tor  0.4.0.1-alpha
tortls_nss.c
Go to the documentation of this file.
1 /* Copyright (c) 2003, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2019, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
12 #include "orconfig.h"
13 
14 #define TORTLS_PRIVATE
15 #define TOR_X509_PRIVATE
16 
17 #ifdef _WIN32
18  #include <winsock2.h>
19  #include <ws2tcpip.h>
20 #endif
21 
27 #include "lib/string/printf.h"
28 
29 #include "lib/tls/x509.h"
30 #include "lib/tls/x509_internal.h"
31 #include "lib/tls/tortls.h"
32 #include "lib/tls/tortls_st.h"
33 #include "lib/tls/tortls_internal.h"
34 #include "lib/tls/nss_countbytes.h"
35 #include "lib/log/util_bug.h"
36 
37 DISABLE_GCC_WARNING(strict-prototypes)
38 #include <prio.h>
39 // For access to rar sockets.
40 #include <private/pprio.h>
41 #include <ssl.h>
42 #include <sslt.h>
43 #include <sslproto.h>
44 #include <certt.h>
45 ENABLE_GCC_WARNING(strict-prototypes)
46 
47 static SECStatus always_accept_cert_cb(void *, PRFileDesc *, PRBool, PRBool);
48 
49 MOCK_IMPL(void,
50 try_to_extract_certs_from_tls,(int severity, tor_tls_t *tls,
51  tor_x509_cert_impl_t **cert_out,
52  tor_x509_cert_impl_t **id_cert_out))
53 {
54  tor_assert(tls);
55  tor_assert(cert_out);
56  tor_assert(id_cert_out);
57  (void) severity;
58 
59  *cert_out = *id_cert_out = NULL;
60 
61  CERTCertificate *peer = SSL_PeerCertificate(tls->ssl);
62  if (!peer)
63  return;
64  *cert_out = peer; /* Now owns pointer. */
65 
66  CERTCertList *chain = SSL_PeerCertificateChain(tls->ssl);
67  CERTCertListNode *c = CERT_LIST_HEAD(chain);
68  for (; !CERT_LIST_END(c, chain); c = CERT_LIST_NEXT(c)) {
69  if (CERT_CompareCerts(c->cert, peer) == PR_FALSE) {
70  *id_cert_out = CERT_DupCertificate(c->cert);
71  break;
72  }
73  }
74  CERT_DestroyCertList(chain);
75 }
76 
77 static bool
78 we_like_ssl_cipher(SSLCipherAlgorithm ca)
79 {
80  switch (ca) {
81  case ssl_calg_null: return false;
82  case ssl_calg_rc4: return false;
83  case ssl_calg_rc2: return false;
84  case ssl_calg_des: return false;
85  case ssl_calg_3des: return false; /* ???? */
86  case ssl_calg_idea: return false;
87  case ssl_calg_fortezza: return false;
88  case ssl_calg_camellia: return false;
89  case ssl_calg_seed: return false;
90 
91  case ssl_calg_aes: return true;
92  case ssl_calg_aes_gcm: return true;
93  case ssl_calg_chacha20: return true;
94  default: return true;
95  }
96 }
97 static bool
98 we_like_ssl_kea(SSLKEAType kt)
99 {
100  switch (kt) {
101  case ssl_kea_null: return false;
102  case ssl_kea_rsa: return false; /* ??? */
103  case ssl_kea_fortezza: return false;
104  case ssl_kea_ecdh_psk: return false;
105  case ssl_kea_dh_psk: return false;
106 
107  case ssl_kea_dh: return true;
108  case ssl_kea_ecdh: return true;
109  case ssl_kea_tls13_any: return true;
110 
111  case ssl_kea_size: return true; /* prevent a warning. */
112  default: return true;
113  }
114 }
115 
116 static bool
117 we_like_mac_algorithm(SSLMACAlgorithm ma)
118 {
119  switch (ma) {
120  case ssl_mac_null: return false;
121  case ssl_mac_md5: return false;
122  case ssl_hmac_md5: return false;
123 
124  case ssl_mac_sha: return true;
125  case ssl_hmac_sha: return true;
126  case ssl_hmac_sha256: return true;
127  case ssl_mac_aead: return true;
128  case ssl_hmac_sha384: return true;
129  default: return true;
130  }
131 }
132 
133 static bool
134 we_like_auth_type(SSLAuthType at)
135 {
136  switch (at) {
137  case ssl_auth_null: return false;
138  case ssl_auth_rsa_decrypt: return false;
139  case ssl_auth_dsa: return false;
140  case ssl_auth_kea: return false;
141 
142  case ssl_auth_ecdsa: return true;
143  case ssl_auth_ecdh_rsa: return true;
144  case ssl_auth_ecdh_ecdsa: return true;
145  case ssl_auth_rsa_sign: return true;
146  case ssl_auth_rsa_pss: return true;
147  case ssl_auth_psk: return true;
148  case ssl_auth_tls13_any: return true;
149 
150  case ssl_auth_size: return true; /* prevent a warning. */
151  default: return true;
152  }
153 }
154 
156 tor_tls_context_new(crypto_pk_t *identity,
157  unsigned int key_lifetime, unsigned flags, int is_client)
158 {
159  SECStatus s;
160  tor_assert(identity);
161 
162  tor_tls_init();
163 
164  tor_tls_context_t *ctx = tor_malloc_zero(sizeof(tor_tls_context_t));
165  ctx->refcnt = 1;
166 
167  if (! is_client) {
168  if (tor_tls_context_init_certificates(ctx, identity,
169  key_lifetime, flags) < 0) {
170  goto err;
171  }
172  }
173 
174  {
175  /* Create the "model" PRFileDesc that we will use to base others on. */
176  PRFileDesc *tcp = PR_NewTCPSocket();
177  if (!tcp)
178  goto err;
179 
180  ctx->ctx = SSL_ImportFD(NULL, tcp);
181  if (!ctx->ctx) {
182  PR_Close(tcp);
183  goto err;
184  }
185  }
186 
187  // Configure the certificate.
188  if (!is_client) {
189  s = SSL_ConfigServerCert(ctx->ctx,
190  ctx->my_link_cert->cert,
191  (SECKEYPrivateKey *)
192  crypto_pk_get_nss_privkey(ctx->link_key),
193  NULL, /* ExtraServerCertData */
194  0 /* DataLen */);
195  if (s != SECSuccess)
196  goto err;
197  }
198 
199  // We need a certificate from the other side.
200  if (is_client) {
201  // XXXX does this do anything?
202  s = SSL_OptionSet(ctx->ctx, SSL_REQUIRE_CERTIFICATE, PR_TRUE);
203  if (s != SECSuccess)
204  goto err;
205  }
206 
207  // Always accept other side's cert; we'll check it ourselves in goofy
208  // tor ways.
209  s = SSL_AuthCertificateHook(ctx->ctx, always_accept_cert_cb, NULL);
210 
211  // We allow simultaneous read and write.
212  s = SSL_OptionSet(ctx->ctx, SSL_ENABLE_FDX, PR_TRUE);
213  if (s != SECSuccess)
214  goto err;
215  // XXXX SSL_ROLLBACK_DETECTION??
216  // XXXX SSL_ENABLE_ALPN??
217 
218  // Force client-mode or server_mode.
219  s = SSL_OptionSet(ctx->ctx,
220  is_client ? SSL_HANDSHAKE_AS_CLIENT : SSL_HANDSHAKE_AS_SERVER,
221  PR_TRUE);
222  if (s != SECSuccess)
223  goto err;
224 
225  // Disable everything before TLS 1.0; support everything else.
226  {
227  SSLVersionRange vrange;
228  memset(&vrange, 0, sizeof(vrange));
229  s = SSL_VersionRangeGetSupported(ssl_variant_stream, &vrange);
230  if (s != SECSuccess)
231  goto err;
232  if (vrange.min < SSL_LIBRARY_VERSION_TLS_1_0)
233  vrange.min = SSL_LIBRARY_VERSION_TLS_1_0;
234  s = SSL_VersionRangeSet(ctx->ctx, &vrange);
235  if (s != SECSuccess)
236  goto err;
237  }
238 
239  // Only support strong ciphers.
240  {
241  const PRUint16 *ciphers = SSL_GetImplementedCiphers();
242  const PRUint16 n_ciphers = SSL_GetNumImplementedCiphers();
243  PRUint16 i;
244  for (i = 0; i < n_ciphers; ++i) {
245  SSLCipherSuiteInfo info;
246  memset(&info, 0, sizeof(info));
247  s = SSL_GetCipherSuiteInfo(ciphers[i], &info, sizeof(info));
248  if (s != SECSuccess)
249  goto err;
250  if (BUG(info.cipherSuite != ciphers[i]))
251  goto err;
252  int disable = info.effectiveKeyBits < 128 ||
253  info.macBits < 128 ||
254  !we_like_ssl_cipher(info.symCipher) ||
255  !we_like_ssl_kea(info.keaType) ||
256  !we_like_mac_algorithm(info.macAlgorithm) ||
257  !we_like_auth_type(info.authType)/* Requires NSS 3.24 */;
258 
259  s = SSL_CipherPrefSet(ctx->ctx, ciphers[i],
260  disable ? PR_FALSE : PR_TRUE);
261  if (s != SECSuccess)
262  goto err;
263  }
264  }
265 
266  // Only use DH and ECDH keys once.
267  s = SSL_OptionSet(ctx->ctx, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
268  if (s != SECSuccess)
269  goto err;
270 
271  // don't cache sessions.
272  s = SSL_OptionSet(ctx->ctx, SSL_NO_CACHE, PR_TRUE);
273  if (s != SECSuccess)
274  goto err;
275 
276  // Enable DH.
277  s = SSL_OptionSet(ctx->ctx, SSL_ENABLE_SERVER_DHE, PR_TRUE);
278  if (s != SECSuccess)
279  goto err;
280 
281  // Set DH and ECDH groups.
282  SSLNamedGroup groups[] = {
283  ssl_grp_ec_curve25519,
284  ssl_grp_ec_secp256r1,
285  ssl_grp_ec_secp224r1,
286  ssl_grp_ffdhe_2048,
287  };
288  s = SSL_NamedGroupConfig(ctx->ctx, groups, ARRAY_LENGTH(groups));
289  if (s != SECSuccess)
290  goto err;
291 
292  // These features are off by default, so we don't need to disable them:
293  // Session tickets
294  // Renegotiation
295  // Compression
296 
297  goto done;
298  err:
300  ctx = NULL;
301  done:
302  return ctx;
303 }
304 
305 void
306 tor_tls_context_impl_free_(tor_tls_context_impl_t *ctx)
307 {
308  if (!ctx)
309  return;
310  PR_Close(ctx);
311 }
312 
313 void
314 tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
315 {
316  (void)tls;
317  (void)buf;
318  (void)sz;
319  // AFAICT, NSS doesn't expose its internal state.
320  buf[0]=0;
321 }
322 
323 void
325 {
327 }
328 
329 void
330 tls_log_errors(tor_tls_t *tls, int severity, int domain,
331  const char *doing)
332 {
333  /* This implementation is a little different for NSS than it is for OpenSSL
334  -- it logs the last error whether anything actually failed or not. So we
335  have to only call it when something has gone wrong and we have a real
336  error to report. */
337 
338  (void)tls;
339  PRErrorCode code = PORT_GetError();
340 
341  const char *addr = tls ? tls->address : NULL;
342  const char *string = PORT_ErrorToString(code);
343  const char *name = PORT_ErrorToName(code);
344  char buf[16];
345  if (!string)
346  string = "<unrecognized>";
347  if (!name) {
348  tor_snprintf(buf, sizeof(buf), "%d", code);
349  name = buf;
350  }
351 
352  const char *with = addr ? " with " : "";
353  addr = addr ? addr : "";
354  if (doing) {
355  log_fn(severity, domain, "TLS error %s while %s%s%s: %s",
356  name, doing, with, addr, string);
357  } else {
358  log_fn(severity, domain, "TLS error %s%s%s: %s", name, string,
359  with, addr);
360  }
361 }
362 
363 tor_tls_t *
364 tor_tls_new(tor_socket_t sock, int is_server)
365 {
366  (void)sock;
367  tor_tls_context_t *ctx = tor_tls_context_get(is_server);
368 
369  PRFileDesc *tcp = NULL;
370  if (SOCKET_OK(sock)) {
371  tcp = PR_ImportTCPSocket(sock);
372  } else {
373  tcp = PR_NewTCPSocket();
374  }
375 
376  if (!tcp)
377  return NULL;
378 
379  PRFileDesc *count = tor_wrap_prfiledesc_with_byte_counter(tcp);
380  if (! count)
381  return NULL;
382 
383  PRFileDesc *ssl = SSL_ImportFD(ctx->ctx, count);
384  if (!ssl) {
385  PR_Close(tcp);
386  return NULL;
387  }
388 
389  tor_tls_t *tls = tor_malloc_zero(sizeof(tor_tls_t));
390  tls->magic = TOR_TLS_MAGIC;
391  tls->context = ctx;
393  tls->ssl = ssl;
394  tls->socket = sock;
395  tls->state = TOR_TLS_ST_HANDSHAKE;
396  tls->isServer = !!is_server;
397 
398  if (!is_server) {
399  /* Set a random SNI */
400  char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
401  SSL_SetURL(tls->ssl, fake_hostname);
402  tor_free(fake_hostname);
403  }
404  SECStatus s = SSL_ResetHandshake(ssl, is_server ? PR_TRUE : PR_FALSE);
405  if (s != SECSuccess) {
406  tls_log_errors(tls, LOG_WARN, LD_CRYPTO, "resetting handshake state");
407  }
408 
409  return tls;
410 }
411 
412 void
414  void (*cb)(tor_tls_t *, void *arg),
415  void *arg)
416 {
417  tor_assert(tls);
418  (void)cb;
419  (void)arg;
420 
421  /* We don't support renegotiation-based TLS with NSS. */
422 }
423 
428 void
430 {
431  if (! tls)
432  return;
433 
434  /* NSS doesn't have the equivalent of BIO_NO_CLOSE. If you replace the
435  * fd with something that's invalid, it causes a memory leak in PR_Close.
436  *
437  * If there were a way to put the PRFileDesc into the CLOSED state, that
438  * would prevent it from closing its fd -- but there doesn't seem to be a
439  * supported way to do that either.
440  *
441  * So instead: we make a new sacrificial socket, and replace the original
442  * socket with that one. This seems to be the best we can do, until we
443  * redesign the mainloop code enough to make this function unnecessary.
444  */
445  tor_socket_t sock =
446  tor_open_socket_nonblocking(AF_INET, SOCK_STREAM, IPPROTO_TCP);
447  if (! SOCKET_OK(sock)) {
448  log_warn(LD_NET, "Out of sockets when trying to shut down an NSS "
449  "connection");
450  return;
451  }
452 
453  PRFileDesc *tcp = PR_GetIdentitiesLayer(tls->ssl, PR_NSPR_IO_LAYER);
454  if (BUG(! tcp)) {
455  tor_close_socket(sock);
456  return;
457  }
458 
459  PR_ChangeFileDescNativeHandle(tcp, sock);
460  /* Tell our socket accounting layer that we don't own this socket any more:
461  * NSS is about to free it for us. */
463 }
464 
465 void
466 tor_tls_impl_free_(tor_tls_impl_t *tls)
467 {
468  // XXXX This will close the underlying fd, which our OpenSSL version does
469  // not do!
470  if (!tls)
471  return;
472 
473  PR_Close(tls);
474 }
475 
476 int
478 {
479  CERTCertificate *cert = SSL_PeerCertificate(tls->ssl);
480  int result = (cert != NULL);
481  CERT_DestroyCertificate(cert);
482  return result;
483 }
484 
485 MOCK_IMPL(tor_x509_cert_t *,
486 tor_tls_get_peer_cert,(tor_tls_t *tls))
487 {
488  CERTCertificate *cert = SSL_PeerCertificate(tls->ssl);
489  if (cert)
490  return tor_x509_cert_new(cert);
491  else
492  return NULL;
493 }
494 
495 MOCK_IMPL(tor_x509_cert_t *,
496 tor_tls_get_own_cert,(tor_tls_t *tls))
497 {
498  tor_assert(tls);
499  CERTCertificate *cert = SSL_LocalCertificate(tls->ssl);
500  if (cert)
501  return tor_x509_cert_new(cert);
502  else
503  return NULL;
504 }
505 
506 MOCK_IMPL(int,
507 tor_tls_read, (tor_tls_t *tls, char *cp, size_t len))
508 {
509  tor_assert(tls);
510  tor_assert(cp);
511  tor_assert(len < INT_MAX);
512 
513  PRInt32 rv = PR_Read(tls->ssl, cp, (int)len);
514  // log_debug(LD_NET, "PR_Read(%zu) returned %d", n, (int)rv);
515  if (rv > 0) {
516  return rv;
517  }
518  if (rv == 0)
519  return TOR_TLS_CLOSE;
520  PRErrorCode err = PORT_GetError();
521  if (err == PR_WOULD_BLOCK_ERROR) {
522  return TOR_TLS_WANTREAD; // XXXX ????
523  } else {
524  tls_log_errors(tls, LOG_NOTICE, LD_CRYPTO, "reading"); // XXXX
525  return TOR_TLS_ERROR_MISC; // ????
526  }
527 }
528 
529 int
530 tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
531 {
532  tor_assert(tls);
533  tor_assert(cp || n == 0);
534  tor_assert(n < INT_MAX);
535 
536  PRInt32 rv = PR_Write(tls->ssl, cp, (int)n);
537  // log_debug(LD_NET, "PR_Write(%zu) returned %d", n, (int)rv);
538  if (rv > 0) {
539  return rv;
540  }
541  if (rv == 0)
542  return TOR_TLS_ERROR_MISC;
543  PRErrorCode err = PORT_GetError();
544 
545  if (err == PR_WOULD_BLOCK_ERROR) {
546  return TOR_TLS_WANTWRITE; // XXXX ????
547  } else {
548  tls_log_errors(tls, LOG_NOTICE, LD_CRYPTO, "writing"); // XXXX
549  return TOR_TLS_ERROR_MISC; // ????
550  }
551 }
552 
553 int
555 {
556  tor_assert(tls);
557  tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
558 
559  SECStatus s = SSL_ForceHandshake(tls->ssl);
560  if (s == SECSuccess) {
561  tls->state = TOR_TLS_ST_OPEN;
562  log_debug(LD_NET, "SSL handshake is supposedly complete.");
563  return tor_tls_finish_handshake(tls);
564  }
565  if (PORT_GetError() == PR_WOULD_BLOCK_ERROR)
566  return TOR_TLS_WANTREAD; /* XXXX What about wantwrite? */
567 
568  return TOR_TLS_ERROR_MISC; // XXXX
569 }
570 
571 int
573 {
574  tor_assert(tls);
575  // We don't need to do any of the weird handshake nonsense stuff on NSS,
576  // since we only support recent handshakes.
577  return TOR_TLS_DONE;
578 }
579 
580 void
582 {
583  tor_assert(tls);
584  /* We don't support renegotiation with NSS. */
585 }
586 
587 void
589 {
590  tor_assert(tls);
591  /* We don't support renegotiation with NSS. */
592 }
593 
594 void
596 {
597  tor_assert(tls);
598  /* We don't support renegotiation with NSS. */
599 }
600 
601 int
603 {
604  tor_assert(tls);
605  int n = SSL_DataPending(tls->ssl);
606  if (n < 0) {
607  tls_log_errors(tls, LOG_WARN, LD_CRYPTO, "looking up pending bytes");
608  return 0;
609  }
610  return (int)n;
611 }
612 
613 size_t
615 {
616  tor_assert(tls);
617  /* NSS doesn't have the same "forced write" restriction as openssl. */
618  return 0;
619 }
620 
621 void
623  size_t *n_read, size_t *n_written)
624 {
625  tor_assert(tls);
626  tor_assert(n_read);
627  tor_assert(n_written);
628  uint64_t r, w;
629  if (tor_get_prfiledesc_byte_counts(tls->ssl, &r, &w) < 0) {
630  *n_read = *n_written = 0;
631  return;
632  }
633 
634  *n_read = (size_t)(r - tls->last_read_count);
635  *n_written = (size_t)(w - tls->last_write_count);
636 
637  tls->last_read_count = r;
638  tls->last_write_count = w;
639 }
640 
641 int
643  size_t *rbuf_capacity, size_t *rbuf_bytes,
644  size_t *wbuf_capacity, size_t *wbuf_bytes)
645 {
646  tor_assert(tls);
647  tor_assert(rbuf_capacity);
648  tor_assert(rbuf_bytes);
649  tor_assert(wbuf_capacity);
650  tor_assert(wbuf_bytes);
651 
652  /* This is an acceptable way to say "we can't measure this." */
653  return -1;
654 }
655 
656 MOCK_IMPL(double,
657 tls_get_write_overhead_ratio, (void))
658 {
659  /* XXX We don't currently have a way to measure this in NSS; we could do that
660  * XXX with a PRIO layer, but it'll take a little coding. */
661  return 0.95;
662 }
663 
664 int
666 {
667  tor_assert(tls);
668  /* We don't support or allow the V1 handshake with NSS.
