Tor
0.4.7.0-alpha-dev
|
Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS. More...
#include "orconfig.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_nss_mgt.h"
#include "lib/string/printf.h"
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls.h"
#include "lib/tls/tortls_st.h"
#include "lib/tls/tortls_internal.h"
#include "lib/tls/nss_countbytes.h"
#include "lib/log/util_bug.h"
#include <prio.h>
#include <private/pprio.h>
#include <ssl.h>
#include <sslt.h>
#include <sslproto.h>
#include <certt.h>
Go to the source code of this file.
Macros | |
#define | TORTLS_PRIVATE |
#define | TOR_X509_PRIVATE |
#define | SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1 |
Functions | |
static SECStatus | always_accept_cert_cb (void *, PRFileDesc *, PRBool, PRBool) |
void | try_to_extract_certs_from_tls (int severity, tor_tls_t *tls, tor_x509_cert_impl_t **cert_out, tor_x509_cert_impl_t **id_cert_out) |
static bool | we_like_ssl_cipher (SSLCipherAlgorithm ca) |
static bool | we_like_ssl_kea (SSLKEAType kt) |
static bool | we_like_mac_algorithm (SSLMACAlgorithm ma) |
static bool | we_like_auth_type (SSLAuthType at) |
static bool | ciphersuite_has_nss_export_bug (const SSLCipherSuiteInfo *info) |
tor_tls_context_t * | tor_tls_context_new (crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) |
void | tor_tls_context_impl_free_ (tor_tls_context_impl_t *ctx) |
void | tor_tls_get_state_description (tor_tls_t *tls, char *buf, size_t sz) |
void | tor_tls_init (void) |
void | tls_log_errors (tor_tls_t *tls, int severity, int domain, const char *doing) |
const char * | tor_tls_get_last_error_msg (const tor_tls_t *tls) |
tor_tls_t * | tor_tls_new (tor_socket_t sock, int is_server) |
void | tor_tls_set_renegotiate_callback (tor_tls_t *tls, void(*cb)(tor_tls_t *, void *arg), void *arg) |
void | tor_tls_release_socket (tor_tls_t *tls) |
void | tor_tls_impl_free_ (tor_tls_impl_t *tls) |
int | tor_tls_peer_has_cert (tor_tls_t *tls) |
tor_x509_cert_t * | tor_tls_get_peer_cert (tor_tls_t *tls) |
tor_x509_cert_t * | tor_tls_get_own_cert (tor_tls_t *tls) |
int | tor_tls_read (tor_tls_t *tls, char *cp, size_t len) |
int | tor_tls_write (tor_tls_t *tls, const char *cp, size_t n) |
int | tor_tls_handshake (tor_tls_t *tls) |
int | tor_tls_finish_handshake (tor_tls_t *tls) |
void | tor_tls_unblock_renegotiation (tor_tls_t *tls) |
void | tor_tls_block_renegotiation (tor_tls_t *tls) |
void | tor_tls_assert_renegotiation_unblocked (tor_tls_t *tls) |
int | tor_tls_get_pending_bytes (tor_tls_t *tls) |
size_t | tor_tls_get_forced_write_size (tor_tls_t *tls) |
void | tor_tls_get_n_raw_bytes (tor_tls_t *tls, size_t *n_read, size_t *n_written) |
int | tor_tls_get_buffer_sizes (tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes) |
double | tls_get_write_overhead_ratio (void) |
int | tor_tls_used_v1_handshake (tor_tls_t *tls) |
int | tor_tls_server_got_renegotiate (tor_tls_t *tls) |
int | tor_tls_cert_matches_key (const tor_tls_t *tls, const struct tor_x509_cert_t *cert) |
int | tor_tls_get_tlssecrets (tor_tls_t *tls, uint8_t *secrets_out) |
int | tor_tls_export_key_material (tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label) |
const char * | tor_tls_get_ciphersuite_name (tor_tls_t *tls) |
int | evaluate_ecgroup_for_tls (const char *ecgroup) |
Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS.
Definition in file tortls_nss.c.
#define SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1 |
The group we should use for ecdhe when none was selected.
Definition at line 860 of file tortls_nss.c.
|
static |
Return true iff this ciphersuite will be hit by a mozilla bug 1312976, which makes TLS key exporters not work with TLS 1.2 non-SHA256 ciphersuites.
Definition at line 161 of file tortls_nss.c.
void tor_tls_release_socket | ( | tor_tls_t * | tls | ) |
Tell the TLS library that the underlying socket for tls has been closed, and the library should not attempt to free that socket itself.
Definition at line 484 of file tortls_nss.c.