openssl源代码分析.docx
《openssl源代码分析.docx》由会员分享,可在线阅读,更多相关《openssl源代码分析.docx(57页珍藏版)》请在冰豆网上搜索。
openssl源代码分析
Openssl源代码的特点:
1、openssl中只有实现而没有调用的函数
2、openssl中各系列的函数都是用宏定义的(因而无法用代码浏览工具找到其定义)
用于定义X509的new、free、i2d和d2i函数的宏:
1、函数声明DECLARE_ASN1_FUNCTIONS(X509)
用于声明函数x509\x509.h
在openssl中的具体定义如下:
asn1\asn1.h
/*DeclareASN1functions:
theimplementmacroininasn1t.h*/
#defineDECLARE_ASN1_FUNCTIONS(type)DECLARE_ASN1_FUNCTIONS_name(type,type)
#defineDECLARE_ASN1_ALLOC_FUNCTIONS(type)\
DECLARE_ASN1_ALLOC_FUNCTIONS_name(type,type)
#defineDECLARE_ASN1_FUNCTIONS_name(type,name)\
DECLARE_ASN1_ALLOC_FUNCTIONS_name(type,name)\
DECLARE_ASN1_ENCODE_FUNCTIONS(type,name,name)
#defineDECLARE_ASN1_FUNCTIONS_fname(type,itname,name)\
DECLARE_ASN1_ALLOC_FUNCTIONS_name(type,name)\
DECLARE_ASN1_ENCODE_FUNCTIONS(type,itname,name)
#defineDECLARE_ASN1_ENCODE_FUNCTIONS(type,itname,name)\
type*d2i_##name(type**a,constunsignedchar**in,longlen);\
inti2d_##name(type*a,unsignedchar**out);\
DECLARE_ASN1_ITEM(itname)
#defineDECLARE_ASN1_ENCODE_FUNCTIONS_const(type,name)\
type*d2i_##name(type**a,constunsignedchar**in,longlen);\
inti2d_##name(consttype*a,unsignedchar**out);\
DECLARE_ASN1_ITEM(name)
#defineDECLARE_ASN1_NDEF_FUNCTION(name)\
inti2d_##name##_NDEF(name*a,unsignedchar**out);
#defineDECLARE_ASN1_FUNCTIONS_const(name)\
DECLARE_ASN1_ALLOC_FUNCTIONS(name)\
DECLARE_ASN1_ENCODE_FUNCTIONS_const(name,name)
#defineDECLARE_ASN1_ALLOC_FUNCTIONS_name(type,name)\
type*name##_new(void);\
voidname##_free(type*a);
用于函数的实现asn1\x_x509.c
ASN1_SEQUENCE_ref(X509,x509_cb,CRYPTO_LOCK_X509)={
ASN1_SIMPLE(X509,cert_info,X509_CINF),
ASN1_SIMPLE(X509,sig_alg,X509_ALGOR),
ASN1_SIMPLE(X509,signature,ASN1_BIT_STRING)
}ASN1_SEQUENCE_END_ref(X509,X509)
IMPLEMENT_ASN1_FUNCTIONS(X509)
2、ASN1_SEQUENCE_ref:
ASN1_SEQUENCE_ref:
asn1\asn1t.h
#defineASN1_SEQUENCE_ref(tname,cb,lck)\
staticconstASN1_AUXtname##_aux={NULL,ASN1_AFLG_REFCOUNT,offsetof(tname,references),lck,cb,0};\
ASN1_SEQUENCE(tname)
3、ASN1_SEQUENCE
用于SEQUENCE,表明下面的编码是一个SEQUENCE。
#defineASN1_SEQUENCE(tname)\
staticconstASN1_TEMPLATEtname##_seq_tt[]
#defineASN1_SEQUENCE_END(stname)ASN1_SEQUENCE_END_name(stname,stname)
#defineASN1_SEQUENCE_END_name(stname,tname)\
;\
ASN1_ITEM_start(tname)\
ASN1_ITYPE_SEQUENCE,\
V_ASN1_SEQUENCE,\
tname##_seq_tt,\
sizeof(tname##_seq_tt)/sizeof(ASN1_TEMPLATE),\
NULL,\
sizeof(stname),\
#stname\
ASN1_ITEM_end(tname)
4、ASN1_SEQUENCE_END_ref:
#defineASN1_SEQUENCE_END_ref(stname,tname)\
;\
ASN1_ITEM_start(tname)\
ASN1_ITYPE_SEQUENCE,\
V_ASN1_SEQUENCE,\
tname##_seq_tt,\
sizeof(tname##_seq_tt)/sizeof(ASN1_TEMPLATE),\
&tname##_aux,\
sizeof(stname),\
#stname\
ASN1_ITEM_end(tname)
5、ASN1_ITEM_start:
#defineASN1_ITEM_start(itname)\
constASN1_ITEM*itname##_it(void)\
{\
staticconstASN1_ITEMlocal_it={
#defineASN1_ITEM_end(itname)\
};\
return&local_it;\
}
6、函数定义IMPLEMENT_ASN1_FUNCTIONS(X509):
/*JustswallowanASN1_SEQUENCEinanASN1_STRING*/
IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
/*Useareferencecount*/
#defineASN1_AFLG_REFCOUNT1
具体定义如下:
asn1\asn1t.h
