#include "lib/crypt_ops/crypto_rsa.h"#include "lib/testsupport/testsupport.h"#include "lib/net/nettypes.h"Go to the source code of this file.
Macros | |
| #define | MIN_TOR_TLS_ERROR_VAL_ -9 |
| #define | TOR_TLS_ERROR_MISC -9 |
| #define | TOR_TLS_ERROR_IO -8 |
| #define | TOR_TLS_ERROR_CONNREFUSED -7 |
| #define | TOR_TLS_ERROR_CONNRESET -6 |
| #define | TOR_TLS_ERROR_NO_ROUTE -5 |
| #define | TOR_TLS_ERROR_TIMEOUT -4 |
| #define | TOR_TLS_CLOSE -3 |
| #define | TOR_TLS_WANTREAD -2 |
| #define | TOR_TLS_WANTWRITE -1 |
| #define | TOR_TLS_DONE 0 |
| #define | CASE_TOR_TLS_ERROR_ANY_NONIO |
| #define | CASE_TOR_TLS_ERROR_ANY |
| #define | TOR_TLS_IS_ERROR(rv) |
| #define | TOR_TLS_CTX_IS_PUBLIC_SERVER (1u<<0) |
| #define | tor_tls_free(tls) |
| #define | check_no_tls_errors() |
Functions | |
| const char * | tor_tls_err_to_string (int err) |
| void | tor_tls_get_state_description (tor_tls_t *tls, char *buf, size_t sz) |
| void | tor_tls_free_all (void) |
| void | tor_tls_init (void) |
| void | tls_log_errors (tor_tls_t *tls, int severity, int domain, const char *doing) |
| const char * | tor_tls_get_last_error_msg (const tor_tls_t *tls) |
| int | tor_tls_context_init (unsigned flags, crypto_pk_t *client_identity, crypto_pk_t *server_identity, unsigned int key_lifetime) |
| void | tor_tls_context_incref (tor_tls_context_t *ctx) |
| void | tor_tls_context_decref (tor_tls_context_t *ctx) |
| tor_tls_context_t * | tor_tls_context_get (int is_server) |
| tor_tls_t * | tor_tls_new (tor_socket_t sock, int is_server) |
| void | tor_tls_set_logged_address (tor_tls_t *tls, const char *address) |
| int | tor_tls_is_server (tor_tls_t *tls) |
| void | tor_tls_release_socket (tor_tls_t *tls) |
| void | tor_tls_free_ (tor_tls_t *tls) |
| int | tor_tls_peer_has_cert (tor_tls_t *tls) |
| struct tor_x509_cert_t * | tor_tls_get_peer_cert (tor_tls_t *tls) |
| struct tor_x509_cert_t * | tor_tls_get_own_cert (tor_tls_t *tls) |
| int | tor_tls_read (tor_tls_t *tls, char *cp, size_t len) |
| int | tor_tls_write (tor_tls_t *tls, const char *cp, size_t n) |
| int | tor_tls_handshake (tor_tls_t *tls) |
| int | tor_tls_get_pending_bytes (tor_tls_t *tls) |
| size_t | tor_tls_get_forced_write_size (tor_tls_t *tls) |
| void | tor_tls_get_n_raw_bytes (tor_tls_t *tls, size_t *n_read, size_t *n_written) |
| int | tor_tls_get_buffer_sizes (tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes) |
| double | tls_get_write_overhead_ratio (void) |
| int | tor_tls_cert_matches_key (const tor_tls_t *tls, const struct tor_x509_cert_t *cert) |
| int | tor_tls_export_key_material (tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label) |
| int | tor_tls_get_my_certs (int server, const struct tor_x509_cert_t **link_cert_out, const struct tor_x509_cert_t **id_cert_out) |
| int | evaluate_ecgroup_for_tls (const char *ecgroup) |
Detailed Description
Macro Definition Documentation
◆ CASE_TOR_TLS_ERROR_ANY
| #define CASE_TOR_TLS_ERROR_ANY |
Use this macro in a switch statement to catch any TLS error. That way, if more errors are added, your switches will still work.
