📄 xyssl - server source code.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<!-- saved from url=(0037)http://xyssl.org/code/source/ssl_srv/ -->
<HTML><HEAD><TITLE>XySSL - SSL/TLS Server source code</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META http-equiv=Content-Script-Type content=text/javascript><LINK
href="XySSL - Server source code_files/style5.css" type=text/css
rel=stylesheet><LINK title="XySSL RSS feed" href="../../../rss.xml"
type=application/rss+xml rel=alternate><LINK href="../../../favicon.ico"
type=image/x-icon rel="shortcut icon"><!--[if IE]>
<STYLE type=text/css>#page {
}
</STYLE>
<![endif]-->
<META content="MSHTML 6.00.3790.2954" name=GENERATOR></HEAD>
<BODY text=#000000 bgColor=#ffffff>
<SCRIPT type=text/javascript></SCRIPT>
<DIV id=page>
<CENTER>
<TABLE cellSpacing=1 cellPadding=1 border=0>
<TBODY>
<TR>
<TD align=right><A href="http://xyssl.org/"><IMG height=70 alt=" XySSL "
src="XySSL - Server source code_files/logo.gif" width=205 border=0>
</A></TD>
<TD align=middle>
<DIV id=menutop>
<CENTER>
<TABLE cellSpacing=12 cellPadding=12 border=0>
<TBODY>
<TR align=middle>
<TD onmouseover="this.bgColor='#ffe7d6';"
onmouseout="this.bgColor='#f0f0f0';" bgColor=#f0f0f0><A
href="http://xyssl.org/code/">Source code</A> </TD>
<TD onmouseover="this.bgColor='#d6ffc7';"
onmouseout="this.bgColor='#f0f0f0';" bgColor=#f0f0f0><A
href="http://xyssl.org/docs/">Documentation</A> </TD>
<TD onmouseover="this.bgColor='#defbff';"
onmouseout="this.bgColor='#f0f0f0';" bgColor=#f0f0f0><A
href="http://xyssl.org/forum/">Community</A> </TD>
<TD onmouseover="this.bgColor='#fff0b0';"
onmouseout="this.bgColor='#f0f0f0';" bgColor=#f0f0f0><A
href="http://xyssl.org/about/"> About </A>
</TD></TR></TBODY></TABLE></CENTER></DIV></TD></TR>
<TR>
<TD class=menudiv align=right colSpan=2><!-- <A href="../../../enroll/">XySSL Root CA</A> <A HREF="https://xyssl.org/code/source/ssl_srv/"> <IMG alt="SSL" border=0 src="../../../static/ssl.gif" style="vertical-align: middle"></A> --></TD></TR>
<TR align=middle>
<TD class=pagehead colSpan=2><BR> <SPAN
class=underline> SSL/TLS Server source code </SPAN> <BR>
</TD></TR>
<TR align=left>
<TD class=pagebody colSpan=2>
<P>
<CENTER><B><A href="http://xyssl.org/code/source/md2/">MD2</A>.<A
href="http://xyssl.org/code/source/md4/">MD4</A>.<A
href="http://xyssl.org/code/source/md5/">MD5</A> | <A
href="http://xyssl.org/code/source/sha1/">SHA-1</A>.<A
href="http://xyssl.org/code/source/sha2/">SHA-256</A> | <A
href="http://xyssl.org/code/source/arc4/">ARC4</A>.<A
href="http://xyssl.org/code/source/des/">3DES</A>.<A
href="http://xyssl.org/code/source/aes/">AES</A> | <A
href="http://xyssl.org/code/source/bignum/">BN</A>.<A
href="http://xyssl.org/code/source/dhm/">DH</A>.<A
href="http://xyssl.org/code/source/rsa/">RSA</A> | <A
href="http://xyssl.org/code/source/x509read/">X509</A>.<A
href="http://xyssl.org/code/source/ssl_tls/">SSL/TLS</A>.<A
href="http://xyssl.org/code/source/ssl_cli/">CLI</A>.<A
href="http://xyssl.org/code/source/ssl_srv/"><U>SRV</U></A>
</B></CENTER><BR>
<TABLE cellSpacing=2 cellPadding=4 border=0>
<TBODY>
<TR>
<TD class=general style="FONT-SIZE: 100%" align=middle>Quickjump to:
<A
href="http://xyssl.org/code/source/ssl_srv/ssl_srv.c"><B>ssl_srv.c</B></A>
</TD></TR>
<TR>
<TD> </TD></TR>
<TR>
<TD class=general align=middle><A
