#include <string.h>#include <stdlib.h>#include <time.h>#include "xyssl/net.h"#include "xyssl/ssl.h"#include "xyssl/aes.h"#include "xyssl/arc4.h"#include "xyssl/des.h"Go to the source code of this file.
Defines | |
| #define | _CRT_SECURE_NO_DEPRECATE 1 |
Functions | |
| static void | tls1_prf (unsigned char *secret, int slen, char *label, unsigned char *random, int rlen, unsigned char *dstbuf, int dlen) |
| int | ssl_derive_keys (ssl_context *ssl) |
| int | ssl_calc_verify (ssl_context *ssl, unsigned char hash[36]) |
| static void | ssl_mac_md5 (unsigned char *secret, unsigned char *buf, int len, unsigned char *ctr, int type) |
| static void | ssl_mac_sha1 (unsigned char *secret, unsigned char *buf, int len, unsigned char *ctr, int type) |
| static int | ssl_encrypt_buf (ssl_context *ssl) |
| static int | ssl_decrypt_buf (ssl_context *ssl) |
| int | ssl_write_record (ssl_context *ssl, int do_crypt) |
| int | ssl_read_record (ssl_context *ssl, int do_crypt) |
| int | ssl_flush_output (ssl_context *ssl) |
| int | ssl_write_certificate (ssl_context *ssl) |
| int | ssl_parse_certificate (ssl_context *ssl) |
| int | ssl_write_change_cipher_spec (ssl_context *ssl) |
| int | ssl_parse_change_cipher_spec (ssl_context *ssl) |
| static void | ssl_calc_finished (ssl_context *ssl, unsigned char *buf, int from, md5_context *md5, sha1_context *sha1) |
| int | ssl_write_finished (ssl_context *ssl) |
| int | ssl_parse_finished (ssl_context *ssl) |
| int | ssl_init (ssl_context *ssl, int client_resume) |
| Initialize the SSL context. If client_resume is not null, the session id and premaster secret are preserved (client-side only). | |
| void | ssl_set_endpoint (ssl_context *ssl, int endpoint) |
| Set the current endpoint type, SSL_IS_CLIENT or SSL_IS_SERVER. | |
| void | ssl_set_authmode (ssl_context *ssl, int authmode) |
| Set the certificate verification mode. | |
| void | ssl_set_rng_func (ssl_context *ssl, int(*rng_f)(void *), void *rng_d) |
| Set the random number generator function. | |
| void | ssl_set_io_files (ssl_context *ssl, int read_fd, int write_fd) |
| Set the read and write file descriptors. | |
| void | ssl_set_ciphlist (ssl_context *ssl, int *ciphers) |
| Set the list of allowed ciphersuites. | |
| void | ssl_set_ca_chain (ssl_context *ssl, x509_cert *ca, char *cn) |
| Set the CA certificate chain used to verify peer cert, and the peer's expected CommonName (or NULL). | |
| void | ssl_set_rsa_cert (ssl_context *ssl, x509_cert *own_cert, rsa_context *own_key) |
| Set own certificate and private RSA key. | |
| void | ssl_set_sidtable (ssl_context *ssl, unsigned char *sidtable) |
| Set the global session ID table (server-side only). | |
| int | ssl_set_dhm_vals (ssl_context *ssl, char *dhm_P, char *dhm_G) |
| Set the Diffie-Hellman public P and G values, provided as hexadecimal strings (server-side only). | |
| int | ssl_get_verify_result (ssl_context *ssl) |
| Return the result of the certificate verification. | |
| char * | ssl_get_cipher_name (ssl_context *ssl) |
| Return the name of the current cipher. | |
| int | ssl_handshake (ssl_context *ssl) |
| Perform the SSL handshake. | |
| int | ssl_read (ssl_context *ssl, unsigned char *buf, int *len) |
| Read at most 'len' application data bytes. | |
| int | ssl_write (ssl_context *ssl, unsigned char *buf, int len) |
| Write 'len' application data bytes. | |
| int | ssl_close_notify (ssl_context *ssl) |
| Notify the peer that the connection is being closed. | |
| void | ssl_free (ssl_context *ssl) |
| Free an SSL context. | |
Variables | |
| int | ssl_default_ciphers [] |
| static const char | _ssl_tls_src [] = "_ssl_tls_src" |
| static void ssl_calc_finished | ( | ssl_context * | ssl, | |
| unsigned char * | buf, | |||
| int | from, | |||
| md5_context * | md5, | |||
| sha1_context * | sha1 | |||
| ) | [static] |
| int ssl_calc_verify | ( | ssl_context * | ssl, | |
| unsigned char | hash[36] | |||
| ) |
Definition at line 326 of file ssl_tls.c.