Definition at line 62 of file tortls.h.
Referenced by connection_handle_write_impl(), and connection_tls_continue_handshake().
◆ CASE_TOR_TLS_ERROR_ANY_NONIO
| #define CASE_TOR_TLS_ERROR_ANY_NONIO |
Collection of case statements for all TLS errors that are not due to underlying IO failure.
Definition at line 53 of file tortls.h.
Referenced by connection_buf_read_from_socket().
◆ check_no_tls_errors
| #define check_no_tls_errors | ( | ) |
◆ MIN_TOR_TLS_ERROR_VAL_
◆ TOR_TLS_CLOSE
◆ TOR_TLS_CTX_IS_PUBLIC_SERVER
◆ TOR_TLS_DONE
◆ TOR_TLS_ERROR_CONNREFUSED
◆ TOR_TLS_ERROR_CONNRESET
◆ TOR_TLS_ERROR_IO
◆ TOR_TLS_ERROR_MISC
◆ TOR_TLS_ERROR_NO_ROUTE
◆ TOR_TLS_ERROR_TIMEOUT
◆ tor_tls_free
| #define tor_tls_free | ( | tls | ) |
◆ TOR_TLS_IS_ERROR
◆ TOR_TLS_WANTREAD
◆ TOR_TLS_WANTWRITE
Function Documentation
◆ evaluate_ecgroup_for_tls()
| int evaluate_ecgroup_for_tls | ( | const char * | ecgroup | ) |
Check whether the ECC group requested is supported by the current OpenSSL library instance. Return 1 if the group is supported, and 0 if not.
Definition at line 751 of file tortls_nss.c.
Referenced by evaluate_ecgroup_for_tls().
◆ tls_get_write_overhead_ratio()
| double tls_get_write_overhead_ratio | ( | void | ) |
Return a ratio of the bytes that TLS has sent to the bytes that we've told it to send. Used to track whether our TLS records are getting too tiny.
Definition at line 651 of file tortls_nss.c.
Referenced by log_heartbeat().
◆ tls_log_errors()
| void tls_log_errors | ( | tor_tls_t * | tls, |
| int | severity, | ||
| int | domain, | ||
| const char * | doing ) |
Log all pending tls errors at level severity in log domain domain. Use doing to describe our current activities.
Definition at line 339 of file tortls_nss.c.
Referenced by log_cert_lifetime(), tls_log_errors(), tor_tls_cert_is_valid(), tor_tls_context_init(), tor_tls_create_certificate(), tor_tls_export_key_material(), tor_tls_get_pending_bytes(), tor_tls_new(), tor_tls_read(), tor_tls_write(), and tor_x509_cert_decode().
◆ tor_tls_cert_matches_key()
| int tor_tls_cert_matches_key | ( | const tor_tls_t * | tls, |
| const struct tor_x509_cert_t * | cert ) |
Definition at line 660 of file tortls_nss.c.
◆ tor_tls_context_decref()
| void tor_tls_context_decref | ( | tor_tls_context_t * | ctx | ) |
Remove a reference to ctx, and free it if it has no more references.
Definition at line 106 of file tortls.c.
Referenced by tor_tls_context_init(), tor_tls_context_init_one(), tor_tls_context_new(), tor_tls_free_(), and tor_tls_free_all().
◆ tor_tls_context_get()
| tor_tls_context_t * tor_tls_context_get | ( | int | is_server | ) |
Return the appropriate TLS context.
Definition at line 45 of file tortls.c.
Referenced by tor_tls_get_my_certs(), and tor_tls_new().
◆ tor_tls_context_incref()
| void tor_tls_context_incref | ( | tor_tls_context_t * | ctx | ) |
Increase the reference count of ctx.
Definition at line 98 of file tortls.c.
Referenced by tor_tls_context_init(), and tor_tls_new().
◆ tor_tls_context_init()
| int tor_tls_context_init | ( | unsigned | flags, |
| crypto_pk_t * | client_identity, | ||
| crypto_pk_t * | server_identity, | ||
| unsigned int | key_lifetime ) |
Create new global client and server TLS contexts.
