Tor 0.4.9.0-alpha-dev
|
Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS. More...
#include "orconfig.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_nss_mgt.h"
#include "lib/string/printf.h"
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls.h"
#include "lib/tls/tortls_st.h"
#include "lib/tls/tortls_internal.h"
#include "lib/tls/nss_countbytes.h"
#include "lib/log/util_bug.h"
#include <prio.h>
#include <private/pprio.h>
#include <ssl.h>
#include <sslt.h>
#include <sslproto.h>
#include <certt.h>
Go to the source code of this file.
Macros | |
#define | TORTLS_PRIVATE |
#define | TOR_X509_PRIVATE |
#define | SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1 |
Functions | |
static SECStatus | always_accept_cert_cb (void *, PRFileDesc *, PRBool, PRBool) |
void | try_to_extract_certs_from_tls (int severity, tor_tls_t *tls, tor_x509_cert_impl_t **cert_out, tor_x509_cert_impl_t **id_cert_out) |
static bool | we_like_ssl_cipher (SSLCipherAlgorithm ca) |
static bool | we_like_ssl_kea (SSLKEAType kt) |
static bool | we_like_mac_algorithm (SSLMACAlgorithm ma) |
static bool | we_like_auth_type (SSLAuthType at) |
static bool | ciphersuite_has_nss_export_bug (const SSLCipherSuiteInfo *info) |
tor_tls_context_t * | tor_tls_context_new (crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) |
void | tor_tls_context_impl_free_ (tor_tls_context_impl_t *ctx) |
void | tor_tls_get_state_description (tor_tls_t *tls, char *buf, size_t sz) |
void | tor_tls_init (void) |
void | tls_log_errors (tor_tls_t *tls, int severity, int domain, const char *doing) |
const char * | tor_tls_get_last_error_msg (const tor_tls_t *tls) |
tor_tls_t * | tor_tls_new (tor_socket_t sock, int is_server) |
void | tor_tls_set_renegotiate_callback (tor_tls_t *tls, void(*cb)(tor_tls_t *, void *arg), void *arg) |
void | tor_tls_release_socket (tor_tls_t *tls) |
void | tor_tls_impl_free_ (tor_tls_impl_t *tls) |
int | tor_tls_peer_has_cert (tor_tls_t *tls) |
tor_x509_cert_t * | tor_tls_get_peer_cert (tor_tls_t *tls) |
tor_x509_cert_t * | tor_tls_get_own_cert (tor_tls_t *tls) |
int | tor_tls_read (tor_tls_t *tls, char *cp, size_t len) |
int | tor_tls_write (tor_tls_t *tls, const char *cp, size_t n) |
int | tor_tls_handshake (tor_tls_t *tls) |
int | tor_tls_finish_handshake (tor_tls_t *tls) |
void | tor_tls_unblock_renegotiation (tor_tls_t *tls) |
void | tor_tls_block_renegotiation (tor_tls_t *tls) |
int | tor_tls_get_pending_bytes (tor_tls_t *tls) |
size_t | tor_tls_get_forced_write_size (tor_tls_t *tls) |
void | tor_tls_get_n_raw_bytes (tor_tls_t *tls, size_t *n_read, size_t *n_written) |
int | tor_tls_get_buffer_sizes (tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes) |
double | tls_get_write_overhead_ratio (void) |
int | tor_tls_used_v1_handshake (tor_tls_t *tls) |
int | tor_tls_server_got_renegotiate (tor_tls_t *tls) |
int | tor_tls_cert_matches_key (const tor_tls_t *tls, const struct tor_x509_cert_t *cert) |
int | tor_tls_get_tlssecrets (tor_tls_t *tls, uint8_t *secrets_out) |
int | tor_tls_export_key_material (tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label) |
const char * | tor_tls_get_ciphersuite_name (tor_tls_t *tls) |
int | evaluate_ecgroup_for_tls (const char *ecgroup) |
Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS.
Definition in file tortls_nss.c.
#define SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1 |
The group we should use for ecdhe when none was selected.
Definition at line 857 of file tortls_nss.c.
#define TOR_X509_PRIVATE |
Definition at line 15 of file tortls_nss.c.
#define TORTLS_PRIVATE |
Definition at line 14 of file tortls_nss.c.
|
static |
Definition at line 880 of file tortls_nss.c.
|
static |
Return true iff this ciphersuite will be hit by a mozilla bug 1312976, which makes TLS key exporters not work with TLS 1.2 non-SHA256 ciphersuites.
