How to form a proper hash after writing something into SSL handshake.

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

How to form a proper hash after writing something into SSL handshake.

Sai Teja Chowdary

 

Hi,

 

Happy Holidays everyone.

 

I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.

 

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.

 

Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().

 

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                  printf("PROBLEM\n");

                }

             transition(s);  //transition to next state i.e client key exchange

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

 

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

             st->write_state_work = post_work(s, st->write_state_work);

             transition(s);  // transition to next state i.e  certificate verify

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

             WPACKET_finish(&pkt);

 

 

Please take a look at it, appreciate every bit of help.

 

Regards,

Saiteja

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing something into SSL handshake.

Michael Sierchio

Comic Sans. Need I say more?

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <[hidden email]> wrote:

 

Hi,

 

Happy Holidays everyone.

 

I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.

 

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.

 

Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().

 

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                  printf("PROBLEM\n");

                }

             transition(s);  //transition to next state i.e client key exchange

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

 

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

             st->write_state_work = post_work(s, st->write_state_work);

             transition(s);  // transition to next state i.e  certificate verify

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

             WPACKET_finish(&pkt);

 

 

Please take a look at it, appreciate every bit of help.

 

Regards,

Saiteja

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




--
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Sai Teja Chowdary

 

Why? What is the problem with Comic Sans. I like it!

 

You can say more if you have something useful.

 

Thanks

 

Saiteja.

 

From: [hidden email]
Sent: Friday, December 29, 2017 10:38 AM
To: [hidden email]
Subject: Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

 

 

Comic Sans. Need I say more?

 

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <[hidden email]> wrote:

 

Hi,

 

Happy Holidays everyone.

 

I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.

 

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.

 

Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().

 

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                  printf("PROBLEM\n");

                }

             transition(s);  //transition to next state i.e client key exchange

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

 

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

             st->write_state_work = post_work(s, st->write_state_work);

             transition(s);  // transition to next state i.e  certificate verify

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

             WPACKET_finish(&pkt);

 

 

Please take a look at it, appreciate every bit of help.

 

Regards,

Saiteja

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



 

--

"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred."


- The Mahābhārata

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Marty G
For the same reason one doesn't wear a halloween costume to a technical meeting, Comic Sans is looked down upon when used outside comics and day-care centers.  It is considered a snub to use it in non-trivial settings.

Much as lifting up your middle finger has no inherent meaning per se, but once one realizes that it definitely has meaning to others and one lifts one's middle finger to others anyway, it can only be assumed that one has intended to send the message others have assigned to it.  So, for whatever vague societal reasons, comic sans has become equivalent to wearing a speedo to a formal wedding, giggling hysterically during one's performance review, or skipping around the track in a tu-tu and clownface during the 440 meter track event at the Olympics.  Those are the breaks!  Sorry for your loss of a connotation free comic sans.  I feel your pain.  Herd dynamics can be brutal and bleak.

http://knowyourmeme.com/memes/comic-sans
"...While adequate for certain industry sectors like childcare and entertainment, its usage in business or professional settings has been criticized by many aesthetic-conscious Internet users, who say Comic Sans conveys silliness and irreverence that is hardly suitable for serious matters....:

On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:

 

Why? What is the problem with Comic Sans. I like it!

 

You can say more if you have something useful.

 

Thanks

 

Saiteja.

 

From: [hidden email]
Sent: Friday, December 29, 2017 10:38 AM
To: [hidden email]
Subject: Re: [openssl-users] How to form a proper hash after writing somethinginto SSL handshake.

 

 

Comic Sans. Need I say more?

 

On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <[hidden email]> wrote:

 

Hi,

 

Happy Holidays everyone.

 

I want to send client certificate, client key exchange and client verify in a single handshake message which appears as multiple handshake messages in a single record. But to sent the client verify I need to first make a hash of previous messages(client certificate and client key exchange) to create the signature.

 

Can anyone help me to find the function in OpenSSL 1.1.1-dev  xx XXX xxxx (or right procedure that needs to be done before creating a certificate verify message)that can do a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the message containing client certificate and client key exchange and then tried to generate the signature in certificate verify message.

But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed forward stuck here. Please reply in case if anything is not clear.

 

Here is a code snippet, how I am forming the data containing all client certificate , client key exchange and certificate verify messages inside write_state_machine().

 

if(WPACKET_init(&pkt, s->init_buf)){

//Client certificate formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                  printf("PROBLEM\n");

                }

             transition(s);  //transition to next state i.e client key exchange

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//client key exchange formation

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||         !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

 

//ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);

             st->write_state_work = post_work(s, st->write_state_work);

             transition(s);  // transition to next state i.e  certificate verify

 

             get_construct_message_f(s, &pkt, &confunc, &mt);

//certificate verify message formation.

             if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||                                          !ssl_close_construct_packet(s,&pkt,mt)){

                   printf("AGAIN A PROBLEMO\n");

                }

             WPACKET_finish(&pkt);

 

 

Please take a look at it, appreciate every bit of help.

 

Regards,

Saiteja

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



 

--

"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred."


- The Mahābhārata

 





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

JordanBrown
On 12/29/2017 6:00 AM, Marty G wrote:
For the same reason one doesn't wear a halloween costume to a technical meeting, Comic Sans is looked down upon when used outside comics and day-care centers.  It is considered a snub to use it in non-trivial settings.

Much as lifting up your middle finger has no inherent meaning per se, but once one realizes that it definitely has meaning to others and one lifts one's middle finger to others anyway, it can only be assumed that one has intended to send the message others have assigned to it.  So, for whatever vague societal reasons, comic sans has become equivalent to wearing a speedo to a formal wedding, giggling hysterically during one's performance review, or skipping around the track in a tu-tu and clownface during the 440 meter track event at the Olympics.  Those are the breaks!  Sorry for your loss of a connotation free comic sans.  I feel your pain.  Herd dynamics can be brutal and bleak.

http://knowyourmeme.com/memes/comic-sans
"...While adequate for certain industry sectors like childcare and entertainment, its usage in business or professional settings has been criticized by many aesthetic-conscious Internet users, who say Comic Sans conveys silliness and irreverence that is hardly suitable for serious matters....:

Committing a fashion faux pas may be gauche, but pointing and laughing is even more so.  If you think that somebody's choice of fashion is inappropriate, keep it to yourself or an appropriate gossip forum.  Congratulations, you've just convinced this newcomer that the openssl-users group is populated by fashionistas rather than serious technical people.

The original poster had a technical question.  I don't know enough to answer it, or I would.  Could somebody who *does* know enough please take a stab?

Saiteja, one suggestion:  when an error occurs, don't just report that there was a problem.  Report what the problem was.  Don't these functions set the results that SSL_get_error( ) returns?

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Michael Wojcik
In reply to this post by Marty G
And to be honest, specifying any font for a technical or business email message (rather than simply letting the MUA use the user's default) is suspect. It says that you believe your stylistic preferences are more important than the reader's. That's a poor footing to begin a request for assistance or cooperation.

Personally, due to Outlook's terrible handling of HTML email (particularly in formatting replies), I am considerably more likely to reply to a plain-text message posted to openssl-users than I am to an HTML one. That may well be a personal idiosyncrasy, but the general principle of not making your message any more complicated than it needs to be is worth keeping in mind.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Richard Levitte - VMS Whacker-2
In reply to this post by Marty G
Marty, you might want to consider that the values of western society
are hardly universal.  Comic Sans isn't as badly seen everywhere, and
there's no reason why western society biases should trump any other.

Also, I'd like to remind everyone that we have a code of conduct,
https://www.openssl.org/community/conduct.html

Cordially,
Richard

In message <[hidden email]> on Fri, 29 Dec 2017 09:00:00 -0500, Marty G <[hidden email]> said:

