How to form a proper hash after writing something into SSL handshake.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 

Hi,

 

Happy Holidays everyone.

 

I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.

 

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.

 

Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().

 

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                  printf("PROBLEM\n");

                }

             transition(s);  //transition to next state i.e client key exchange

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

 

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

             st->write_state_work = post_work(s, st->write_state_work);

             transition(s);  // transition to next state i.e  certificate verify

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

             WPACKET_finish(&pkt);

 

 

Please take a look at it, appreciate every bit of help.

 

Regards,

Saiteja

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux