|
We are incorporating a different crypto lib into OpenSSL and
are running into a few problems because assumptions are made about how the
crypto lib works. One problem we are running into is that EVP_MD_CTX_copy() is
not supported by our crypto lib. We have no way to make a working copy of a
current digest context so that we can finalize one and continue digesting in the
other.
Obviously, this produces a problem with the handshakes because
we need to digest the handshake messages up to the first finished message,
finalize it to compare results and then continue digesting until the second
finished message.
We basically have two choices: 1) ask our crypto provider to
support digest context copies or 2) maintain multiple digest contexts for the
different times when we need to finalize a digest value.
We have chosen to follow path #2 which leads to a couple of
questions:
1) Has anyone done this before and do you have a working
implementation that we could reference? Or do you have any ideas about a
preferred way to implement a change like this?
2) How many digest contexts need to be maintained to support
the handshake? Certainly, there are at least two for the 2 finished messages,
but I believe we need a third in case a CertificateVerify is sent. Do we need
more than 3?
Thanks, as always, for your insight and help.
Verdon Walker
(801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com |
