OpenSSL : Premaster Secret

 

root@ubuntu-vbox:/home/hdknr/openssl-0.9.8g# find . -name "*" -exec grep -H secret {} \; | grep premaster

grep: ./debian/openssl/usr/share/doc/openssl/copyright: No such file or directory
grep: ./debian/openssl/usr/share/doc/openssl/changelog.gz: No such file or directory
grep: ./debian/openssl/usr/share/doc/openssl/changelog.Debian.gz: No such file or directory
grep: ./debian/libssl-dev/usr/share/doc/libssl-dev/copyright: No such file or directory
grep: ./debian/libssl-dev/usr/share/doc/libssl-dev/changelog.gz: No such file or directory
grep: ./debian/libssl-dev/usr/share/doc/libssl-dev/changelog.Debian.gz: No such file or directory
grep: ./debian/libssl-dev/usr/lib/libcrypto.so: No such file or directory
grep: ./debian/libssl-dev/usr/lib/libssl.so: No such file or directory
./debian/libssl-dev/usr/include/openssl/ssl.h: * as latest version supported in the premaster secret, even when TLSv1.0
grep: ./debian/tmp/usr/lib/i686/cmov/libcrypto.so: No such file or directory
grep: ./debian/tmp/usr/lib/i686/cmov/libssl.so: No such file or directory
grep: ./debian/tmp/usr/lib/i586/libcrypto.so: No such file or directory
grep: ./debian/tmp/usr/lib/i586/libssl.so: No such file or directory
grep: ./debian/tmp/usr/lib/i486/libcrypto.so: No such file or directory
grep: ./debian/tmp/usr/lib/i486/libssl.so: No such file or directory
./NEWS:      o Security fix: Zero the premaster secret after deriving the
./CHANGES:     used as premaster secret.
./CHANGES:     3. The master secret is derived using the premaster secret (48 bytes in
./CHANGES:  *) Zero the premaster secret after deriving the master secret in
./ssl/s3_srvr.c:                        /* The premaster secret must contain the same version number as the
./ssl/s3_srvr.c:                    /* The premaster secret must contain the same version number as the
./ssl/ssl.h: * as latest version supported in the premaster secret, even when TLSv1.0
./include/openssl/ssl.h: * as latest version supported in the premaster secret, even when TLSv1.0

root@ubuntu-vbox:/home/hdknr/openssl-0.9.8g# vi CHANGES

*) Use (SSL_RANDOM_VALUE – 4) bytes of pseudo random data when generating
   server and client random values. Previously
   (SSL_RANDOM_VALUE – sizeof(time_t)) would be used which would result in
   less random data when sizeof(time_t) > 4 (some 64 bit platforms).

   This change has negligible security impact because:

   1. Server and client random values still have 24 bytes of pseudo random
      data.

   2. Server and client random values are sent in the clear in the initial
      handshake.

  3. The master secret is derived using the premaster secret (48 bytes in
      size for static RSA ciphersuites) as well as client server and random
      values.

カテゴリー: 未分類 パーマリンク

コメントを残す

以下に詳細を記入するか、アイコンをクリックしてログインしてください。

WordPress.com ロゴ

WordPress.com アカウントを使ってコメントしています。 ログアウト / 変更 )

Twitter 画像

Twitter アカウントを使ってコメントしています。 ログアウト / 変更 )

Facebook の写真

Facebook アカウントを使ってコメントしています。 ログアウト / 変更 )

Google+ フォト

Google+ アカウントを使ってコメントしています。 ログアウト / 変更 )

%s と連携中