[openssl-users] How to form a proper hash after writing something into SSL handshake.

Michael Sierchio kudzu at tenebras.com
Fri Dec 29 05:07:53 UTC 2017


Comic Sans. Need I say more?

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <
asteja.chowdary.ece13 at itbhu.ac.in> wrote:

>
>
> Hi,
>
>
>
> Happy Holidays everyone.
>
>
>
> I want to send client certificate, client key exchange and client verify
> in a single handshake message which appears as multiple handshake messages
> in a single record. But to sent the client verify I need to first make a
> hash of previous messages(client certificate and client key exchange) to
> create the signature.
>
>
>
> Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx
> (or right procedure that needs to be done before creating a certificate
> verify message)that can do a proper transcript(digest or hash not clear). I
> tried using *ssl3_finish_mac() *on the message containing client
> certificate and client key exchange and then tried to generate the
> signature in certificate verify message.
>
> But it is giving me a digest error. I am new to the mailing list want a
> bit of help to proceed forward stuck here. Please reply in case if anything
> is not clear.
>
>
>
> Here is a code snippet, how I am forming the data containing all client
> certificate , client key exchange and certificate verify messages inside
> write_state_machine().
>
>
>
> if(WPACKET_init(&pkt, s->init_buf)){
>
> //Client certificate formation
>
>              if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL
> && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){
>
>                   printf("PROBLEM\n");
>
>                 }
>
>              transition(s);  //transition to next state i.e client key
> exchange
>
>
>
>              get_construct_message_f(s, &pkt, &confunc, &mt);
>
> //client key exchange formation
>
>              if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL
> && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){
>
>                    printf("AGAIN A PROBLEMO\n");
>
>                 }
>
>
>
> //ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
>
>              st->write_state_work = post_work(s, st->write_state_work);
>
>              transition(s);  // transition to next state i.e  certificate
> verify
>
>
>
>              get_construct_message_f(s, &pkt, &confunc, &mt);
>
> //certificate verify message formation.
>
>              if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL
> && !confunc(s,&pkt) ||
> !ssl_close_construct_packet(s,&pkt,mt)){
>
>                    printf("AGAIN A PROBLEMO\n");
>
>                 }
>
>              WPACKET_finish(&pkt);
>
>
>
>
>
> Please take a look at it, appreciate every bit of help.
>
>
>
> Regards,
>
> Saiteja
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>


-- 
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171228/3dcf099c/attachment.html>


More information about the openssl-users mailing list