/*MacrotoimplementstandardfunctionsintermsofASN1_ITEMstructures*/
#defineIMPLEMENT_ASN1_FUNCTIONS(stname)IMPLEMENT_ASN1_FUNCTIONS_fname(stname,stname,stname)
#defineIMPLEMENT_ASN1_FUNCTIONS_name(stname,itname)IMPLEMENT_ASN1_FUNCTIONS_fname(stname,itname,itname)
#defineIMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname,itname)\
IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname,itname,itname)
#defineIMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname)\
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname,stname,stname)
#defineIMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname,itname,fname)\
stname*fname##_new(void)\
{\
return(stname*)ASN1_item_new(ASN1_ITEM_rptr(itname));\
}\
voidfname##_free(stname*a)\
{\
ASN1_item_free((ASN1_VALUE*)a,ASN1_ITEM_rptr(itname));\
}
#defineIMPLEMENT_ASN1_FUNCTIONS_fname(stname,itname,fname)\
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname,itname,fname)\
IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname,itname,fname)
#defineIMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname,itname,fname)\
stname*d2i_##fname(stname**a,constunsignedchar**in,longlen)\
{\
return(stname*)ASN1_item_d2i((ASN1_VALUE**)a,in,len,ASN1_ITEM_rptr(itname));\
}\
inti2d_##fname(stname*a,unsignedchar**out)\
{\
returnASN1_item_i2d((ASN1_VALUE*)a,out,ASN1_ITEM_rptr(itname));\
}
#defineIMPLEMENT_ASN1_NDEF_FUNCTION(stname)\
inti2d_##stname##_NDEF(stname*a,unsignedchar**out)\
{\
returnASN1_item_ndef_i2d((ASN1_VALUE*)a,out,ASN1_ITEM_rptr(stname));\
}
ASN1_SIMPLE的定义:
asn1\asn1t.h
/*Plainsimpletype*/
#defineASN1_SIMPLE(stname,field,type)ASN1_EX_TYPE(0,0,stname,field,type)
/*usedtodeclareothertypes*/
#defineASN1_EX_TYPE(flags,tag,stname,field,type){\
(flags),(tag),offsetof(stname,field),\
#field,ASN1_ITEM_ref(type)}
结构类型定义如下:
由上宏定义可得:
ASN1_SEQUENCE_ref(X509,x509_cb,CRYPTO_LOCK_X509)={
ASN1_SIMPLE(X509,cert_info,X509_CINF),
ASN1_SIMPLE(X509,sig_alg,X509_ALGOR),
ASN1_SIMPLE(X509,signature,ASN1_BIT_STRING)
}ASN1_SEQUENCE_END_ref(X509,X509)
可以扩展为:
staticconstASN1_AUXtname##_aux={NULL,ASN1_AFLG_REFCOUNT,offsetof(tname,references),lck,cb,0};
staticconstASN1_TEMPLATEtname##_seq_tt[]={
{(flags),(tag),offsetof(stname,field),#field,(&(type_it))},
{(flags),(tag),offsetof(stname,field),#field,(&(type_it))},
{(flags),(tag),offsetof(stname,field),#field,(&(type_it)))}
};
constASN1_ITEM*itname##_it(void)
{
staticconstASN1_ITEMlocal_it={
ASN1_ITYPE_SEQUENCE,
V_ASN1_SEQUENCE,
tname##_seq_tt,
sizeof(tname##_seq_tt)/sizeof(ASN1_TEMPLATE),
&tname##_aux,
sizeof(stname),
#stname
};
return&local_it;
}
将参数替换如下:
staticconstASN1_AUXX509_aux={NULL,ASN1_AFLG_REFCOUNT,offsetof(X509,references),CRYPTO_LOCK_X509,x509_cb,0};
staticconstASN1_TEMPLATEX509_seq_tt[]={
{(0),(0),offsetof(X509,cert_info),"cert_info",(&(X509_CINF_it))},
{(0),(0),offsetof(X509,sig_alg),"sig_alg",(&(X509_ALGOR_it))},
{((0),(0),offsetof(X509,signature),"signature",(&(ASN1_BIT_STRING_it))}
};
constASN1_ITEM*X509_it(void)
{
staticconstASN1_ITEMlocal_it={