669  */
670  return 0;
671 }
672 
673 int
675 {
676  tor_assert(tls);
677  return 0; /* We don't support renegotiation with NSS */
678 }
679 
680 MOCK_IMPL(int,
681 tor_tls_cert_matches_key,(const tor_tls_t *tls,
682  const struct tor_x509_cert_t *cert))
683 {
684  tor_assert(tls);
685  tor_assert(cert);
686  int rv = 0;
687 
688  CERTCertificate *peercert = SSL_PeerCertificate(tls->ssl);
689  if (!peercert)
690  goto done;
691  CERTSubjectPublicKeyInfo *peer_info = &peercert->subjectPublicKeyInfo;
692  CERTSubjectPublicKeyInfo *cert_info = &cert->cert->subjectPublicKeyInfo;
693  rv = SECOID_CompareAlgorithmID(&peer_info->algorithm,
694  &cert_info->algorithm) == 0 &&
695  SECITEM_ItemsAreEqual(&peer_info->subjectPublicKey,
696  &cert_info->subjectPublicKey);
697 
698  done:
699  if (peercert)
700  CERT_DestroyCertificate(peercert);
701  return rv;
702 }
703 
704 MOCK_IMPL(int,
705 tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
706 {
707  tor_assert(tls);
708  tor_assert(secrets_out);
709 
710  /* There's no way to get this information out of NSS. */
711 
712  return -1;
713 }
714 
715 MOCK_IMPL(int,
716 tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out,
717  const uint8_t *context,
718  size_t context_len,
719  const char *label))
720 {
721  tor_assert(tls);
722  tor_assert(secrets_out);
723  tor_assert(context);
724  tor_assert(label);
725  tor_assert(strlen(label) <= UINT_MAX);
726  tor_assert(context_len <= UINT_MAX);
727 
728  SECStatus s;
729  s = SSL_ExportKeyingMaterial(tls->ssl,
730  label, (unsigned)strlen(label),
731  PR_TRUE, context, (unsigned)context_len,
732  secrets_out, DIGEST256_LEN);
733 
734  return (s == SECSuccess) ? 0 : -1;
735 }
736 
737 const char *
738 tor_tls_get_ciphersuite_name(tor_tls_t *tls)
739 {
740  tor_assert(tls);
741 
742  SSLChannelInfo channel_info;
743  SSLCipherSuiteInfo cipher_info;
744 
745  memset(&channel_info, 0, sizeof(channel_info));
746  memset(&cipher_info, 0, sizeof(cipher_info));
747 
748  SECStatus s = SSL_GetChannelInfo(tls->ssl,
749  &channel_info, sizeof(channel_info));
750  if (s != SECSuccess)
751  return NULL;
752 
753  s = SSL_GetCipherSuiteInfo(channel_info.cipherSuite,
754  &cipher_info, sizeof(cipher_info));
755  if (s != SECSuccess)
756  return NULL;
757 
758  return cipher_info.cipherSuiteName;
759 }
760 
762 #define SEC_OID_TOR_DEFAULT_ECDHE_GROUP SEC_OID_ANSIX962_EC_PRIME256V1
763 
764 int
765 evaluate_ecgroup_for_tls(const char *ecgroup)
766 {
767  SECOidTag tag;
768 
769  if (!ecgroup)
771  else if (!strcasecmp(ecgroup, "P256"))
772  tag = SEC_OID_ANSIX962_EC_PRIME256V1;
773  else if (!strcasecmp(ecgroup, "P224"))
774  tag = SEC_OID_SECG_EC_SECP224R1;
775  else
776  return 0;
777 
778  /* I don't think we need any additional tests here for NSS */
779  (void) tag;
780 
781  return 1;
782 }
783 
784 static SECStatus
785 always_accept_cert_cb(void *arg, PRFileDesc *ssl, PRBool checkSig,
786  PRBool isServer)
787 {
788  (void)arg;
789  (void)ssl;
790  (void)checkSig;
791  (void)isServer;
792  return SECSuccess;
793 }
char * address
Definition: tortls_st.h:39
void tor_tls_block_renegotiation(tor_tls_t *tls)
Definition: tortls_nss.c:588
tor_socket_t socket
Definition: tortls_st.h:37
tor_tls_context_t * tor_tls_context_get(int is_server)
Definition: tortls.c:40
#define SEC_OID_TOR_DEFAULT_ECDHE_GROUP
Definition: tortls_nss.c:762
Common functions for using (pseudo-)random number generators.
Header for printf.c.
Headers for crypto_dh.c.
int evaluate_ecgroup_for_tls(const char *ecgroup)
Definition: tortls_nss.c:765
Headers for crypto_cipher.c.
void tor_tls_init(void)
Definition: tortls_nss.c:324
int tor_tls_get_buffer_sizes(tor_tls_t *tls, size_t *rbuf_capacity, size_t *rbuf_bytes, size_t *wbuf_capacity, size_t *wbuf_bytes)
Definition: tortls_nss.c:642
void tor_nss_countbytes_init(void)
tor_tls_t * tor_tls_new(tor_socket_t sock, int is_server)
Definition: tortls_nss.c:364
#define tor_free(p)
Definition: malloc.h:52
void tor_tls_context_decref(tor_tls_context_t *ctx)
Definition: tortls.c:114
#define LOG_NOTICE
Definition: log.h:46
unsigned int isServer
Definition: tortls_st.h:43
#define SOCKET_OK(s)
Definition: nettypes.h:39
int tor_tls_server_got_renegotiate(tor_tls_t *tls)
Definition: tortls_nss.c:674
#define DIGEST256_LEN
Definition: digest_sizes.h:23
PRFileDesc * tor_wrap_prfiledesc_with_byte_counter(PRFileDesc *stack)
Header for nss_countbytes.c, which lets us count the number of bytes actually written on a PRFileDesc...
Common functions for cryptographic routines.
tor_assert(buffer)
void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
Definition: tortls_nss.c:595
void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
Definition: tortls_nss.c:314
int tor_get_prfiledesc_byte_counts(PRFileDesc *fd, uint64_t *n_read_out, uint64_t *n_written_out)
int tor_tls_used_v1_handshake(tor_tls_t *tls)
Definition: tortls_nss.c:665
void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
Definition: tortls_nss.c:330
int tor_tls_context_init_certificates(tor_tls_context_t *result, crypto_pk_t *identity, unsigned key_lifetime, unsigned flags)
Definition: tortls.c:287
#define LOG_WARN
Definition: log.h:49
#define tor_socket_t
Definition: nettypes.h:36
Headers for tortls.c.
void tor_tls_unblock_renegotiation(tor_tls_t *tls)
Definition: tortls_nss.c:581
void tor_tls_set_renegotiate_callback(tor_tls_t *tls, void(*cb)(tor_tls_t *, void *arg), void *arg)
Definition: tortls_nss.c:413
int tor_tls_handshake(tor_tls_t *tls)
Definition: tortls_nss.c:554
int tor_tls_finish_handshake(tor_tls_t *tls)
Definition: tortls_nss.c:572
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol)
Definition: socket.c:260
tor_tls_impl_t * ssl
Definition: tortls_st.h:36
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
tor_tls_state_bitfield_t state
Definition: tortls_st.h:40
int tor_tls_peer_has_cert(tor_tls_t *tls)
Definition: tortls_nss.c:477
#define ARRAY_LENGTH(x)
#define log_fn(severity, domain, args,...)
Definition: log.h:255
Headers for tortls.c.
size_t tor_tls_get_forced_write_size(tor_tls_t *tls)
Definition: tortls_nss.c:614
void tor_release_socket_ownership(tor_socket_t s)
Definition: socket.c:349
int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
Definition: tortls_nss.c:530
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:622
#define LD_NET
Definition: log.h:62
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:602
void tor_tls_context_incref(tor_tls_context_t *ctx)
Definition: tortls.c:106
#define LD_CRYPTO
Definition: log.h:60
Macros to manage assertions, fatal and non-fatal.
char * crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix)
Definition: crypto_rand.c:659
void tor_tls_release_socket(tor_tls_t *tls)
Definition: tortls_nss.c:429
Headers for crypto_nss_mgt.c.