martygalyean> For the same reason one doesn't wear a halloween costume to a technical meeting, Comic Sans is
martygalyean> looked down upon when used outside comics and day-care centers. It is considered a snub to use
martygalyean> it in non-trivial settings.
martygalyean>
martygalyean> Much as lifting up your middle finger has no inherent meaning per se, but once one realizes that it
martygalyean> definitely has meaning to others and one lifts one's middle finger to others anyway, it can only be
martygalyean> assumed that one has intended to send the message others have assigned to it. So, for whatever
martygalyean> vague societal reasons, comic sans has become equivalent to wearing a speedo to a formal
martygalyean> wedding, giggling hysterically during one's performance review, or skipping around the track in a
martygalyean> tu-tu and clownface during the 440 meter track event at the Olympics. Those are the breaks!
martygalyean> Sorry for your loss of a connotation free comic sans. I feel your pain. Herd dynamics can be brutal
martygalyean> and bleak.
martygalyean>
martygalyean> http://knowyourmeme.com/memes/comic-sans
martygalyean> "...While adequate for certain industry sectors like childcare and entertainment, its usage in
martygalyean> business or professional settings has been criticized by many aesthetic-conscious Internet users,
martygalyean> who say Comic Sans conveys silliness and irreverence that is hardly suitable for serious
martygalyean> matters....:
martygalyean>
martygalyean> On 12/29/2017 08:14 AM, Sai Teja Chowdary wrote:
martygalyean>
martygalyean>  Why? What is the problem with Comic Sans. I like it!
martygalyean>
martygalyean>  You can say more if you have something useful.
martygalyean>
martygalyean>  Thanks
martygalyean>
martygalyean>  Saiteja.
martygalyean>
martygalyean>  From: Michael Sierchio
martygalyean>  Sent: Friday, December 29, 2017 10:38 AM
martygalyean>  To: [hidden email]
martygalyean>  Subject: Re: [openssl-users] How to form a proper hash after writing somethinginto SSL
martygalyean>  handshake.
martygalyean>
martygalyean>  Comic Sans. Need I say more?
martygalyean>
martygalyean>  On Tue, Dec 26, 2017 at 4:53 AM, Sai Teja Chowdary <[hidden email]>
martygalyean>  wrote:
martygalyean>
martygalyean>  Hi,
martygalyean>
martygalyean>  Happy Holidays everyone.
martygalyean>
martygalyean>  I want to send client certificate, client key exchange and client verify in a single handshake
martygalyean>  message which appears as multiple handshake messages in a single record. But to sent
martygalyean>  the client verify I need to first make a hash of previous messages(client certificate and
martygalyean>  client key exchange) to create the signature.
martygalyean>
martygalyean>  Can anyone help me to find the function in OpenSSL 1.1.1-dev xx XXX xxxx (or right
martygalyean>  procedure that needs to be done before creating a certificate verify message)that can do
martygalyean>  a proper transcript(digest or hash not clear). I tried using ssl3_finish_mac() on the
martygalyean>  message containing client certificate and client key exchange and then tried to generate
martygalyean>  the signature in certificate verify message.
martygalyean>
martygalyean>  But it is giving me a digest error. I am new to the mailing list want a bit of help to proceed
martygalyean>  forward stuck here. Please reply in case if anything is not clear.
martygalyean>
martygalyean>  Here is a code snippet, how I am forming the data containing all client certificate , client
martygalyean>  key exchange and certificate verify messages inside write_state_machine().
martygalyean>
martygalyean>  if(WPACKET_init(&pkt, s->init_buf)){
martygalyean>
martygalyean>  //Client certificate formation
martygalyean>
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean>
martygalyean>  printf("PROBLEM\n");
martygalyean>
martygalyean>  }
martygalyean>
martygalyean>  transition(s); //transition to next state i.e client key exchange
martygalyean>
martygalyean>  get_construct_message_f(s, &pkt, &confunc, &mt);
martygalyean>
martygalyean>  //client key exchange formation
martygalyean>
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean>
martygalyean>  printf("AGAIN A PROBLEMO\n");
martygalyean>
martygalyean>  }
martygalyean>
martygalyean>  //ssl3_finish_mac(s, &s->init_buf->data[s->init_off], s->init_num);
martygalyean>
martygalyean>  st->write_state_work = post_work(s, st->write_state_work);
martygalyean>
martygalyean>  transition(s); // transition to next state i.e certificate verify
martygalyean>
martygalyean>  get_construct_message_f(s, &pkt, &confunc, &mt);
martygalyean>
martygalyean>  //certificate verify message formation.
martygalyean>
martygalyean>  if(!ssl_set_handshake_header(s,&pkt,mt) || confunc != NULL && !confunc(s,&pkt) ||
martygalyean>  !ssl_close_construct_packet(s,&pkt,mt)){
martygalyean>
martygalyean>  printf("AGAIN A PROBLEMO\n");
martygalyean>
martygalyean>  }
martygalyean>
martygalyean>  WPACKET_finish(&pkt);
martygalyean>
martygalyean>  Please take a look at it, appreciate every bit of help.
martygalyean>
martygalyean>  Regards,
martygalyean>
martygalyean>  Saiteja
martygalyean>
martygalyean>  --
martygalyean>  openssl-users mailing list
martygalyean>  To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
martygalyean>
martygalyean>  --
martygalyean>
martygalyean>  "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an
martygalyean>  intelligent person requires only two thousand five hundred."
martygalyean>
martygalyean>  - The Mahābhārata
martygalyean>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Viktor Dukhovni


> On Dec 29, 2017, at 12:34 PM, Richard Levitte <[hidden email]> wrote:
>
> Marty, you might want to consider that the values of western society
> are hardly universal.  Comic Sans isn't as badly seen everywhere, and
> there's no reason why western society biases should trump any other.

My issue with the post was that it was just too difficult to read,
largely as a result of the font.  So I just deleted it and moved on.
So this has little to do with Western vs. non-Western values.  Written
communication is most clear when the fonts don't get in the way of the
content.  Decorative fonts are for party announcements and the like,
usually in large print on physical posters.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Viktor Dukhovni
> Sent: Friday, December 29, 2017 13:04
>
> > On Dec 29, 2017, at 12:34 PM, Richard Levitte <[hidden email]> wrote:
> >
> > Marty, you might want to consider that the values of western society
> > are hardly universal.  Comic Sans isn't as badly seen everywhere, and
> > there's no reason why western society biases should trump any other.
>
> My issue with the post was that it was just too difficult to read,
> largely as a result of the font.  So I just deleted it and moved on.
> So this has little to do with Western vs. non-Western values.  Written
> communication is most clear when the fonts don't get in the way of the
> content.  Decorative fonts are for party announcements and the like,
> usually in large print on physical posters.

