“OpenSSL 1.1.1w 11 Sep 2023”
模块总览
| 名称 | 描述 |
| Ed25519 | EVP_PKEY 支持 Ed25519 和 Ed448 |
| Ed448 | EVP_PKEY 支持 Ed25519 和 Ed448 |
| RAND | 随机数生成器 |
| RAND_DRBG | 确定性随机位生成器 |
| RSA-PSS | EVP_PKEY RSA-PSS 算法支持 |
| SM2 | 支持国密算法 SM2 |
| X25519 | EVP_PKEY 支持 X25519 和 X448 |
| X448 | EVP_PKEY 支持 X25519 和 X448 |
| bio | 抽象基础I/O |
| crypto | OpenSSL 加密库 |
| ct | Certificate Transparency |
| des_modes | DES的变体和OpenSSL的其他加密算法 |
| evp | 高层加密函数 |
| ossl_store-file | The store ‘file’ scheme loader |
| ossl_store | 存储检索函数 |
| passphrase-encoding | 处理密码短语字符编码 |
| proxy-certificates | 代理证书 |
| scrypt | EVP_PKEY 支持 KDF |
| ssl | OpenSSL SSL/TLS 库 |
| x509 | X.509 证书相关 |
源码结构
-
ssl/ : ssl库相关的代码
-
include/:
-
crypto/ :
-
crypto/aes,crypto/des,crypto/bf,crypto/cast,ccrypto/omp等:对称加密算法,
-
crypto/asn1:ASN.1 编码和解码等,
-
crypto/bio:抽象IO,对各种输入输出进行抽象,包括文件、内存、标准输入输出、socke t和 SSL/TLS 协议等,
-
crypto/dh、crypto/dsa、crypto/ec,crypto/ecdh等:非对称加密算法,
-
crypto/md2、crypto/md4、crypto/md5,crypto/sha等:摘要算法,
-
crypto/hmac:HMAC (Hash-based Message Authentication Code)算法实现,
-
crypto/rand:伪随机数生成,支持用户自定义随机数生成,
-
crypto/x509:X.509 标准的证书相关代码,
-
crypto/bn:大数运算,主要用于非对称算法中密钥生成以及加解密操作,
-
crypto/engine:硬件引擎接口,
-
crypto/sm2,crypto/sm3,crypto/sm4 :商密算法,
-
demos/: 示例,
-
docs/: 文档,
-
tools/: 工具,c_rehash,
-
test/: 测试代码。
二进制文件
-
openssl
-
libssl.so
-
libcrypto.so
ssl
ssl 库是 OpenSSL 实现了 SSL v2/v3 和 TLS v1 协议,并提供了丰富的 API 。
SSL 对象创建:可以使用 SSL_CTX_new 接口创建一个 SSL_CTX 对象,用于建立 SSL/TLS 连接,并可在建立是选择证书、算法等配置。
SSL 对象关联连接:当一个网络连接建立之后(TCP/IP 完成握手后的socket),可将该连接赋予成 SSL 对象。在 SSL 对象创建之后,可以使用 SSL_new、SSL_set_fd或SSL_set_bio 接口将SSL对象与网络连接进行关联。
SSL 握手过程:SSL/TLS 协议的握手实现细节在 OpenSSL 的 SSL_accept 和 SSL_connect 中,只需要调用两接口即可实现握手。
SSL 数据传输:当 SSL 对象关联网络连接并调用上述接口完成握手之后,即可使用 SSL_read/SSL_read_ex 和 SSL_write/SSL_write_ex 进行读写加密数据。
SSL 关闭连接:关闭一个 SSL/TLS 连接可以使用 SSL_shutdown接口。
结构体
- SSL_METHOD (SSL Method)
- SSL_CIPHER (SSL Cipher)
- SSL_CTX (SSL Context)
- SSL_SESSION (SSL Session)
- SSL (SSL Connection)
SSL_METHOD (SSL Method)
ssl 库中与SSL/TLS协议版本(SSLv3, TLSv1)对应的SSL接口,该结构在创建 SSL_CTX 时需要。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
// include/openssl/ssl.h
typedef struct ssl_method_st SSL_METHOD;
// ssl/ssl_local.h
/* Used to hold SSL/TLS functions */
struct ssl_method_st {
int version;
unsigned flags;
unsigned long mask;
int (*ssl_new) (SSL *s);
int (*ssl_clear) (SSL *s);
void (*ssl_free) (SSL *s);
int (*ssl_accept) (SSL *s);
int (*ssl_connect) (SSL *s);
int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes);
int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written);
int (*ssl_shutdown) (SSL *s);
int (*ssl_renegotiate) (SSL *s);
int (*ssl_renegotiate_check) (SSL *s, int);
int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
unsigned char *buf, size_t len, int peek,
size_t *readbytes);
int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len,
size_t *written);
int (*ssl_dispatch_alert) (SSL *s);
long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
size_t *len);
size_t (*ssl_pending) (const SSL *s);
int (*num_ciphers) (void);
const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
long (*get_timeout) (void);
const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version) (void);
long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
|
SSL_SESSION (SSL Session)
该结构包含了当前 SSL/TLS 连接的会话信息,比如:密码套件、证书和密钥等。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
typedef struct ssl_session_st SSL_SESSION;
/*-
* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET STRING, -- the 3 byte cipher ID
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
* flags [ 13 ] EXPLICIT INTEGER -- optional flags
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
struct ssl_session_st {
int ssl_version; /* what ssl version session info is being kept
* in here? */
size_t master_key_length;
/* TLSv1.3 early_secret used for external PSKs */
unsigned char early_secret[EVP_MAX_MD_SIZE];
/*
* For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
* PSK
*/
unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH];
/* session_id - valid? */
size_t session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
/*
* this is used to determine whether the session is being reused in the
* appropriate context. It is up to the application to set this, via
* SSL_new
*/
size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
# ifndef OPENSSL_NO_PSK
char *psk_identity_hint;
char *psk_identity;
# endif
/*
* Used to indicate that session resumption is not allowed. Applications
* can also set this bit for a new session via not_resumable_session_cb
* to disable session caching and tickets.
*/
int not_resumable;
/* This is the cert and type for the other end. */
X509 *peer;
/* Certificate chain peer sent. */
STACK_OF(X509) *peer_chain;
/*
* when app_verify_callback accepts a session where the peer's
* certificate is not ok, we must remember the error for session reuse:
*/
long verify_result; /* only for servers */
CRYPTO_REF_COUNT references;
long timeout;
long time;
unsigned int compress_meth; /* Need to lookup the method */
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
* load the 'cipher' structure */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
* implement a maximum cache size.
*/
struct ssl_session_st *prev, *next;
struct {
char *hostname;
/* RFC4507 info */
unsigned char *tick; /* Session ticket */
size_t ticklen; /* Session ticket length */
/* Session lifetime hint in seconds */
unsigned long tick_lifetime_hint;
uint32_t tick_age_add;
/* Max number of bytes that can be sent as early data */
uint32_t max_early_data;
/* The ALPN protocol selected for this session */
unsigned char *alpn_selected;
size_t alpn_selected_len;
/*
* Maximum Fragment Length as per RFC 4366.
* If this value does not contain RFC 4366 allowed values (1-4) then
* either the Maximum Fragment Length Negotiation failed or was not
* performed at all.
*/
uint8_t max_fragment_len_mode;
} ext;
# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
unsigned char *ticket_appdata;
size_t ticket_appdata_len;
uint32_t flags;
CRYPTO_RWLOCK *lock;
};
|
SSL_CTX (SSL Context)
全局上下文结构体,由服务端或客户端在每个生命周期中创建一次,该结构体主要保存稍后为连接创建的SSL结构的默认值。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
|
typedef struct ssl_ctx_st SSL_CTX;
struct ssl_ctx_st {
const SSL_METHOD *method;
STACK_OF(SSL_CIPHER) *cipher_list;
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
struct x509_store_st /* X509_STORE */ *cert_store;
LHASH_OF(SSL_SESSION) *sessions;
/*
* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
*/
size_t session_cache_size;
struct ssl_session_st *session_cache_head;
struct ssl_session_st *session_cache_tail;
/*
* This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
* SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
* means only SSL_accept will cache SSL_SESSIONS.
*/
uint32_t session_cache_mode;
/*
* If timeout is not 0, it is the default timeout value set when
* SSL_new() is called. This has been put in to make life easier to set
* things up
*/
long session_timeout;
/*
* If this callback is not null, it will be called each time a session id
* is added to the cache. If this function returns 1, it means that the
* callback will do a SSL_SESSION_free() when it has finished using it.
* Otherwise, on 0, it means the callback has finished with it. If
* remove_session_cb is not null, it will be called when a session-id is
* removed from the cache. After the call, OpenSSL will
* SSL_SESSION_free() it.
*/
int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
const unsigned char *data, int len,
int *copy);
struct {
TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */
TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */
TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */
TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */
TSAN_QUALIFIER int sess_miss; /* session lookup misses */
TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */
TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */
TSAN_QUALIFIER int sess_hit; /* session reuse actually done */
TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in
* the cache was passed back via
* the callback. This indicates
* that the application is
* supplying session-id's from
* other processes - spooky
* :-) */
} stats;
CRYPTO_REF_COUNT references;
/* if defined, these override the X509_verify_cert() calls */
int (*app_verify_callback) (X509_STORE_CTX *, void *);
void *app_verify_arg;
/*
* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
* ('app_verify_callback' was called with just one argument)
*/
/* Default password callback. */
pem_password_cb *default_passwd_callback;
/* Default password callback user data. */
void *default_passwd_callback_userdata;
/* get client cert callback */
int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
/* cookie generate callback */
int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
/* verify cookie callback */
int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len);
/* TLS1.3 app-controlled cookie generate callback */
int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
size_t *cookie_len);
/* TLS1.3 verify app-controlled cookie callback */
int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
size_t cookie_len);
CRYPTO_EX_DATA ex_data;
const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
STACK_OF(X509) *extra_certs;
STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
/* Default values used when no per-SSL value is defined follow */
/* used if SSL's info_callback is NULL */
void (*info_callback) (const SSL *ssl, int type, int val);
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
* earlier versions. If client_ca_names is populated then it is only used
* for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
* SSL_new)
*/
uint32_t options;
uint32_t mode;
int min_proto_version;
int max_proto_version;
size_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
uint32_t verify_mode;
size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* called 'verify_callback' in the SSL */
int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
X509_VERIFY_PARAM *param;
int quiet_shutdown;
# ifndef OPENSSL_NO_CT
CTLOG_STORE *ctlog_store; /* CT Log Store */
/*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
ssl_ct_validation_cb ct_validation_callback;
void *ct_validation_callback_arg;
# endif
/*
* If we're using more than one pipeline how should we divide the data
* up between the pipes?
*/
size_t split_send_fragment;
/*
* Maximum amount of data to send in one fragment. actual record size can
* be more than this due to padding and MAC overheads.
