#include "ns.h"#include "ssl.h"#include "ssltcl.h"#include "x509.h"#include <ctype.h>Data Structures | |
| struct | ClientHello |
| struct | ServerHello |
| struct | ClientMasterKey |
Defines | |
| #define | ATOU16(X) (((((unsigned char*)X)[0])<<8)|(((unsigned char*)X)[1])) |
| #define | ATOU24(X) ((((unsigned char*)X)[0]<<16)|ATOU16(((unsigned char*)X)+1)) |
Functions | |
| int | NsSSLGenerateKeypair (unsigned int modulusBits, ITEM *publicExponent, B_KEY_OBJ *publicKey, B_KEY_OBJ *privateKey) |
| int | NsSSLInitialize (char *server, char *module) |
| void * | NsSSLCreateServer (char *cert, char *key) |
| void | NsSSLDestroyServer (void *server) |
| void * | NsSSLCreateConn (SOCKET socket, int timeout, void *server) |
| void | NsSSLDestroyConn (void *conn) |
| int | NsSSLSend (void *conn, void *vbuf, int towrite) |
| int | NsSSLRecv (void *conn, void *vbuf, int toread) |
| int | NsSSLFlush (void *conn) |
Variables | |
| B_ALGORITHM_METHOD * | ALGORITHM_CHOOSER [] |
| B_ALGORITHM_METHOD * | DIGEST_CHOOSER [] |
| #define ATOU16 | ( | X | ) | (((((unsigned char*)X)[0])<<8)|(((unsigned char*)X)[1])) |
Constants and macros
| #define ATOU24 | ( | X | ) | ((((unsigned char*)X)[0]<<16)|ATOU16(((unsigned char*)X)+1)) |
| void* NsSSLCreateConn | ( | SOCKET | socket, | |
| int | timeout, | |||
| void * | server | |||
| ) |
----------------------------------------------------------------------
NsSSLCreateConn --
Create the ubiquitous conn structure for a new SSL connection. In order to create a conn for SSL, lots of work is done for public key exchange, private session key exchange, and random number generation. Note that RSA is only used for the private session key exchange, after which a conventional cipher with a message digest (if requested) is used.
Results: Pointer to the conn.
Side effects: The conn is created. Encryption objects are created and (hopefully) destroyed.
----------------------------------------------------------------------
At the moment we don't do client certificates. (I think that's why this variable is disabled.)
unsigned char certificateChallengeData[32];
Get CLIENT-HELLO.
This is not something to get concerned about.
This is not something to get worried about. If the browser is that messed up it will drop the connection, anyway.
Get a new session id (a random number).
Make the SERVER-HELLO.
Send the SERVER-HELLO.
Get the CLIENT-MASTER-KEY.
Decode CLIENT-MASTER-KEY.
Decrypt secret session key. You know the BSAFE drill by now.
Get the KEY-ARG-DATA if there is any.
Figure out the cipher block size.
Send the SERVER-VERIFY message.
Get the CLIENT-FINISHED-V2 or CLIENT-FINISHED message.
We probably should verify that the CLIENT-FINISHED message is correct at this point but we don't because it doesn't really matter once the connection was closed.
Create a new session ID.
Send the SERVER-FINISHED-V2 message.
Clean up the RSA object if it hasn't been cleaned up already.
| void* NsSSLCreateServer | ( | char * | cert, | |
| char * | key | |||
| ) |
----------------------------------------------------------------------
NsSSLCreateServer --
Sets up SSL data structures at server startup. The server's private key and certificate are loaded
Results: The SSLServer context (sPtr).
Side effects: SSLServer context is created.
----------------------------------------------------------------------
| void NsSSLDestroyConn | ( | void * | conn | ) |
----------------------------------------------------------------------
NsSSLDestroyConn --
Destroy the ubiquitous conn structure for the SSL connection. This code enters a critical section at the beginning to update the random number so it isn't used again in another session.
