[openssl-users] How to form a proper hash after writing somethinginto SSL handshake.
Marty G
martygalyean at gmail.com
Fri Dec 29 14:00:00 UTC 2017
For the same reason one doesn't wear a halloween costume to a technical
meeting, Comic Sans is looked down upon when used outside comics and
day-care centers. It is considered a snub to use it in non-trivial
settings.
Much as lifting up your middle finger has no inherent meaning per se,
but once one realizes that it definitely has meaning to others and one
lifts one's middle finger to others anyway, it can only be assumed that
one has intended to send the message others have assigned to it. So,
for whatever vague societal reasons, comic sans has become equivalent to
wearing a speedo to a formal wedding, giggling hysterically during one's
performance review, or skipping around the track in a tu-tu and
clownface during the 440 meter track event at the Olympics. Those are
the breaks! Sorry for your loss of a connotation free comic sans. I
feel your pain. Herd dynamics can be brutal and bleak.
http://knowyourmeme.com/memes/comic-sans
"...While adequate for certain industry sectors like childcare and
entertainment, its usage in business or professional settings has been
criticized by many aesthetic-conscious Internet users, who say Comic
Sans conveys silliness and irreverence that is hardly suitable for
serious matters....:
On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:
>
> Why? What is the problem with Comic Sans. I like it!
>
> You can say more if you have something useful.
>
> Thanks
>
> Saiteja.
>
> *From: *Michael Sierchio <mailto:kudzu at tenebras.com>
> *Sent: *Friday, December 29, 2017 10:38 AM
> *To: *openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> *Subject: *Re: [openssl-users] How to form a proper hash after writing
> somethinginto SSL handshake.
>
> Comic Sans. Need I say more?
>
> On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary
> <asteja.chowdary.ece13 at itbhu.ac.in
> <mailto:asteja.chowdary.ece13 at itbhu.ac.in>> wrote:
>
> Hi,
>
> Happy Holidays everyone.
>
> I want to send client certificate, client key exchange and client
> verify in a single handshake message which appears as multiple
> handshake messages in a single record. But to sent the client
> verify I need to first make a hash of previous messages(client
> certificate and client key exchange) to create the signature.
>
> Can anyone help me to find the function in OpenSSL 1.1.1-dev xx
> XXX xxxx (or right procedure that needs to be done before creating
> a certificate verify message)that can do a proper
> transcript(digest or hash not clear). I tried using
> *ssl3_finish_mac() *on the message containing client certificate
> and client key exchange and then tried to generate the signature
> in certificate verify message.
>
> But it is giving me a digest error. I am new to the mailing list
> want a bit of help to proceed forward stuck here. Please reply in
> case if anything is not clear.
>
> Here is a code snippet, how I am forming the data containing all
> client certificate , client key exchange and certificate verify
> messages inside write_state_machine().
>
> if(WPACKET_init(&pkt, s->init_buf)){
>
> //Client certificate formation
>
> if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
> !confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){
>
> printf("PROBLEM\n");
>
> }
>
> transition(s); //transition to next state i.e client
> key exchange
>
> get_construct_message_f(s, &pkt, &confunc, &mt);
>
> //client key exchange formation
>
> if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
> !confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){
>
> printf("AGAIN A PROBLEMO\n");
>
> }
>
> //ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
>
> st->write_state_work = post_work(s, st->write_state_work);
>
> transition(s); // transition to next state i.e
> certificate verify
>
> get_construct_message_f(s, &pkt, &confunc, &mt);
>
> //certificate verify message formation.
>
> if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL &&
> !confunc(s,&pkt) || !ssl_close_construct_packet(s,&pkt,mt)){
>
> printf("AGAIN A PROBLEMO\n");
>
> }
>
> WPACKET_finish(&pkt);
>
> Please take a look at it, appreciate every bit of help.
>
> Regards,
>
> Saiteja
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
>
> --
>
> "Well," Brahma said, "even after ten thousand explanations, a fool is
> no wiser, but an intelligent person requires only two thousand five
> hundred."
>
>
> - The Mahābhārata
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171229/fac803bd/attachment-0001.html>
More information about the openssl-users
mailing list