*/
size_t max_send_fragment;
/* Up to how many pipelines should we use? If 0 then 1 is assumed */
size_t max_pipelines;
/* The default read buffer length to use (0 means not set) */
size_t default_read_buf_len;
# ifndef OPENSSL_NO_ENGINE
/*
* Engine to pass requests for client certs to
*/
ENGINE *client_cert_engine;
# endif
/* ClientHello callback. Mostly for extensions, but not entirely. */
SSL_client_hello_cb_fn client_hello_cb;
void *client_hello_cb_arg;
/* TLS extensions. */
struct {
/* TLS extensions servername callback */
int (*servername_cb) (SSL *, int *, void *);
void *servername_arg;
/* RFC 4507 session ticket keys */
unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
SSL_CTX_EXT_SECURE *secure;
/* Callback to support customisation of ticket key setting */
int (*ticket_key_cb) (SSL *ssl,
unsigned char *name, unsigned char *iv,
EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
/* certificate status request info */
/* Callback for status request */
int (*status_cb) (SSL *ssl, void *arg);
void *status_arg;
/* ext status type used for CSR extension (OCSP Stapling) */
int status_type;
/* RFC 4366 Maximum Fragment Length Negotiation */
uint8_t max_fragment_len_mode;
# ifndef OPENSSL_NO_EC
/* EC extension values inherited by SSL structure */
size_t ecpointformats_len;
unsigned char *ecpointformats;
size_t supportedgroups_len;
uint16_t *supportedgroups;
# endif /* OPENSSL_NO_EC */
/*
* ALPN information (we are in the process of transitioning from NPN to
* ALPN.)
*/
/*-
* For a server, this contains a callback function that allows the
* server to select the protocol for the connection.
* out: on successful return, this must point to the raw protocol
* name (without the length prefix).
* outlen: on successful return, this contains the length of |*out|.
* in: points to the client's list of supported protocols in
* wire-format.
* inlen: the length of |in|.
*/
int (*alpn_select_cb) (SSL *s,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen, void *arg);
void *alpn_select_cb_arg;
/*
* For a client, this contains the list of supported protocols in wire
* format.
*/
unsigned char *alpn;
size_t alpn_len;
# ifndef OPENSSL_NO_NEXTPROTONEG
/* Next protocol negotiation information */
/*
* For a server, this contains a callback function by which the set of
* advertised protocols can be provided.
*/
SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
void *npn_advertised_cb_arg;
/*
* For a client, this contains a callback function that selects the next
* protocol from the list provided by the server.
*/
SSL_CTX_npn_select_cb_func npn_select_cb;
void *npn_select_cb_arg;
# endif
unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH];
} ext;
# ifndef OPENSSL_NO_PSK
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb;
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
# endif
/* Shared DANE context */
struct dane_ctx_st dane;
# ifndef OPENSSL_NO_SRTP
/* SRTP profiles we are willing to do from RFC 5764 */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
CRYPTO_RWLOCK *lock;
/*
* Callback for logging key material for use with debugging tools like
* Wireshark. The callback should log `line` followed by a newline.
*/
SSL_CTX_keylog_cb_func keylog_callback;
/*
* The maximum number of bytes advertised in session tickets that can be
* sent as early data.
*/
uint32_t max_early_data;
/*
* The maximum number of bytes of early data that a server will tolerate
* (which should be at least as much as max_early_data).
*/
uint32_t recv_max_early_data;
/* TLS1.3 padding callback */
size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
void *record_padding_arg;
size_t block_padding;
/* Session ticket appdata */
SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
void *ticket_cb_data;
/* The number of TLS1.3 tickets to automatically send */
size_t num_tickets;
/* Callback to determine if early_data is acceptable or not */
SSL_allow_early_data_cb_fn allow_early_data_cb;
void *allow_early_data_cb_data;
/* Do we advertise Post-handshake auth support? */
int pha_enabled;
};
|
SSL_CIPHER (SSL Cipher)
此结构保存特定的密码算法信息。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
typedef struct ssl_cipher_st SSL_CIPHER;
// ssl/ssl_local.h
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
uint32_t valid;
const char *name; /* text name */
const char *stdname; /* RFC name */
uint32_t id; /* id, 4 bytes, first is version */
/*