Results: None
Side effects: The conn and all its data structures are (hopefully) freed. Encryption objects are created and (hopefully) destroyed.
----------------------------------------------------------------------
Make a new random number.
Burn all the algorithm objects for the digester, encryptor, and decryptor if they haven't been destroyed already.
Burn the key objects so they can't be found in memory again if something hasn't already done so.
| void NsSSLDestroyServer | ( | void * | server | ) |
----------------------------------------------------------------------
NsSSLDestroyServer --
Cleans up after the server and frees up the SSLServer context. This is only called when AOLserver is shutting down.
Results: None.
Side effects: SSLServer context is freed.
----------------------------------------------------------------------
| int NsSSLFlush | ( | void * | conn | ) |
----------------------------------------------------------------------
NsSSLFlush --
Flush data waiting to be sent.
Results: NS_OK or NS_ERROR.
Side effects:
----------------------------------------------------------------------
Note: macSize % blockSize == 0
| int NsSSLGenerateKeypair | ( | unsigned int | modulusBits, | |
| ITEM * | publicExponent, | |||
| B_KEY_OBJ * | publicKey, | |||
| B_KEY_OBJ * | privateKey | |||
| ) |
----------------------------------------------------------------------
NsSSLGenerateKeypair --
Generates an RSA key pair of modulusBits size. If publicExponent!=NULL it will use it instead of the normal F4 prime.
input: &publicKey, &privateKey (uninitialized key objects)
Note: This is used in stand-alone mode (keygen.tcl) only. See readme.txt for more information.
Results: A keypair is created and placed in publicKey, privateKey.
Side effects: Memory is allocated to hold the publicKey, privateKey.
----------------------------------------------------------------------
| int NsSSLInitialize | ( | char * | server, | |
| char * | module | |||
| ) |
----------------------------------------------------------------------
NsSSLInitialize --
Set up SSL data structures at server startup. Random number is generated, shutdown handle is registered, Tcl commands (if any) are registered.
Results: NS_OK
Side effects: See Ns_GenSeeds, RandomCleanup, and NSSSLInterpInit.
Variable "initialized" is global.
----------------------------------------------------------------------
| int NsSSLRecv | ( | void * | conn, | |
| void * | vbuf, | |||
| int | toread | |||
| ) |
----------------------------------------------------------------------
NsSSLRecv --
Read data from the connection.
Results: The number of bytes received.
Notice: -1 is returned on error.
Side effects: vbuf contains the data read.
----------------------------------------------------------------------
Note that we're returning -1 here.
| int NsSSLSend | ( | void * | conn, | |
| void * | vbuf, | |||
| int | towrite | |||
| ) |
----------------------------------------------------------------------
NsSSLSend --
Send data out to the connection.
Results: The number of bytes sent.
Notice: -1 is returned on error.
Side effects: None.
----------------------------------------------------------------------
Note: macSize % blockSize == 0
Note that we're returning -1 here.
| B_ALGORITHM_METHOD* ALGORITHM_CHOOSER[] |
Initial value:
{
&AM_DES_CBC_DECRYPT,
&AM_DES_CBC_ENCRYPT,
&AM_DES_EDE3_CBC_DECRYPT,
&AM_DES_EDE3_CBC_ENCRYPT,
&AM_MD5,
&AM_MD5_RANDOM,
&AM_MD,
&AM_RC2_CBC_DECRYPT,
&AM_RC2_CBC_ENCRYPT,
&AM_RC4_DECRYPT,
&AM_RC4_ENCRYPT,
&AM_RSA_CRT_DECRYPT,
&AM_RSA_CRT_ENCRYPT,
&AM_RSA_KEY_GEN,
(B_ALGORITHM_METHOD *) NULL
}
| B_ALGORITHM_METHOD* DIGEST_CHOOSER[] |
Initial value:
{
&AM_MD5,
(B_ALGORITHM_METHOD *) NULL
}
1.5.1