References ssl_context::hs_md5, ssl_context::hs_sha1, ssl_context::master, md5(), md5_finish(), md5_starts(), md5_update(), ssl_context::minor_ver, sha1(), sha1_finish(), sha1_starts(), sha1_update(), and SSLV3_MINOR_VERSION.
Referenced by ssl_parse_certificate_verify(), and ssl_write_certificate_verify().
| int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
Definition at line 1450 of file ssl_tls.c.
References ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, SSL_ALERT_CLOSE_NOTIFY, SSL_ALERT_WARNING, ssl_flush_output(), SSL_HANDSHAKE_OVER, SSL_MSG_ALERT, ssl_write_record(), and ssl_context::state.
Referenced by main().
| static int ssl_decrypt_buf | ( | ssl_context * | ssl | ) | [static] |
Definition at line 516 of file ssl_tls.c.
References aes_cbc_decrypt(), arc4_crypt(), ssl_context::ctx_dec, des3_cbc_decrypt(), ERR_SSL_FEATURE_UNAVAILABLE, ERR_SSL_INVALID_MAC, ssl_context::in_ctr, ssl_context::in_hdr, ssl_context::in_msg, ssl_context::in_msglen, ssl_context::in_msgtype, int, ssl_context::iv_dec, ssl_context::ivlen, ssl_context::mac_dec, ssl_context::maclen, md5_hmac(), ssl_context::minlen, ssl_context::minor_ver, ssl_context::nb_zero, sha1_hmac(), ssl_mac_md5(), ssl_mac_sha1(), and SSLV3_MINOR_VERSION.
| int ssl_derive_keys | ( | ssl_context * | ssl | ) |
Definition at line 101 of file ssl_tls.c.
References aes_set_key(), arc4_setup(), ssl_context::cipher, ssl_context::ctx_dec, ssl_context::ctx_enc, ssl_context::ctxlen, des3_set_3keys(), ssl_context::endpoint, ERR_SSL_FEATURE_UNAVAILABLE, ssl_context::iv_dec, ssl_context::iv_enc, ssl_context::ivlen, ssl_context::keylen, ssl_context::mac_dec, ssl_context::mac_enc, ssl_context::maclen, ssl_context::master, md5(), md5_finish(), md5_starts(), md5_update(), ssl_context::minlen, ssl_context::minor_ver, ssl_context::pmslen, ssl_context::premaster, ssl_context::randbytes, ssl_context::resumed, sha1(), sha1_finish(), sha1_starts(), sha1_update(), SSL3_EDH_RSA_DES_168_SHA, SSL3_RSA_DES_168_SHA, SSL3_RSA_RC4_128_MD5, SSL3_RSA_RC4_128_SHA, SSL_IS_CLIENT, SSLV3_MINOR_VERSION, TLS1_EDH_RSA_AES_256_SHA, tls1_prf(), and TLS1_RSA_AES_256_SHA.
Referenced by ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_write_client_key_exchange(), and ssl_write_server_hello().
| static int ssl_encrypt_buf | ( | ssl_context * | ssl | ) | [static] |
Definition at line 433 of file ssl_tls.c.
References aes_cbc_encrypt(), arc4_crypt(), ssl_context::ctx_enc, des3_cbc_encrypt(), ERR_SSL_FEATURE_UNAVAILABLE, ssl_context::iv_enc, ssl_context::ivlen, ssl_context::mac_enc, ssl_context::maclen, md5_hmac(), ssl_context::minor_ver, ssl_context::out_ctr, ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, sha1_hmac(), ssl_mac_md5(), ssl_mac_sha1(), and SSLV3_MINOR_VERSION.
Referenced by ssl_write_record().
| int ssl_flush_output | ( | ssl_context * | ssl | ) |
Definition at line 823 of file ssl_tls.c.
References net_send(), ssl_context::out_hdr, ssl_context::out_left, ssl_context::out_msglen, and ssl_context::write_fd.
Referenced by ssl_client_start(), ssl_close_notify(), and ssl_server_start().
| void ssl_free | ( | ssl_context * | ssl | ) |
Free an SSL context.
Definition at line 1473 of file ssl_tls.c.
References ssl_context::ctx_dec, ssl_context::ctx_enc, ssl_context::ctxlen, ssl_context::dhm_ctx, dhm_free(), ssl_context::in_ctr, ssl_context::out_ctr, ssl_context::peer_cert, SSL_BUFFER_LEN, and x509_free_cert().
Referenced by main().
| char* ssl_get_cipher_name | ( | ssl_context * | ssl | ) |
| int ssl_get_verify_result | ( | ssl_context * | ssl | ) |
Return the result of the certificate verification.
Definition at line 1303 of file ssl_tls.c.
References ssl_context::verify_result.
Referenced by main().
| int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
Definition at line 1369 of file ssl_tls.c.
References ssl_context::endpoint, ERR_SSL_FEATURE_UNAVAILABLE, ssl_client_start(), SSL_IS_CLIENT, SSL_IS_SERVER, and ssl_server_start().
Referenced by main(), ssl_read(), and ssl_write().
| int ssl_init | ( | ssl_context * | ssl, | |
| int | client_resume | |||
| ) |
Initialize the SSL context. If client_resume is not null, the session id and premaster secret are preserved (client-side only).
Definition at line 1199 of file ssl_tls.c.
References ssl_context::in_ctr, ssl_context::in_hdr, ssl_context::in_msg, ssl_context::master, ssl_context::out_ctr, ssl_context::out_hdr, ssl_context::out_msg, ssl_context::sessid, ssl_context::sidlen, and SSL_BUFFER_LEN.
Referenced by main().
| static void ssl_mac_md5 | ( | unsigned char * | secret, | |
| unsigned char * | buf, | |||
| int | len, | |||
| unsigned char * | ctr, | |||
| int | type | |||
| ) | [static] |
Definition at line 372 of file ssl_tls.c.
References md5(), md5_finish(), md5_starts(), and md5_update().
Referenced by ssl_decrypt_buf(), and ssl_encrypt_buf().
| static void ssl_mac_sha1 | ( | unsigned char * | secret, | |
| unsigned char * | buf, | |||
| int | len, | |||
| unsigned char * | ctr, | |||
| int | type | |||
| ) | [static] |
Definition at line 401 of file ssl_tls.c.
References sha1(), sha1_finish(), sha1_starts(), and sha1_update().
Referenced by ssl_decrypt_buf(), and ssl_encrypt_buf().
| int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
| int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
Definition at line 1028 of file ssl_tls.c.
Referenced by ssl_client_start(), and ssl_server_start().
| int ssl_parse_finished | ( | ssl_context * | ssl | ) |
Definition at line 1154 of file ssl_tls.c.
Referenced by ssl_client_start(), and ssl_server_start().
| int ssl_read | ( | ssl_context * | ssl, | |
| unsigned char * | buf, | |||
| int * | len | |||
| ) |
Read at most 'len' application data bytes.
Definition at line 1387 of file ssl_tls.c.
References ERR_SSL_UNEXPECTED_MESSAGE, ssl_context::in_msg, ssl_context::in_msglen, ssl_context::in_msgtype, ssl_context::in_offt, ssl_handshake(), SSL_MSG_APPLICATION_DATA, and ssl_read_record().
Referenced by main().
| int ssl_read_record | ( | ssl_context * | ssl, | |
| int | do_crypt | |||
| ) |
Definition at line 682 of file ssl_tls.c.
Referenced by ssl_parse_certificate_request(), ssl_parse_certificate_verify(), ssl_parse_client_key_exchange(), ssl_parse_server_hello(), ssl_parse_server_hello_done(), ssl_parse_server_key_exchange(), and ssl_read().
| void ssl_set_authmode | ( | ssl_context * | ssl, | |
| int | authmode | |||
| ) |
Set the certificate verification mode.
| mode | can be: |
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; you may want to check ssl->verify_result after.
SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.
Definition at line 1249 of file ssl_tls.c.
Referenced by main().
| void ssl_set_ca_chain | ( | ssl_context * | ssl, | |
| x509_cert * | ca, | |||
| char * | cn | |||
| ) |
| void ssl_set_ciphlist | ( | ssl_context * | ssl, | |
| int * | ciphers | |||
| ) |
| int ssl_set_dhm_vals | ( | ssl_context * | ssl, | |
| char * | dhm_P, | |||
| char * | dhm_G | |||
| ) |
| void ssl_set_endpoint | ( | ssl_context * | ssl, | |
| int | endpoint | |||
| ) |
Set the current endpoint type, SSL_IS_CLIENT or SSL_IS_SERVER.