Indeed. This has little to do with "the values of western society", or the values of any other community. (Nor, with apologies to Richard, does it have much to do with the OpenSSL mailing-list code of conduct; the messages on this topic have ranged from curt to civil, but none have been abusive under any reasonable definition.)

It has to do with appealing to the intended audience, which of course is one of the most critical aspects of writing. I could cite thousands of years of rhetorical theory - from cultures European and otherwise - but this is such a commonplace that there's no need. Marty's message was a useful, generous, and polite response to Saiteja's query. And while his examples were culturally specific, his argument was not.

That said, I suspect the larger reason why Saiteja has not had a technical response to the original query is that few people on openssl-users have experience with using the WPACKET API and other low-level operations in the 1.1 codebase. It still might be worth reposting without the controversial styling.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Viktor Dukhovni


> On Dec 29, 2017, at 1:34 PM, Michael Wojcik <[hidden email]> wrote:
>
> That said, I suspect the larger reason why Saiteja has not had a technical response to the original query is that few people on openssl-users have experience with using the WPACKET API and other low-level operations in the 1.1 codebase. It still might be worth reposting without the controversial styling.

More importantly, what problem is the OP really trying to solve?

The WPACKET interface is an internal interface that does not
appear in any public OpenSSL headers.  It is undocumented and
subject to change without notice.  The OP should not be using
this interface, except as part of a code contribution to improve
the implementation of TLS in the OpenSSL library.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Sai Teja Chowdary-2
Hi everyone,

I apologize for Comic Sans. And honestly I didn't know using it implies this many impressions. As I said my other subscription named "Ananthaneni Saiteja Chowdary" is my outlook account that i use for my office work(because I am using a QHD resolution my fonts are so small so i selected the font that looks good for me to read.)  I actually posted two questions one from this email and other from outlook account. This question was actually posted through my outlook account in the beginning, and just as a followup and to include some more information in my question I thought of asking the question again. So I copied the contents of my previous mail and added few more info at the end in my Mail app, unfortunately the font got changed to comic sans. Its not that i knowingly changed the font to impress or insult. I am a non native English speaker and I sometimes don't understand the exact emotion or feeling in non-technical conversation. 

I am using OpenSSL client to create a custom TLS client which can send or manipulate the default TLS handshake messages so that i can test for any bugs in our TLS server implementation. I spent about 4 months in reading OpenSSL code and making changes and adding new arguments to modify the default client. So in that process i came across the WPACKET API. For framing SSL records I had to use it. 

I will post the question again in a new thread. Please take a look at it and help me out.

Regards

Saiteja.

On Sat, Dec 30, 2017 at 12:17 AM, Viktor Dukhovni <[hidden email]> wrote:


> On Dec 29, 2017, at 1:34 PM, Michael Wojcik <[hidden email]> wrote:
>
> That said, I suspect the larger reason why Saiteja has not had a technical response to the original query is that few people on openssl-users have experience with using the WPACKET API and other low-level operations in the 1.1 codebase. It still might be worth reposting without the controversial styling.

More importantly, what problem is the OP really trying to solve?

The WPACKET interface is an internal interface that does not
appear in any public OpenSSL headers.  It is undocumented and
subject to change without notice.  The OP should not be using
this interface, except as part of a code contribution to improve
the implementation of TLS in the OpenSSL library.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to form a proper hash after writing somethinginto SSL handshake.

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Sai Teja Chowdary
> Sent: Friday, December 29, 2017 21:44

> I am using OpenSSL client to create a custom TLS client which can send or manipulate the default TLS handshake
> messages so that i can test for any bugs in our TLS server implementation. I spent about 4 months in reading OpenSSL
> code and making changes and adding new arguments to modify the default client. So in that process i came across the
> WPACKET API. For framing SSL records I had to use it. 

I can't help with your specific issue. I don't know the 1.1.x codebase (my teams are still using 1.0.2). But I'd suggest that perhaps OpenSSL is not the ideal starting point for this.

When security researchers do this sort of thing - generate specific TLS messages to test a peer implementation - they often use a scripting language with suitable add-on modules, such as Python with the ssl, cryptography, and gmpy2 modules. While these scripts are often quick-and-dirty, they're probably easier to modify. So you might look at various open-source TLS test scripts, such as the one Hanno Böck wrote for ROBOT (see robotattack.org).

There are also various open-source test frameworks for TLS, such as TLSPretense. I don't have any experience with them myself, but it's worth taking a look.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users