href="http://xyssl.org/code/source/ssl_srv/ssl_srv.c"><B>C source
file: ssl_srv.c</B></A> </TD></TR>
<TR>
<TD class=general><PRE>/*
* SSLv3/TLSv1 server-side functions
*
* Copyright (C) 2006-2007 Christophe Devine
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License, version 2.1 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include "xyssl/net.h"
#include "xyssl/ssl.h"
static int ssl_get_session( ssl_context *ssl )
{
time_t t;
int offset;
unsigned char buf[128];
unsigned char hash[20];
if( ssl->sidtable == NULL || ssl->sidlen != 32 )
return( ERR_SSL_NO_SESSION_FOUND );
offset = ( (int) ssl->sessid[0] << 8 )
| ( (int) ssl->sessid[1] );
offset = ( offset % SSL_SESSION_TBL_LEN ) & ~127;
memcpy( buf, ssl->sidtable + offset, 128 );
/*
* Accept the session if:
*
* - the session ID matches
* - it has not expired yet
* - the checksum is correct
*/
if( memcmp( buf, ssl->sessid, 32 ) != 0 )
return( ERR_SSL_NO_SESSION_FOUND );
t = ( (time_t) buf[80] << 24 )
| ( (time_t) buf[81] << 16 )
| ( (time_t) buf[82] << 8 )
| ( (time_t) buf[83] );
if( time( NULL ) - t > SSL_EXPIRATION_TIME )
return( ERR_SSL_NO_SESSION_FOUND );
sha1( buf, 86, hash );
if( memcmp( buf + 86, hash, 20 ) != 0 )
return( ERR_SSL_NO_SESSION_FOUND );
memcpy( ssl->master, buf + 32, 48 );
ssl->cipher = ( (int) buf[84] << 8 )
| ( (int) buf[85] );
return( 0 );
}
static void ssl_set_session( ssl_context *ssl )
{
time_t t;
int offset;
unsigned char buf[128];
if( ssl->sidtable == NULL || ssl->sidlen != 32 )
return;
/*
* 0 . 31 session ID
* 32 . 79 master key
* 80 . 83 start time
* 84 . 85 chosen cipher
* 86 . 105 SHA1 checksum
*/
t = time( NULL );
memcpy( buf , ssl->sessid, 32 );
memcpy( buf + 32, ssl->master, 48 );
buf[80] = (unsigned char)( t >> 24 );
buf[81] = (unsigned char)( t >> 16 );
buf[82] = (unsigned char)( t >> 8 );
buf[83] = (unsigned char)( t );
buf[84] = ( ssl->cipher >> 8 );
buf[85] = ( ssl->cipher );
sha1( buf, 86, buf + 86 );
offset = ( (int) ssl->sessid[0] << 8 )
| ( (int) ssl->sessid[1] );
offset = ( offset % SSL_SESSION_TBL_LEN ) & ~127;
memcpy( ssl->sidtable + offset, buf, 128 );
}
static int ssl_parse_client_hello( ssl_context *ssl )
{
int ret, i, j, n;
int ciph_len, sess_len;
int chal_len, comp_len;
unsigned char *buf, *p;
buf = ssl->in_hdr;
if( ssl->in_left < 5 )
{
/*
* Handle partial reads, for non-blocking sockets
*/
n = 5 - ssl->in_left;
ret = net_recv( ssl->read_fd, buf + ssl->in_left, &n );
ssl->in_left += n;
if( ret != 0 )
return( ret );
}
if( ( buf[0] & 0x80 ) != 0 )
{
/*
* SSLv2 Client Hello
*
* Record layer:
* 0 . 1 message length
*
* SSL layer:
* 2 . 2 message type
* 3 . 4 protocol version
*/
if( buf[0] != 0x80 || buf[1] < 17 ||
buf[2] != SSL_HS_CLIENT_HELLO ||
buf[3] != SSLV3_MAJOR_VERSION )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
memcpy( ssl->max_ver, buf + 3, 2 );
ssl->major_ver = SSLV3_MAJOR_VERSION;
ssl->minor_ver = ( buf[4] <= TLS10_MINOR_VERSION )
? buf[4] : TLS10_MINOR_VERSION;
n = (int) buf[1] - 3;
if( ssl->in_left < 5 + n )
{
n -= ssl->in_left - 5;
ret = net_recv( ssl->read_fd, buf + ssl->in_left, &n );
ssl->in_left += n;
if( ret != 0 )
return( ret );
}
md5_starts( &ssl->hs_md5 );
md5_update( &ssl->hs_md5, buf + 2, (int) buf[1] );
sha1_starts( &ssl->hs_sha1 );
sha1_update( &ssl->hs_sha1, buf + 2, (int) buf[1] );
buf = ssl->in_msg;
n = ssl->in_left - 5;
/*
* 0 . 1 cipherlist length
* 2 . 3 session id length