Definition at line 1244 of file ssl_tls.c.
References ssl_context::endpoint.
Referenced by main().
| void ssl_set_io_files | ( | ssl_context * | ssl, | |
| int | read_fd, | |||
| int | write_fd | |||
| ) |
| void ssl_set_rng_func | ( | ssl_context * | ssl, | |
| int(*)(void *) | rng_f, | |||
| void * | rng_d | |||
| ) |
| void ssl_set_rsa_cert | ( | ssl_context * | ssl, | |
| x509_cert * | own_cert, | |||
| rsa_context * | own_key | |||
| ) |
| void ssl_set_sidtable | ( | ssl_context * | ssl, | |
| unsigned char * | sidtable | |||
| ) |
| int ssl_write | ( | ssl_context * | ssl, | |
| unsigned char * | buf, | |||
| int | len | |||
| ) |
Write 'len' application data bytes.
Definition at line 1422 of file ssl_tls.c.
References ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, ssl_context::out_uoff, ssl_handshake(), SSL_MAX_CONTENT_LEN, SSL_MSG_APPLICATION_DATA, and ssl_write_record().
Referenced by main().
| int ssl_write_certificate | ( | ssl_context * | ssl | ) |
Definition at line 843 of file ssl_tls.c.
References ssl_context::client_auth, ssl_context::endpoint, ERR_SSL_CERTIFICATE_REQUIRED, ERR_SSL_CERTIFICATE_TOO_LARGE, _x509_buf::len, ssl_context::minor_ver, _x509_cert::next, ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, ssl_context::own_cert, _x509_buf::p, _x509_cert::raw, SSL_ALERT_NO_CERTIFICATE, SSL_ALERT_WARNING, SSL_HS_CERTIFICATE, SSL_IS_CLIENT, SSL_MAX_CONTENT_LEN, SSL_MSG_ALERT, SSL_MSG_HANDSHAKE, ssl_write_record(), SSLV3_MINOR_VERSION, and ssl_context::state.
Referenced by ssl_client_start(), and ssl_server_start().
| int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
Definition at line 1019 of file ssl_tls.c.
Referenced by ssl_client_start(), and ssl_server_start().
| int ssl_write_finished | ( | ssl_context * | ssl | ) |
Definition at line 1117 of file ssl_tls.c.
Referenced by ssl_client_start(), and ssl_server_start().
| int ssl_write_record | ( | ssl_context * | ssl, | |
| int | do_crypt | |||
| ) |
Definition at line 645 of file ssl_tls.c.
References ssl_context::hs_md5, ssl_context::hs_sha1, ssl_context::major_ver, md5_update(), ssl_context::minor_ver, net_send(), ssl_context::out_hdr, ssl_context::out_left, ssl_context::out_msg, ssl_context::out_msglen, ssl_context::out_msgtype, sha1_update(), ssl_encrypt_buf(), SSL_MSG_HANDSHAKE, and ssl_context::write_fd.
Referenced by ssl_close_notify(), ssl_write(), ssl_write_certificate(), ssl_write_certificate_request(), ssl_write_certificate_verify(), ssl_write_client_hello(), ssl_write_client_key_exchange(), ssl_write_server_hello(), ssl_write_server_hello_done(), and ssl_write_server_key_exchange().
| static void tls1_prf | ( | unsigned char * | secret, | |
| int | slen, | |||
| char * | label, | |||
| unsigned char * | random, | |||
| int | rlen, | |||
| unsigned char * | dstbuf, | |||
| int | dlen | |||
| ) | [static] |
Definition at line 46 of file ssl_tls.c.
References md5_hmac(), S1, S2, and sha1_hmac().
Referenced by ssl_derive_keys().
const char _ssl_tls_src[] = "_ssl_tls_src" [static] |
Initial value:
{
TLS1_EDH_RSA_AES_256_SHA,
SSL3_EDH_RSA_DES_168_SHA,
TLS1_RSA_AES_256_SHA,
SSL3_RSA_DES_168_SHA,
SSL3_RSA_RC4_128_SHA,
SSL3_RSA_RC4_128_MD5,
0
}
Definition at line 1343 of file ssl_tls.c.
Referenced by main().
1.5.4