Macros | Functions
tortls_nss.c File Reference

Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS. More...

#include "orconfig.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_nss_mgt.h"
#include "lib/string/printf.h"
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls.h"
#include "lib/tls/tortls_st.h"
#include "lib/tls/tortls_internal.h"
#include "lib/tls/nss_countbytes.h"
#include "lib/log/util_bug.h"
#include <prio.h>
#include <private/pprio.h>
#include <ssl.h>
#include <sslt.h>
#include <sslproto.h>
#include <certt.h>

Go to the source code of this file.


#define TOR_X509_PRIVATE


static SECStatus always_accept_cert_cb (void *, PRFileDesc *, PRBool, PRBool)
void try_to_extract_certs_from_tls (int severity, tor_tls_t *tls, tor_x509_cert_impl_t **cert_out, tor_x509_cert_impl_t **id_cert_out)
static bool we_like_ssl_cipher (SSLCipherAlgorithm ca)
static bool we_like_ssl_kea (SSLKEAType kt)
static bool we_like_mac_algorithm (SSLMACAlgorithm ma)
static bool we_like_auth_type (SSLAuthType at)
static bool ciphersuite_has_nss_export_bug (const SSLCipherSuiteInfo *info)
tor_tls_context_ttor_tls_context_new (crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client)
void tor_tls_context_impl_free_ (tor_tls_context_impl_t *ctx)
void tor_tls_get_state_description (tor_tls_t *tls, char *buf, size_t sz)
void tor_tls_init (void)
void tls_log_errors (tor_tls_t *tls, int severity, int domain, const char *doing)
const char * tor_tls_get_last_error_msg (const tor_tls_t *tls)
tor_tls_ttor_tls_new (tor_socket_t sock, int is_server)
void tor_tls_set_renegotiate_callback (tor_tls_t *tls, void(*cb)(tor_tls_t *, void *arg), void *arg)
void tor_tls_release_socket (tor_tls_t *tls)
void tor_tls_impl_free_ (tor_tls_impl_t *tls)
int tor_tls_peer_has_cert (tor_tls_t *tls)
tor_x509_cert_t * tor_tls_get_peer_cert (tor_tls_t *tls)
tor_x509_cert_t * tor_tls_get_own_cert (tor_tls_t *tls)
int tor_tls_read (tor_tls_t *tls, char *cp, size_t len)
int tor_tls_write (tor_tls_t *tls, const char *cp, size_t n)
int tor_tls_handshake (tor_tls_t *tls)
int tor_tls_finish_handshake (tor_tls_t *tls)
void tor_tls_unblock_renegotiation (tor_tls_t *tls)
void tor_tls_block_renegotiation (tor_tls_t *tls)
void tor_tls_assert_renegotiation_unblocked (tor_tls_t *tls)
int tor_tls_get_pending_bytes (tor_tls_t *tls)
size_t tor_tls_get_forced_write_size (tor_tls_t *tls)
void tor_tls_get_n_raw_bytes (tor_tls_t *tls, size_t *n_read, size_t *n_written)
int tor_tls_get_buffer_sizes (tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes)
double tls_get_write_overhead_ratio (void)
int tor_tls_used_v1_handshake (tor_tls_t *tls)
int tor_tls_server_got_renegotiate (tor_tls_t *tls)
int tor_tls_cert_matches_key (const tor_tls_t *tls, const struct tor_x509_cert_t *cert)
int tor_tls_get_tlssecrets (tor_tls_t *tls, uint8_t *secrets_out)
int tor_tls_export_key_material (tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label)
const char * tor_tls_get_ciphersuite_name (tor_tls_t *tls)
int evaluate_ecgroup_for_tls (const char *ecgroup)

Detailed Description

Wrapper functions to present a consistent interface to TLS and SSL X.509 functions from NSS.

Definition in file tortls_nss.c.

Macro Definition Documentation



The group we should use for ecdhe when none was selected.

Definition at line 860 of file tortls_nss.c.

Function Documentation

◆ ciphersuite_has_nss_export_bug()

static bool ciphersuite_has_nss_export_bug ( const SSLCipherSuiteInfo *  info)

Return true iff this ciphersuite will be hit by a mozilla bug 1312976, which makes TLS key exporters not work with TLS 1.2 non-SHA256 ciphersuites.

Definition at line 161 of file tortls_nss.c.

◆ tor_tls_release_socket()

void tor_tls_release_socket ( tor_tls_t tls)

Tell the TLS library that the underlying socket for tls has been closed, and the library should not attempt to free that socket itself.

Definition at line 484 of file tortls_nss.c.