* changed in 1.0.0: these four used to be portions of a single value
* 'algorithms'
*/
uint32_t algorithm_mkey; /* key exchange algorithm */
uint32_t algorithm_auth; /* server authentication */
uint32_t algorithm_enc; /* symmetric encryption */
uint32_t algorithm_mac; /* symmetric authentication */
int min_tls; /* minimum SSL/TLS protocol version */
int max_tls; /* maximum SSL/TLS protocol version */
int min_dtls; /* minimum DTLS protocol version */
int max_dtls; /* maximum DTLS protocol version */
uint32_t algo_strength; /* strength and export flags */
uint32_t algorithm2; /* Extra flags */
int32_t strength_bits; /* Number of bits really used */
uint32_t alg_bits; /* Number of bits for algorithm */
};
|
SSL (SSL Connect)
此结构是 ssl 库 API 的核心结构体,客户端和服务端会为每个已建立的连接创建对应的 SSL 对象,该结构几乎与其他结构都有关联。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
|
typedef struct ssl_st SSL;
// ssl/ssl_local.h
struct ssl_st {
/*
* protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
* DTLS1_VERSION)
*/
int version;
/* SSLv3 */
const SSL_METHOD *method;
/*
* There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers
*/
/* used by SSL_read */
BIO *rbio;
/* used by SSL_write */
BIO *wbio;
/* used during session-id reuse to concatenate messages */
BIO *bbio;
/*
* This holds a variable that indicates what we were doing when a 0 or -1
* is returned. This is needed for non-blocking IO so we know what
* request needs re-doing when in SSL_accept or SSL_connect
*/
int rwstate;
int (*handshake_func) (SSL *);
/*
* Imagine that here's a boolean member "init" that is switched as soon
* as SSL_set_{accept/connect}_state is called for the first time, so
* that "state" and "handshake_func" are properly initialized. But as
* handshake_func is == 0 until then, we use this test instead of an
* "init" member.
*/
/* are we the server side? */
int server;
/*
* Generate a new session or reuse an old one.
* NB: For servers, the 'new' session may actually be a previously
* cached session or even the previous session unless
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
*/
int new_session;
/* don't send shutdown packets */
int quiet_shutdown;
/* we have shut things down, 0x01 sent, 0x02 for received */
int shutdown;
/* where we are */
OSSL_STATEM statem;
SSL_EARLY_DATA_STATE early_data_state;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by
* ssl3_get_message() */
size_t init_num; /* amount read/written */
size_t init_off; /* amount read/written */
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
/* callback that allows applications to peek at protocol messages */
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
STACK_OF(SSL_CIPHER) *peer_ciphers;
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
/*
* These are the ones being used, the ones in SSL_SESSION are the ones to
* be 'copied' into these ones
*/
uint32_t mac_flags;
/*
* The TLS1.3 secrets.
*/
unsigned char early_secret[EVP_MAX_MD_SIZE];
unsigned char handshake_secret[EVP_MAX_MD_SIZE];
unsigned char master_secret[EVP_MAX_MD_SIZE];
unsigned char resumption_master_secret[EVP_MAX_MD_SIZE];
unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
EVP_MD_CTX *read_hash; /* used for mac generation */
COMP_CTX *compress; /* compression */
COMP_CTX *expand; /* uncompress */
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
EVP_MD_CTX *write_hash; /* used for mac generation */
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/*
* The hash of all messages prior to the CertificateVerify, and the length
* of that hash.
*/
unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
size_t cert_verify_hash_len;
/* Flag to indicate whether we should send a HelloRetryRequest or not */
enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
hello_retry_request;
/*
* the session_id_context is used to ensure sessions are only reused in
* the appropriate context
*/
size_t sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This can also be in the session once a session is established */
SSL_SESSION *session;
/* TLSv1.3 PSK session */
SSL_SESSION *psksession;
unsigned char *psksession_id;
size_t psksession_id_len;
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
/*
* The temporary TLSv1.3 session id. This isn't really a session id at all
* but is a random value sent in the legacy session id field.
*/
unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
size_t tmp_session_id_len;
/* Used in SSL3 */
/*
* 0 don't care about verify failure.
* 1 fail if verify fails
*/
uint32_t verify_mode;
/* fail if callback returns 0 */
int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
/* optional informational callback */
void (*info_callback) (const SSL *ssl, int type, int val);
/* error bytes to be written */
int error;
/* actual code */
int error_code;
# ifndef OPENSSL_NO_PSK
SSL_psk_client_cb_func psk_client_callback;
SSL_psk_server_cb_func psk_server_callback;
# endif
SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb;
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
* earlier versions. If client_ca_names is populated then it is only used
* for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
/* API behaviour */
uint32_t mode;
int min_proto_version;
int max_proto_version;
size_t max_cert_list;
int first_packet;
/*
* What was passed in ClientHello.legacy_version. Used for RSA pre-master
* secret and SSLv3/TLS (<=1.2) rollback check
*/
int client_version;
/*
* If we're using more than one pipeline how should we divide the data
* up between the pipes?
*/
size_t split_send_fragment;
/*
* Maximum amount of data to send in one fragment. actual record size can
* be more than this due to padding and MAC overheads.
*/
size_t max_send_fragment;
/* Up to how many pipelines should we use? If 0 then 1 is assumed */
size_t max_pipelines;
struct {
/* Built-in extension flags */
uint8_t extflags[TLSEXT_IDX_num_builtins];
/* TLS extension debug callback */
void (*debug_cb)(SSL *s, int client_server, int type,
const unsigned char *data, int len, void *arg);
void *debug_arg;
char *hostname;
/* certificate status request info */
/* Status type or -1 if no status type */
int status_type;
/* Raw extension data, if seen */
unsigned char *scts;
/* Length of raw extension data, if seen */
uint16_t scts_len;
/* Expect OCSP CertificateStatus message */
int status_expected;
struct {
/* OCSP status request only */
STACK_OF(OCSP_RESPID) *ids;
X509_EXTENSIONS *exts;
/* OCSP response received or to be sent */
unsigned char *resp;
size_t resp_len;
} ocsp;
/* RFC4507 session ticket expected to be received or sent */
int ticket_expected;
# ifndef OPENSSL_NO_EC
size_t ecpointformats_len;
/* our list */
unsigned char *ecpointformats;
size_t peer_ecpointformats_len;
/* peer's list */
unsigned char *peer_ecpointformats;
# endif /* OPENSSL_NO_EC */
size_t supportedgroups_len;
/* our list */
uint16_t *supportedgroups;
size_t peer_supportedgroups_len;
/* peer's list */
uint16_t *peer_supportedgroups;
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *session_ticket;
/* TLS Session Ticket extension callback */
tls_session_ticket_ext_cb_fn session_ticket_cb;
void *session_ticket_cb_arg;
/* TLS pre-shared secret session resumption */
tls_session_secret_cb_fn session_secret_cb;
void *session_secret_cb_arg;
/*
* For a client, this contains the list of supported protocols in wire
* format.
*/
unsigned char *alpn;
size_t alpn_len;
/*
* Next protocol negotiation. For the client, this is the protocol that
* we sent in NextProtocol and is set when handling ServerHello
* extensions. For a server, this is the client's selected_protocol from
* NextProtocol and is set when handling the NextProtocol message, before
* the Finished message.
*/
unsigned char *npn;
size_t npn_len;
/* The available PSK key exchange modes */
int psk_kex_mode;
/* Set to one if we have negotiated ETM */
int use_etm;
/* Are we expecting to receive early data? */
int early_data;
/* Is the session suitable for early data? */
int early_data_ok;
/* May be sent by a server in HRR. Must be echoed back in ClientHello */
unsigned char *tls13_cookie;
size_t tls13_cookie_len;
/* Have we received a cookie from the client? */
int cookieok;
/*
* Maximum Fragment Length as per RFC 4366.
* If this member contains one of the allowed values (1-4)
* then we should include Maximum Fragment Length Negotiation
* extension in Client Hello.
* Please note that value of this member does not have direct
* effect. The actual (binding) value is stored in SSL_SESSION,
* as this extension is optional on server side.
