1 (edited by gsojc234 2023-10-13 04:09:28)

Topic: Hash in Finished Message

Hello, I am currently working on implementing test cases of WolfSSL.

I've noticed a difference in the implementation of the SendFinished message in WolfSSL when compared to the RFC 5246 specification.

In RFC 5246, when constructing the Finished message, it specifies the calculation of the hash of the handshake messages. The definition of the handshake message is as follows:


This encompasses all data from all messages within this handshake (excluding any HelloRequest messages) up to, but not including, the current message. This data is exclusively relevant at the handshake layer and does not encompass record layer headers. It represents the concatenation of all the Handshake structures as defined in Section 7.4, which have been exchanged thus far.

However, in the WolfSSL implementation, it seems that the hash is computed only for the most recently sent or received message, without considering the hash of the concatenated handshake messages, as specified in RFC 5246.

Could you kindly provide some clarification on this implementation approach in WolfSSL and explain if it aligns with the RFC 5246 specification? If there are variations from the RFC, could you also shed light on the specific reasons for this implementation choice? Your insights would be greatly appreciated."


Re: Hash in Finished Message

Hello gsojc234,

wolfSSL is maintaining a rolling hash, which is updated after each message.  Even though you will only see the hash using the current message's data when we are constructing the Finished message, it is using the hash computed from previous messages.
In some cases, we keep handshake data until after Finished is sent to compute this hash.
For more information on how we are doing this, check out the functions HashInput, HashOutput and HashRaw in internal.c.



Re: Hash in Finished Message

Thank you for your assistance.

Your explanation has been incredibly helpful in clarifying the details.

I'll check out the functions HashInput, HashOutput, and HashRaw in internal.c.