If server_identity is NULL, this will not generate a server TLS context. If TOR_TLS_CTX_IS_PUBLIC_SERVER is set in flags, use the same TLS context for incoming and outgoing connections, and ignore client_identity.
Definition at line 168 of file tortls.c.
Referenced by router_initialize_tls_context().
◆ tor_tls_err_to_string()
| const char * tor_tls_err_to_string | ( | int | err | ) |
Given a TOR_TLS_* error code, return a string equivalent.
Definition at line 142 of file tortls.c.
Referenced by connection_buf_read_from_socket(), and connection_tls_continue_handshake().
◆ tor_tls_export_key_material()
| int tor_tls_export_key_material | ( | tor_tls_t * | tls, |
| uint8_t * | secrets_out, | ||
| const uint8_t * | context, | ||
| size_t | context_len, | ||
| const char * | label ) |
Using the RFC5705 key material exporting construction, and the provided context (context_len bytes long) and label (a NUL-terminated string), compute a 32-byte secret in secrets_out that only the parties to this TLS session can compute. Return 0 on success; -1 on failure; and -2 on failure caused by OpenSSL bug 7712.
Definition at line 721 of file tortls_nss.c.
Referenced by connection_or_compute_authenticate_cell_body().
◆ tor_tls_free_()
| void tor_tls_free_ | ( | tor_tls_t * | tls | ) |
◆ tor_tls_free_all()
| void tor_tls_free_all | ( | void | ) |
◆ tor_tls_get_buffer_sizes()
| int tor_tls_get_buffer_sizes | ( | tor_tls_t * | tls, |
| size_t * | rbuf_capacity, | ||
| size_t * | rbuf_bytes, | ||
| size_t * | wbuf_capacity, | ||
| size_t * | wbuf_bytes ) |
Examine the amount of memory used and available for buffers in tls. Set *rbuf_capacity to the amount of storage allocated for the read buffer and *rbuf_bytes to the amount actually used. Set *wbuf_capacity to the amount of storage allocated for the write buffer and *wbuf_bytes to the amount actually used.
Return 0 on success, -1 on failure.
Definition at line 636 of file tortls_nss.c.
Referenced by dumpstats(), and tor_tls_get_buffer_sizes().
◆ tor_tls_get_forced_write_size()
| size_t tor_tls_get_forced_write_size | ( | tor_tls_t * | tls | ) |
If tls requires that the next write be of a particular size, return that size. Otherwise, return 0.
Definition at line 608 of file tortls_nss.c.
Referenced by flush_chunk_tls(), and tor_tls_get_forced_write_size().
◆ tor_tls_get_last_error_msg()
| const char * tor_tls_get_last_error_msg | ( | const tor_tls_t * | tls | ) |
Return a string representing more detail about the last error received on TLS.
May return null if no error was found.
Definition at line 374 of file tortls_nss.c.
Referenced by connection_or_about_to_close(), and tor_tls_get_last_error_msg().
◆ tor_tls_get_n_raw_bytes()
| void tor_tls_get_n_raw_bytes | ( | tor_tls_t * | tls, |
| size_t * | n_read, | ||
| size_t * | n_written ) |
Sets n_read and n_written to the number of bytes read and written, respectively, on the raw socket used by tls since the last time this function was called on tls.
Definition at line 616 of file tortls_nss.c.
Referenced by connection_buf_read_from_socket(), connection_handle_write_impl(), tor_tls_free_(), and tor_tls_get_n_raw_bytes().
◆ tor_tls_get_own_cert()
| struct tor_x509_cert_t * tor_tls_get_own_cert | ( | tor_tls_t * | tls | ) |
Return a newly allocated copy of the cerficate we used on the connection, or NULL if somehow we didn't use one.
Definition at line 516 of file tortls_nss.c.
Referenced by connection_or_compute_authenticate_cell_body(), and connection_or_send_certs_cell().
