Cryptography Reference
In-Depth Information
compatibility with other SSLv2 implementations. Because the specifi cation was
never formally accepted by the IETF, the versions that don't follow it to the letter
can't truly be said to be non-compliant; they had nothing to comply with.
Remember that the
ssl_connect
routine fi rst invokes
compute_keys
and then
send_client_master_key
:
compute_keys( parameters );
if ( send_client_master_key( connection, parameters ) == -1 )
{
return -1;
}
compute_keys
in Listing C-19 creates a master secret and then runs the MD5
digest algorithm on it to generate the encryption keys.
Listing C-19:
“ssl.c” compute_keys
static void compute_keys( SSLParameters *parameters )
{
int i;
digest_ctx md5_digest;
int key_material_len;
unsigned char *key_material, *key_material_ptr;
char counter = '0';
key_material_len = parameters->proposed_cipher_spec->key_size * 2;
key_material_ptr = key_material = malloc( key_material_len );
parameters->master_key = malloc(
parameters->proposed_cipher_spec->key_size );
for ( i = 0; i < parameters->proposed_cipher_spec->key_size; i++ )
{
// XXX should be random
parameters->master_key[ i ] = i;
}
// Technically wrong per the 1995 draft specification, but removed to
// maintain compatibility
#if 0
if ( key_material_len <= 16 )
{
counter = '\0'; // don't use the counter here
}
#endif
while ( key_material_len )
{
new_md5_digest( &md5_digest );
(Continued)
Search WWH ::
Custom Search