Definition at line 161 of file tortls_nss.c.
int evaluate_ecgroup_for_tls | ( | const char * | ecgroup | ) |
Definition at line 860 of file tortls_nss.c.
double tls_get_write_overhead_ratio | ( | void | ) |
Definition at line 709 of file tortls_nss.c.
void tls_log_errors | ( | tor_tls_t * | tls, |
int | severity, | ||
int | domain, | ||
const char * | doing | ||
) |
Definition at line 362 of file tortls_nss.c.
void tor_tls_block_renegotiation | ( | tor_tls_t * | tls | ) |
Definition at line 647 of file tortls_nss.c.
int tor_tls_cert_matches_key | ( | const tor_tls_t * | tls, |
const struct tor_x509_cert_t * | cert | ||
) |
Definition at line 734 of file tortls_nss.c.
void tor_tls_context_impl_free_ | ( | tor_tls_context_impl_t * | ctx | ) |
Definition at line 338 of file tortls_nss.c.
tor_tls_context_t * tor_tls_context_new | ( | crypto_pk_t * | identity, |
unsigned int | key_lifetime, | ||
unsigned | flags, | ||
int | is_client | ||
) |
Definition at line 182 of file tortls_nss.c.
int tor_tls_export_key_material | ( | tor_tls_t * | tls, |
uint8_t * | secrets_out, | ||
const uint8_t * | context, | ||
size_t | context_len, | ||
const char * | label | ||
) |
Definition at line 806 of file tortls_nss.c.
int tor_tls_finish_handshake | ( | tor_tls_t * | tls | ) |
Definition at line 631 of file tortls_nss.c.
int tor_tls_get_buffer_sizes | ( | tor_tls_t * | tls, |
size_t * | rbuf_capacity, | ||
size_t * | rbuf_bytes, | ||
size_t * | wbuf_capacity, | ||
size_t * | wbuf_bytes | ||
) |
Definition at line 694 of file tortls_nss.c.
const char * tor_tls_get_ciphersuite_name | ( | tor_tls_t * | tls | ) |
Definition at line 833 of file tortls_nss.c.
size_t tor_tls_get_forced_write_size | ( | tor_tls_t * | tls | ) |
Definition at line 666 of file tortls_nss.c.
const char * tor_tls_get_last_error_msg | ( | const tor_tls_t * | tls | ) |
Definition at line 397 of file tortls_nss.c.
void tor_tls_get_n_raw_bytes | ( | tor_tls_t * | tls, |
size_t * | n_read, | ||
size_t * | n_written | ||
) |
Definition at line 674 of file tortls_nss.c.
tor_x509_cert_t * tor_tls_get_own_cert | ( | tor_tls_t * | tls | ) |
Definition at line 551 of file tortls_nss.c.
tor_x509_cert_t * tor_tls_get_peer_cert | ( | tor_tls_t * | tls | ) |
Definition at line 541 of file tortls_nss.c.
int tor_tls_get_pending_bytes | ( | tor_tls_t * | tls | ) |
Definition at line 654 of file tortls_nss.c.
void tor_tls_get_state_description | ( | tor_tls_t * | tls, |
char * | buf, | ||
size_t | sz | ||
) |
Definition at line 346 of file tortls_nss.c.
int tor_tls_get_tlssecrets | ( | tor_tls_t * | tls, |
uint8_t * | secrets_out | ||
) |
Definition at line 792 of file tortls_nss.c.
int tor_tls_handshake | ( | tor_tls_t * | tls | ) |
Definition at line 613 of file tortls_nss.c.
void tor_tls_impl_free_ | ( | tor_tls_impl_t * | tls | ) |
Definition at line 521 of file tortls_nss.c.
void tor_tls_init | ( | void | ) |
Definition at line 356 of file tortls_nss.c.
tor_tls_t * tor_tls_new | ( | tor_socket_t | sock, |
int | is_server | ||
) |
Definition at line 409 of file tortls_nss.c.
int tor_tls_peer_has_cert | ( | tor_tls_t * | tls | ) |
Definition at line 532 of file tortls_nss.c.
int tor_tls_read | ( | tor_tls_t * | tls, |
char * | cp, | ||
size_t | len | ||
) |
Definition at line 562 of file tortls_nss.c.
void tor_tls_release_socket | ( | tor_tls_t * | tls | ) |
Tell the TLS library that the underlying socket for tls has been closed, and the library should not attempt to free that socket itself.
Definition at line 484 of file tortls_nss.c.
int tor_tls_server_got_renegotiate | ( | tor_tls_t * | tls | ) |
Definition at line 726 of file tortls_nss.c.
void tor_tls_set_renegotiate_callback | ( | tor_tls_t * | tls, |
void(*)(tor_tls_t *, void *arg) | cb, | ||
void * | arg | ||
) |
Definition at line 468 of file tortls_nss.c.
void tor_tls_unblock_renegotiation | ( | tor_tls_t * | tls | ) |
Definition at line 640 of file tortls_nss.c.
int tor_tls_used_v1_handshake | ( | tor_tls_t * | tls | ) |
Definition at line 717 of file tortls_nss.c.
int tor_tls_write | ( | tor_tls_t * | tls, |
const char * | cp, | ||
size_t | n | ||
) |
Definition at line 585 of file tortls_nss.c.
void try_to_extract_certs_from_tls | ( | int | severity, |
tor_tls_t * | tls, | ||
tor_x509_cert_impl_t ** | cert_out, | ||
tor_x509_cert_impl_t ** | id_cert_out | ||
) |
Definition at line 52 of file tortls_nss.c.
|
static |
Definition at line 134 of file tortls_nss.c.
|
static |
Definition at line 117 of file tortls_nss.c.
|
static |
Definition at line 78 of file tortls_nss.c.
|
static |
Definition at line 98 of file tortls_nss.c.