*/
uint8_t max_fragment_len_mode;
/*
* On the client side the number of ticket identities we sent in the
* ClientHello. On the server side the identity of the ticket we
* selected.
*/
int tick_identity;
} ext;
/*
* Parsed form of the ClientHello, kept around across client_hello_cb
* calls.
*/
CLIENTHELLO_MSG *clienthello;
/*-
* no further mod of servername
* 0 : call the servername extension callback.
* 1 : prepare 2, allow last ack just after in server callback.
* 2 : don't call servername callback, no ack in server hello
*/
int servername_done;
# ifndef OPENSSL_NO_CT
/*
* Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
* If they are not, the connection should be aborted.
*/
ssl_ct_validation_cb ct_validation_callback;
/* User-supplied argument that is passed to the ct_validation_callback */
void *ct_validation_callback_arg;
/*
* Consolidated stack of SCTs from all sources.
* Lazily populated by CT_get_peer_scts(SSL*)
*/
STACK_OF(SCT) *scts;
/* Have we attempted to find/parse SCTs yet? */
int scts_parsed;
# endif
SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
# ifndef OPENSSL_NO_SRTP
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
SRTP_PROTECTION_PROFILE *srtp_profile;
# endif
/*-
* 1 if we are renegotiating.
* 2 if we are a server and are inside a handshake
* (i.e. not just sending a HelloRequest)
*/
int renegotiate;
/* If sending a KeyUpdate is pending */
int key_update;
/* Post-handshake authentication state */
SSL_PHA_STATE post_handshake_auth;
int pha_enabled;
uint8_t* pha_context;
size_t pha_context_len;
int certreqs_sent;
EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */
# ifndef OPENSSL_NO_SRP
/* ctx for SRP authentication */
SRP_CTX srp_ctx;
# endif
/*
* Callback for disabling session caching and ticket support on a session
* basis, depending on the chosen cipher.
*/
int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
RECORD_LAYER rlayer;
/* Default password callback. */
pem_password_cb *default_passwd_callback;
/* Default password callback user data. */
void *default_passwd_callback_userdata;
/* Async Job info */
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
size_t asyncrw;
/*
* The maximum number of bytes advertised in session tickets that can be
* sent as early data.
*/
uint32_t max_early_data;
/*
* The maximum number of bytes of early data that a server will tolerate
* (which should be at least as much as max_early_data).
*/
uint32_t recv_max_early_data;
/*
* The number of bytes of early data received so far. If we accepted early
* data then this is a count of the plaintext bytes. If we rejected it then
* this is a count of the ciphertext bytes.
*/
uint32_t early_data_count;
/* TLS1.3 padding callback */
size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
void *record_padding_arg;
size_t block_padding;
CRYPTO_RWLOCK *lock;
/* The number of TLS1.3 tickets to automatically send */
size_t num_tickets;
/* The number of TLS1.3 tickets actually sent so far */
size_t sent_tickets;
/* The next nonce value to use when we send a ticket on this connection */
uint64_t next_ticket_nonce;
/* Callback to determine if early_data is acceptable or not */
SSL_allow_early_data_cb_fn allow_early_data_cb;
void *allow_early_data_cb_data;
/*
* Signature algorithms shared by client and server: cached because these
* are used most often.
*/
const struct sigalg_lookup_st **shared_sigalgs;
size_t shared_sigalgslen;
};
|
API
SSLv2_client_method, SSLv2_server_method and SSLv2_method were removed in OpenSSL 1.1.0.