* 4 . 5 challenge length
* 6 . .. cipherlist
* .. . .. session id
* .. . .. challenge
*/
ciph_len = ( (int) buf[0] << 8 ) | (int) buf[1];
sess_len = ( (int) buf[2] << 8 ) | (int) buf[3];
chal_len = ( (int) buf[4] << 8 ) | (int) buf[5];
if( ciph_len < 3 || ciph_len > 192 ||
( ciph_len % 3 ) != 0 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
if( sess_len < 0 || sess_len > 32 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
if( chal_len < 8 || chal_len > 32 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
if( n != 6 + ciph_len + sess_len + chal_len )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
p = buf + 6 + ciph_len;
memset( ssl->randbytes, 0, 64 );
memcpy( ssl->randbytes + 32 - chal_len, p, chal_len );
p += sess_len;
ssl->sidlen = sess_len;
memcpy( ssl->sessid, p, sess_len );
for( i = 0; ssl->cipherlist[i] != 0; i++ )
{
for( j = 0, p = buf + 6; j < ciph_len;
j += 3, p += 3 )
{
if( p[0] == 0 && p[1] == 0 &&
p[2] == ssl->cipherlist[i] )
goto have_cipher;
}
}
}
else
{
/*
* SSLv3 Client Hello
*
* Record layer:
* 0 . 0 message type
* 1 . 2 protocol version
* 3 . 4 message length
*/
if( buf[0] != SSL_MSG_HANDSHAKE ||
buf[1] != SSLV3_MAJOR_VERSION ||
buf[3] != 0 || buf[4] < 45 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
n = (int) buf[4];
if( ssl->in_left < 5 + n )
{
n -= ( ssl->in_left - 5 );
ret = net_recv( ssl->read_fd, buf + ssl->in_left, &n );
ssl->in_left += n;
if( ret != 0 )
return( ret );
}
buf = ssl->in_msg;
n = ssl->in_left - 5;
md5_starts( &ssl->hs_md5 );
md5_update( &ssl->hs_md5, buf, n );
sha1_starts( &ssl->hs_sha1 );
sha1_update( &ssl->hs_sha1, buf, n );
/*
* SSL layer:
* 0 . 0 handshake type
* 1 . 3 handshake length
* 4 . 5 protocol version
* 6 . 9 UNIX time()
* 10 . 37 random bytes
* 38 . 38 session id length
* 39 . 38+x session id
* 39+x . 40+x cipherlist length
* 41+x . .. cipherlist
* .. . .. compression alg.
*/
/* check the protocol version */
if( buf[0] != SSL_HS_CLIENT_HELLO ||
buf[4] != SSLV3_MAJOR_VERSION )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
ssl->major_ver = SSLV3_MAJOR_VERSION;
ssl->minor_ver = ( buf[5] <= TLS10_MINOR_VERSION )
? buf[5] : TLS10_MINOR_VERSION;
memcpy( ssl->max_ver , buf + 4, 2 );
memcpy( ssl->randbytes, buf + 6, 32 );
/* check the message length */
if( buf[1] != 0 || buf[2] != 0 || (int) buf[3] + 4 != n )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
/* check the session length */
sess_len = (int) buf[38];
if( sess_len < 0 || sess_len > 32 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
ssl->sidlen = sess_len;
memcpy( ssl->sessid, buf + 39, ssl->sidlen );
/* check the cipherlist length */
ciph_len = (int) buf[40 + sess_len];
if( ciph_len < 2 || ciph_len > 128 ||
( ciph_len % 2 ) != 0 )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
/* check the compression alg. length */
comp_len = (int) buf[41 + sess_len + ciph_len];
if( n != 42 + sess_len + ciph_len + comp_len )
return( ERR_SSL_BAD_HS_CLIENT_HELLO );
/* search for a matching cipher */
for( i = 0; ssl->cipherlist[i] != 0; i++ )
{
for( j = 0, p = buf + 41 + sess_len; j < ciph_len;
j += 2, p += 2 )
{
if( p[0] == 0 && p[1] == ssl->cipherlist[i] )
goto have_cipher;
}
}
}
return( ERR_SSL_NO_CIPHER_CHOSEN );
have_cipher:
ssl->cipher = ssl->cipherlist[i];
ssl->in_left = 0;
ssl->state++;
return( 0 );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -