[openssl-users] How to form a proper hash after writing something into SSL handshake.(Revised)

Viktor Dukhovni openssl-users at dukhovni.org
Sat Dec 30 05:17:12 UTC 2017

> On Dec 29, 2017, at 10:18 PM, Sai Teja Chowdary <asteja.chowdary.ece13 at iitbhu.ac.in> wrote:
> I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature. I tried framing the record with above three messages and then directly sending the record in the wire using SSL3_write_machine() which is giving me Bad signature error. So i thought of doing a hash of client certificate and client key exchange messages that go before client verify.
> Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

There is no such feature, and none is likely to ever be offered.
The reason is that you're essentially trying to write your own
TLS implementation, and SSL library in OpenSSL is provides public
interfaces for SSL users, not for new SSL implementations.

You can of course build your OpenSSL implementation based on the
OpenSSL source code, but figuring out how the code works is then
up to you. :-(


More information about the openssl-users mailing list