ASN1_ITYPE_SEQUENCE,
V_ASN1_SEQUENCE,
X509_seq_tt,
sizeof(X509_seq_tt)/sizeof(ASN1_TEMPLATE),
X509_aux,
sizeof(X509),
"X509"
};
return&local_it;
}
由以上扩展出来的代码可以看出:
上述宏定义是用于初始化X509_aux变量和X509_seq_tt[]数组变量,以及X509_it函数。
另外,X509_CINF_it是由
ASN1_SEQUENCE(X509_CINF)={
ASN1_EXP_OPT(X509_CINF,version,ASN1_INTEGER,0),
ASN1_SIMPLE(X509_CINF,serialNumber,ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF,signature,X509_ALGOR),
ASN1_SIMPLE(X509_CINF,issuer,X509_NAME),
ASN1_SIMPLE(X509_CINF,validity,X509_VAL),
ASN1_SIMPLE(X509_CINF,subject,X509_NAME),
ASN1_SIMPLE(X509_CINF,key,X509_PUBKEY),
ASN1_IMP_OPT(X509_CINF,issuerUID,ASN1_BIT_STRING,1),
ASN1_IMP_OPT(X509_CINF,subjectUID,ASN1_BIT_STRING,2),
ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF,extensions,X509_EXTENSION,3)
}ASN1_SEQUENCE_END(X509_CINF)
IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
中的ASN1_SEQUENCE_END(X509_CINF)语句定义的,由宏定义可知ASN1_SEQUENCE_END和ASN1_SEQUENCE_END_ref的定义一样。
X509_ALGOR_it和ASN1_BIT_STRING_it的定义也同上。
一些宏定义:
#defineASN1_ITYPE_SEQUENCE0x1
new函数的具体实现
IMPLEMENT_ASN1_FUNCTIONS(X509)扩展可得:
stname*X509_new(void)\
{\
return(stname*)ASN1_item_new((&(X509_it)));\
}\
voidX509_free(stname*a)\
{\
ASN1_item_free((ASN1_VALUE*)a,(&(X509_it)));\
}
目录:
asn1\tasn_new.c
ASN1_item_new函数定义:
ASN1_VALUE*ASN1_item_new(constASN1_ITEM*it)
{
ASN1_VALUE*ret=NULL;
if(ASN1_item_ex_new(&ret,it)>0)
returnret;
returnNULL;
}
ASN1_item_ex_new函数:
/*AllocateanASN1structure*/
intASN1_item_ex_new(ASN1_VALUE**pval,constASN1_ITEM*it)
{
returnasn1_item_ex_combine_new(pval,it,0);
}
asn1_item_ex_combine_new函数:
staticintasn1_item_ex_combine_new(ASN1_VALUE**pval,constASN1_ITEM*it,
intcombine)
{
constASN1_TEMPLATE*tt=NULL;
constASN1_COMPAT_FUNCS*cf;
constASN1_EXTERN_FUNCS*ef;
constASN1_AUX*aux=it->funcs;
ASN1_aux_cb*asn1_cb;
ASN1_VALUE**pseqval;
inti;
if(aux&&aux->asn1_cb)
asn1_cb=aux->asn1_cb;
else
asn1_cb=0;
if(!
combine)*pval=NULL;
#ifdefCRYPTO_MDEBUG
if(it->sname)
CRYPTO_push_info(it->sname);
#endif
switch(it->itype)
{
caseASN1_ITYPE_EXTERN:
ef=it->funcs;
if(ef&&ef->asn1_ex_new)
{
if(!
ef->asn1_ex_new(pval,it))
gotomemerr;
}
break;
caseASN1_ITYPE_COMPAT:
cf=it->funcs;
if(cf&&cf->asn1_new){
*pval=cf->asn1_new();
if(!
*pval)
gotomemerr;
}
break;
caseASN1_ITYPE_PRIMITIVE:
if(it->templates)
{
if(!
ASN1_template_new(pval,it->templates))
gotomemerr;
}
elseif(!
ASN1_primitive_new(pval,it))
gotomemerr;
break;
caseASN1_ITYPE_MSTRING:
if(!
ASN1_primitive_new(pval,it))
gotomemerr;
break;
caseASN1_ITYPE_CHOICE:
if(asn1_cb)
{
i=asn1_cb(ASN1_OP_NEW_PRE,pval,it);
if(!
i)
gotoauxerr;
if(i==2)
{
#ifdefCRYPTO_MDEBUG
if(it->sname)
CRYPTO_pop_info();
#endif
return1;
}
}
if(!
combine)
{
*pval=OPENSSL_malloc(it->size);
if(!
*pval)
gotomemerr;
memset(*pval,0,it->size);
}
asn1_set_choice_selector(pval,-1,it);
if(asn1_cb&&!
asn1_cb(ASN1_OP_NEW_POST,pval,it))
gotoauxerr;
break;
caseASN1_ITYPE_NDEF_SEQUENCE:
caseASN1_ITYPE_SEQUENCE:
if(asn1_cb)
{
i=asn1_cb(ASN1_OP_NEW_PRE,pval,it);
if(!
i)
gotoauxerr;
if(i==2)
{
#ifdefCRYPTO_MDEBUG
if(it->sname)
CRY