extention type (with value 0)  in my data,  should I need to set something to SSL context so that.
   2) Is it necessary to use OpenSSL 1.1.0, if I don't intend to use value appearing in ExtendedMasterSecret?  I just want to ignore wat ever appearing in the header as of now. for this will 1.0.2 will do, given I resolve item (1)


--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)




--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt regarding ExtendedMasterSecret

Matt Caswell-2


On 30/04/17 19:51, Stiju Easo wrote:

> Hi ,
>
>    I got the answer to this, and now the question looks bit stupid.
>    Generation of master key is different in case of "Extended Master
> Secret" ,
>    
>    I still have a doubt, what would be the contents in   SSL*
> s->s3->handshake_buffer?
>    I need to manually set this for my tool, i assume it holds both
> client and server handshakes, am i right?
>
>
>    if i am right , in openssl , i just need to populate
> s3->handshake_buffer and set  flags to  s->session->flags &
> SSL_SESS_FLAG_EXTMS.
>    only unknown thing i have is  s3->handshake_buffer , what value to
> copy there.

handshake_buffer is a mem BIO that contains a copy of all the handshake
messages sent and received so far - but only sometimes. Dependant on how
the handshake proceeds sometimes this buffer stays active for a while.
Other times it gets released early and instead we keep a rolling hash of
the handshake messages.

The problem is your code is reaching right into the internals of libssl
and playing around with the internal state. In OpenSSL 1.1.0 you will be
unable to do that (the SSL struct is opaque).

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt regarding ExtendedMasterSecret

Stiju Easo






On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <[hidden email]> wrote:


On 30/04/17 19:51, Stiju Easo wrote:
> Hi ,
>
>    I got the answer to this, and now the question looks bit stupid.
>    Generation of master key is different in case of "Extended Master
> Secret" ,
>
>    I still have a doubt, what would be the contents in   SSL*
> s->s3->handshake_buffer?
>    I need to manually set this for my tool, i assume it holds both
> client and server handshakes, am i right?
>
>
>    if i am right , in openssl , i just need to populate
> s3->handshake_buffer and set  flags to  s->session->flags &
> SSL_SESS_FLAG_EXTMS.
>    only unknown thing i have is  s3->handshake_buffer , what value to
> copy there.

handshake_buffer is a mem BIO that contains a copy of all the handshake
messages sent and received so far - but only sometimes. Dependant on how
the handshake proceeds sometimes this buffer stays active for a while.
Other times it gets released early and instead we keep a rolling hash of
the handshake messages.

as per my understanding, if I set Handshake_buffer with all SSL3_RT_HANDSHAKE, it should work, right?
I had gone through RFC's regarding this,  there is no clear statement regarding what is included.
I assume everything from CLIENT HELLO to FINISHED.

I had verified implementation in Wireshark, they generate Extended master secret by hashing all handshakes. 

The problem is your code is reaching right into the internals of libssl
and playing around with the internal state. In OpenSSL 1.1.0 you will be
unable to do that (the SSL struct is opaque).

This is hurting me, right now.
 

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--

                                                                                      Stiju Easo

  
 The unexamined life is not worth living for man.
      Socrates, in Plato, Dialogues, Apology
      Greek philosopher in Athens (469 BC - 399 BC)


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Doubt regarding ExtendedMasterSecret

Matt Caswell-2


On 07/05/17 19:10, Stiju Easo wrote:

> On Tue, May 2, 2017 at 2:10 PM, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>
>     On 30/04/17 19:51, Stiju Easo wrote:
>     > Hi ,
>     >
>     >    I got the answer to this, and now the question looks bit stupid.
>     >    Generation of master key is different in case of "Extended Master
>     > Secret" ,
>     >
>     >    I still have a doubt, what would be the contents in   SSL*
>     > s->s3->handshake_buffer?
>     >    I need to manually set this for my tool, i assume it holds both
>     > client and server handshakes, am i right?
>     >
>     >
>     >    if i am right , in openssl , i just need to populate
>     > s3->handshake_buffer and set  flags to  s->session->flags &
>     > SSL_SESS_FLAG_EXTMS.
>     >    only unknown thing i have is  s3->handshake_buffer , what value to
>     > copy there.
>
>     handshake_buffer is a mem BIO that contains a copy of all the handshake
>     messages sent and received so far - but only sometimes. Dependant on how
>     the handshake proceeds sometimes this buffer stays active for a while.
>     Other times it gets released early and instead we keep a rolling hash of
>     the handshake messages.
>
>
> as per my understanding, if I set Handshake_buffer with all
> SSL3_RT_HANDSHAKE, it should work, right?
> I had gone through RFC's regarding this,  there is no clear statement
> regarding what is included.
> I assume everything from CLIENT HELLO to FINISHED.

Yeah, that should probably work, although most likely you would be
keeping it beyond the point that is necessary. Typically the
handshake_buffer gets freed mid-handshake when we no longer need it (and
we swap to a rolling hash instead). You'd have to read the code to
understand the precise details of that. I'm not sure if there would be
ill effects to having it set up longer than necessary. Either way, you
are "voiding your warranty" by playing around with this stuff.

Matt


>
> I had verified implementation in Wireshark, they generate
> Extended master secret by hashing all handshakes.
>
>
>     The problem is your code is reaching right into the internals of libssl
>     and playing around with the internal state. In OpenSSL 1.1.0 you will be
>     unable to do that (the SSL struct is opaque).
>
>
> This is hurting me, right now.
>  
>
>
>     Matt
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
>
>
>
>
> --
>
>                                                                        
>               Stiju Easo
>
>  
>  The unexamined life is not worth living for man.
>       Socrates, in Plato, Dialogues, Apology
>       Greek philosopher in Athens (469 BC - 399 BC)
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users