由以下 C 头文件提供 ssl 库的相关结构体和函数接口:
- ssl.h
- ssh3.h 与SSLv3相关
- tls1.h TLSv1相关
部分函数:
const SSL_METHOD *TLS_method(void);
const SSL_METHOD *TLS_client_method(void);
const SSL_METHOD *TLS_server_method(void);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
int SSL_do_handshake(SSL *ssl);
SSL *SSL_dup(SSL *ssl);
SSL *SSL_new(SSL_CTX *ctx);
int SSL_read(SSL *ssl, void *buf, int num);
int SSL_write(SSL *ssl, const void *buf, int num);
…..
crypto
OpenSSL加密库实现了各种Internet标准中使用的广泛的加密算法。该库提供的服务被SSL、TLS和S/MIME的OpenSSL实现所使用,它们也被用于实现SSH、OpenPGP和其他加密标准。
libcrypto 由许多子算法组成,包括对称加密、公钥加密和密钥协议、证书处理、加密散列函数、加密伪随机数生成器和各种实用程序。
bio
BIO 是一个抽象接口,隐藏了许多底层的I/O细节。如果应用程序使用BIO进行I/O,它可以提供透明地处理SSL连接,未加密地网络连接和文件I/O。
BIO 有两种类型:
source IO 表示发送数据的地方,sink 表示接收数据的地方
filter IO 表示对数据进行处理或转换的组件
source/sink I/O 关注数据的流向,filter I/O 关注数据的处理
-
source/sink I/O,eg. Socket I/O, File I/O
-
filter I/O, eg. encyption I/O
多个BIO可以组成BIO链,一个常规的BIO链包含source/sink I/O 和 多个 filter I/O。
一些BIO(比如内存BIO)可以在调用BIO_new()折后立即使用,而有些则需要额外的初始化过程。如果对 BIO 链调用 BIO_free() ,那么它将只释放一个BIO,从而导致内存泄漏。对单个BIO调用 BIO_free_all() 与在其上调用 BIO_free() 具有同样的效果。
BIO_s_*() 表示 source/sink BIO 的函数
BIO_f_*() 表示 filter BIO 的函数
结构体
BIO 分类:
BIO 类型:
source/sink BIO
-
BIO_TYPE_MEM
-
BIO_TYPE_FILE
-
BIO_TYPE_FD
-
BIO_TYPE_SOCKET
-
BIO_TYPE_NULL
-
BIO_TYPE_CONNECT
-
BIO_TYPE_ACCEPT
filter BIO:
-
BIO_TYPE_SSL
-
BIO_TYPE_BUFFER
-
BIO_TYPE_CIPHER
-
BIO_TYPE_BASE64
BIO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
struct bio_st {
const BIO_METHOD *method;
/* bio, mode, argp, argi, argl, ret */
BIO_callback_fn callback;
BIO_callback_fn_ex callback_ex;
char *cb_arg; /* first argument for the callback */
int init;
int shutdown;
int flags; /* extra storage */
int retry_reason;
int num;
void *ptr;
struct bio_st *next_bio; /* used by filter BIOs */
struct bio_st *prev_bio; /* used by filter BIOs */
CRYPTO_REF_COUNT references;
uint64_t num_read;
uint64_t num_write;
CRYPTO_EX_DATA ex_data;
CRYPTO_RWLOCK *lock;
};
|
BIO_METHOD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
typedef struct bio_method_st BIO_METHOD;
struct bio_method_st {
int type;
char *name;
int (*bwrite) (BIO *, const char *, size_t, size_t *);
int (*bwrite_old) (BIO *, const char *, int);
int (*bread) (BIO *, char *, size_t, size_t *);
int (*bread_old) (BIO *, char *, int);
int (*bputs) (BIO *, const char *);
int (*bgets) (BIO *, char *, int);
long (*ctrl) (BIO *, int, long, void *);
int (*create) (BIO *);
int (*destroy) (BIO *);
long (*callback_ctrl) (BIO *, int, BIO_info_cb *);
};
|
API
对于文件,在OpenSSL 中与BIO相关的代码主要在crypto/bio中,其中:
对于函数,
参考链接
OpenSSL overviews
openssl源码目录结构 - mingzhang - 博客园 (cnblogs.com)
/docs/man1.1.1/man7/ssl.html (openssl.org)
/docs/man1.1.1/man7/crypto.html (openssl.org)
/docs/man1.1.1/man7/bio.html (openssl.org)
