[openssl-users] How to form a proper hash after writing something into SSL handshake.

Tue, 26 Dec 2017 04:54:07 -0800 

Hi,

Happy Holidays everyone.

I want to send client certificate, client key exchange and client verify in a 
single handshake message which appears as multiple handshake messages in a 
single record. But to sent the client verify I need to first make a hash of 
previous messages(client certificate and client key exchange) to create the 
signature.

Can anyone help me to find the function in OpenSSL 1.1.1-devĀ  xx XXX xxxx (or 
right procedure that needs to be done before creating a certificate verify 
message)that can do a proper transcript(digest or hash not clear). I tried 
using ssl3_finish_mac() on the message containing client certificate and client 
key exchange and then tried to generate the signature in certificate verify 
message.
But it is giving me a digest error. I am new to the mailing list want a bit of 
help to proceed forward stuck here. Please reply in case if anything is not 
clear.

Here is a code snippet, how I am forming the data containing all client 
certificate , client key exchange and certificate verify messages inside 
write_state_machine().

if(WPACKET_init(&pkt, s->init_buf)){
//Client certificate formation
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||          !ssl_close_construct_packet(s,&pkt,mt)){
                  printf("PROBLEM\n");
                }
             transition(s);  //transition to next state i.e client key exchange

             get_construct_message_f(s, &pkt, &confunc, &mt);
//client key exchange formation
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||  !ssl_close_construct_packet(s,&pkt,mt)){
                   printf("AGAIN A PROBLEMO\n");
                }

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
             st->write_state_work = post_work(s, st->write_state_work);
             transition(s);  // transition to next state i.e  certificate verify

             get_construct_message_f(s, &pkt, &confunc, &mt);
//certificate verify message formation.
             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && 
!confunc(s,&pkt) ||                                          
!ssl_close_construct_packet(s,&pkt,mt)){
                   printf("AGAIN A PROBLEMO\n");
                }
             WPACKET_finish(&pkt);


Please take a look at it, appreciate every bit of help.

Regards,
Saiteja


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to