[openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

Sai Teja Chowdary asteja.chowdary.ece13 at itbhu.ac.in
Fri Dec 29 13:14:24 UTC 2017


Why? What is the problem with Comic Sans. I like it!

You can say more if you have something useful.

Thanks

Saiteja.

From: Michael Sierchio
Sent: Friday, December 29, 2017 10:38 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.


Comic Sans. Need I say more?

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <asteja.chowdary.ece13 at itbhu.ac.in> wrote:
 
Hi,
 
Happy Holidays everyone.
 
I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.
 
Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.
But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.
 
Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().
 
if(WPACKET_init(&pkt, s->init_buf)){
//Client certificate formation
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){
                  printf("PROBLEM\n");
                }
             transition(s);  //transition to next state i.e client key exchange
 
             get_construct_message_f(s, &pkt, &confunc, &mt);
//client key exchange formation
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){
                   printf("AGAIN A PROBLEMO\n");
                }
 
//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
             st->write_state_work = post_work(s, st->write_state_work);
             transition(s);  // transition to next state i.e  certificate verify
 
             get_construct_message_f(s, &pkt, &confunc, &mt);
//certificate verify message formation.
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){
                   printf("AGAIN A PROBLEMO\n");
                }
             WPACKET_finish(&pkt);
 
 
Please take a look at it, appreciate every bit of help.
 
Regards,
Saiteja
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




-- 
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171229/0492a6f2/attachment.html>


More information about the openssl-users mailing list