[openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

Richard Levitte levitte at openssl.org
Fri Dec 29 17:34:14 UTC 2017 

Marty, you might want to consider that the values of western society
are hardly universal.  Comic Sans isn't as badly seen everywhere, and
there's no reason why western society biases should trump any other.

Also, I'd like to remind everyone that we have a code of conduct,
https://www.openssl.org/community/conduct.html

Cordially,
Richard

In message <7d7e5da5-7ddb-4278-987b-21ce9f7b3cfb at gmail.com> on Fri, 29 Dec 2017 09:00:00 -0500, Marty G <martygalyean at gmail.com> said:

martygalyean> For the same reason one doesn't wear a halloween costume to a technical meeting, Comic Sans is
martygalyean> looked down upon when used outside comics and day-care centers. It is considered a snub to use
martygalyean> it in non-trivial settings.
martygalyean> 
martygalyean> Much as lifting up your middle finger has no inherent meaning per se, but once one realizes that it
martygalyean> definitely has meaning to others and one lifts one's middle finger to others anyway, it can only be
martygalyean> assumed that one has intended to send the message others have assigned to it. So, for whatever
martygalyean> vague societal reasons, comic sans has become equivalent to wearing a speedo to a formal
martygalyean> wedding, giggling hysterically during one's performance review, or skipping around the track in a
martygalyean> tu-tu and clownface during the 440 meter track event at the Olympics. Those are the breaks!
martygalyean> Sorry for your loss of a connotation free comic sans. I feel your pain. Herd dynamics can be brutal
martygalyean> and bleak.
martygalyean> 
martygalyean> http://knowyourmeme.com/memes/comic-sans
martygalyean> "...While adequate for certain industry sectors like childcare and entertainment, its usage in
martygalyean> business or professional settings has been criticized by many aesthetic-conscious Internet users,
martygalyean> who say Comic Sans conveys silliness and irreverence that is hardly suitable for serious
martygalyean> matters....:
martygalyean> 
martygalyean> On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:
martygalyean> 
martygalyean>  Why? What is the problem with Comic Sans. I like it!
martygalyean> 
martygalyean>  You can say more if you have something useful.
martygalyean> 
martygalyean>  Thanks
martygalyean> 
martygalyean>  Saiteja.
martygalyean> 
martygalyean>  From: Michael Sierchio
martygalyean>  Sent: Friday, December 29, 2017 10:38 AM
martygalyean>  To: openssl-users at openssl.org
martygalyean>  Subject: Re: [openssl-users] How to form a proper hash after writing somethinginto SSL
martygalyean>  handshake.
martygalyean> 
martygalyean>  Comic Sans. Need I say more?
martygalyean> 
martygalyean>  On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <asteja.chowdary.ece13 at itbhu.ac.in>
martygalyean>  wrote:
martygalyean> 
martygalyean>  Hi,
martygalyean> 
martygalyean>  Happy Holidays everyone.
martygalyean> 
martygalyean>  I want to send client certificate, client key exchange and client verify in a single handshake
martygalyean>  message which appears as multiple handshake messages in a single record. But to sent
martygalyean>  the client verify I need to first make a hash of previous messages(client certificate and
martygalyean>  client key exchange) to create the signature.
martygalyean> 
martygalyean>  Can anyone help me to find the function in OpenSSL 1.1.1-dev xx XXX xxxx (or right
martygalyean>  procedure that needs to be done before creating a certificate verify message)that can do
martygalyean>  a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the
martygalyean>  message containing client certificate and client key exchange and then tried to generate
martygalyean>  the signature in certificate verify message.
martygalyean> 
martygalyean>  But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed
martygalyean>  forward stuck here. Please reply in case if anything is not clear.
martygalyean> 
martygalyean>  Here is a code snippet, how I am forming the data containing all client certificate , client
martygalyean>  key exchange and certificate verify messages inside write_state_machine().
martygalyean> 
martygalyean>  if(WPACKET_init(&pkt, s->init_buf)){
martygalyean> 
martygalyean>  //Client certificate formation
martygalyean> 
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean> 
martygalyean>  printf("PROBLEM\n");
martygalyean> 
martygalyean>  }
martygalyean> 
martygalyean>  transition(s); //transition to next state i.e client key exchange
martygalyean> 
martygalyean>  get_construct_message_f(s, &pkt, &confunc, &mt);
martygalyean> 
martygalyean>  //client key exchange formation
martygalyean> 
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean> 
martygalyean>  printf("AGAIN A PROBLEMO\n");
martygalyean> 
martygalyean>  }
martygalyean> 
martygalyean>  //ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
martygalyean> 
martygalyean>  st->write_state_work = post_work(s, st->write_state_work);
martygalyean> 
martygalyean>  transition(s); // transition to next state i.e certificate verify
martygalyean> 
martygalyean>  get_construct_message_f(s, &pkt, &confunc, &mt);
martygalyean> 
martygalyean>  //certificate verify message formation.
martygalyean> 
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean> 
martygalyean>  printf("AGAIN A PROBLEMO\n");
martygalyean> 
martygalyean>  }
martygalyean> 
martygalyean>  WPACKET_finish(&pkt);
martygalyean> 
martygalyean>  Please take a look at it, appreciate every bit of help.
martygalyean> 
martygalyean>  Regards,
martygalyean> 
martygalyean>  Saiteja
martygalyean> 
martygalyean>  --
martygalyean>  openssl-users mailing list
martygalyean>  To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
martygalyean> 
martygalyean>  --
martygalyean> 
martygalyean>  "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an
martygalyean>  intelligent person requires only two thousand five hundred."
martygalyean> 
martygalyean>  - The Mahābhārata
martygalyean>

More information about the openssl-users mailing list