◆ tor_tls_get_peer_cert()
| struct tor_x509_cert_t * tor_tls_get_peer_cert | ( | tor_tls_t * | tls | ) |
Return a newly allocated copy of the peer certificate, or NULL if there isn't one.
Definition at line 506 of file tortls_nss.c.
Referenced by connection_or_compute_authenticate_cell_body(), and or_handshake_certs_ed25519_ok().
◆ tor_tls_get_pending_bytes()
| int tor_tls_get_pending_bytes | ( | tor_tls_t * | tls | ) |
Return the number of bytes available for reading from tls.
Definition at line 596 of file tortls_nss.c.
Referenced by connection_buf_read_from_socket(), connection_or_process_cells_from_inbuf(), and tor_tls_get_pending_bytes().
◆ tor_tls_get_state_description()
| void tor_tls_get_state_description | ( | tor_tls_t * | tls, |
| char * | buf, | ||
| size_t | sz ) |
Write a description of the current state of tls into the sz-byte buffer at buf.
Definition at line 323 of file tortls_nss.c.
Referenced by connection_or_get_state_description(), and tor_tls_get_state_description().
◆ tor_tls_handshake()
| int tor_tls_handshake | ( | tor_tls_t * | tls | ) |
Perform initial handshake on tls. When finished, returns TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
Definition at line 578 of file tortls_nss.c.
Referenced by connection_tls_continue_handshake(), and tor_tls_handshake().
◆ tor_tls_init()
| void tor_tls_init | ( | void | ) |
Initialize OpenSSL, unless it has already been initialized.
Definition at line 333 of file tortls_nss.c.
Referenced by tor_tls_context_new(), tor_tls_create_certificate(), and tor_tls_init().
◆ tor_tls_is_server()
| int tor_tls_is_server | ( | tor_tls_t * | tls | ) |
Return whether this tls initiated the connect (client) or received it (server).
Definition at line 365 of file tortls.c.
Referenced by connection_or_nonopen_was_started_here(), and connection_tls_continue_handshake().
◆ tor_tls_new()
| tor_tls_t * tor_tls_new | ( | tor_socket_t | sock, |
| int | isServer ) |
Create a new TLS object from a file descriptor, and a flag to determine whether it is functioning as a server.
Definition at line 386 of file tortls_nss.c.
Referenced by connection_tls_start_handshake(), and tor_tls_new().
◆ tor_tls_peer_has_cert()
| int tor_tls_peer_has_cert | ( | tor_tls_t * | tls | ) |
Return true iff this TLS connection is authenticated.
Definition at line 497 of file tortls_nss.c.
Referenced by tor_tls_peer_has_cert().
◆ tor_tls_read()
| int tor_tls_read | ( | tor_tls_t * | tls, |
| char * | cp, | ||
| size_t | len ) |
Underlying function for TLS reading. Reads up to len characters from tls into cp. On success, returns the number of characters read. On failure, returns TOR_TLS_ERROR, TOR_TLS_CLOSE, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
Definition at line 527 of file tortls_nss.c.
Referenced by read_to_chunk_tls().
◆ tor_tls_release_socket()
| void tor_tls_release_socket | ( | tor_tls_t * | tls | ) |
Tell the TLS library that the underlying socket for tls has been closed, and the library should not attempt to free that socket itself.
Definition at line 449 of file tortls_nss.c.
Referenced by connection_free_minimal().
◆ tor_tls_set_logged_address()
| void tor_tls_set_logged_address | ( | tor_tls_t * | tls, |
| const char * | address ) |
Make future log messages about tls display the address address.
Definition at line 355 of file tortls.c.
Referenced by connection_or_client_learned_peer_id(), and connection_tls_start_handshake().
◆ tor_tls_write()
| int tor_tls_write | ( | tor_tls_t * | tls, |
| const char * | cp, | ||
| size_t | n ) |
Underlying function for TLS writing. Write up to n characters from cp onto tls. On success, returns the number of characters written. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
Definition at line 550 of file tortls_nss.c.
Referenced by flush_chunk_tls(), and tor_tls_write().
Generated by
1.12.0