Kezdőlap Felfedezés Súgó
Bejelentkezés
piros
/
tor
3
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 6a88d8f6b4
Branch-ok Tag-ek
tor
/
src
/
lib
/
tls
/
tortls.c

tortls.c 4.5 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. /* Copyright (c) 2003, Roger Dingledine.
    2. 

  2.  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
    3. 

  3.  * Copyright (c) 2007-2018, The Tor Project, Inc. */
    4. 

  4. /* See LICENSE for licensing information */
    5. 

  5. 

  6. #define TORTLS_PRIVATE
    7. 

  7. #include "lib/tls/x509.h"
    8. 

  8. #include "lib/tls/tortls.h"
    9. 

  9. #include "lib/tls/tortls_st.h"
    10. 

  10. #include "lib/tls/tortls_internal.h"
    11. 

  11. #include "lib/log/util_bug.h"
    12. 

  12. #include "lib/intmath/cmp.h"
    13. 

  13. 

  14. /** Global TLS contexts. We keep them here because nobody else needs
    15. 

  15.  * to touch them.
    16. 

  16.  *
    17. 

  17.  * @{ */
    18. 

  18. STATIC tor_tls_context_t *server_tls_context = NULL;
    19. 

  19. STATIC tor_tls_context_t *client_tls_context = NULL;
    20. 

  20. /**@}*/
    21. 

  21. 

  22. /**
    23. 

  23.  * Return the appropriate TLS context.
    24. 

  24.  */
    25. 

  25. tor_tls_context_t *
    26. 

  26. tor_tls_context_get(int is_server)
    27. 

  27. {
    28. 

  28.   return is_server ? server_tls_context : client_tls_context;
    29. 

  29. }
    30. 

  30. 

  31. /** Increase the reference count of <b>ctx</b>. */
    32. 

  32. void
    33. 

  33. tor_tls_context_incref(tor_tls_context_t *ctx)
    34. 

  34. {
    35. 

  35.   ++ctx->refcnt;
    36. 

  36. }
    37. 

  37. 

  38. /** Free all global TLS structures. */
    39. 

  39. void
    40. 

  40. tor_tls_free_all(void)
    41. 

  41. {
    42. 

  42.   check_no_tls_errors();
    43. 

  43. 

  44.   if (server_tls_context) {
    45. 

  45.     tor_tls_context_t *ctx = server_tls_context;
    46. 

  46.     server_tls_context = NULL;
    47. 

  47.     tor_tls_context_decref(ctx);
    48. 

  48.   }
    49. 

  49.   if (client_tls_context) {
    50. 

  50.     tor_tls_context_t *ctx = client_tls_context;
    51. 

  51.     client_tls_context = NULL;
    52. 

  52.     tor_tls_context_decref(ctx);
    53. 

  53.   }
    54. 

  54. }
    55. 

  55. 

  56. /** Given a TOR_TLS_* error code, return a string equivalent. */
    57. 

  57. const char *
    58. 

  58. tor_tls_err_to_string(int err)
    59. 

  59. {
    60. 

  60.   if (err >= 0)
    61. 

  61.     return "[Not an error.]";
    62. 

  62.   switch (err) {
    63. 

  63.     case TOR_TLS_ERROR_MISC: return "misc error";
    64. 

  64.     case TOR_TLS_ERROR_IO: return "unexpected close";
    65. 

  65.     case TOR_TLS_ERROR_CONNREFUSED: return "connection refused";
    66. 

  66.     case TOR_TLS_ERROR_CONNRESET: return "connection reset";
    67. 

  67.     case TOR_TLS_ERROR_NO_ROUTE: return "host unreachable";
    68. 

  68.     case TOR_TLS_ERROR_TIMEOUT: return "connection timed out";
    69. 

  69.     case TOR_TLS_CLOSE: return "closed";
    70. 

  70.     case TOR_TLS_WANTREAD: return "want to read";
    71. 

  71.     case TOR_TLS_WANTWRITE: return "want to write";
    72. 

  72.     default: return "(unknown error code)";
    73. 

  73.   }
    74. 

  74. }
    75. 

  75. 

  76. /** Create new global client and server TLS contexts.
    77. 

  77.  *
    78. 

  78.  * If <b>server_identity</b> is NULL, this will not generate a server
    79. 

  79.  * TLS context. If TOR_TLS_CTX_IS_PUBLIC_SERVER is set in <b>flags</b>, use
    80. 

  80.  * the same TLS context for incoming and outgoing connections, and
    81. 

  81.  * ignore <b>client_identity</b>. If one of TOR_TLS_CTX_USE_ECDHE_P{224,256}
    82. 

  82.  * is set in <b>flags</b>, use that ECDHE group if possible; otherwise use
    83. 

  83.  * the default ECDHE group. */
    84. 

  84. int
    85. 

  85. tor_tls_context_init(unsigned flags,
    86. 

  86.                      crypto_pk_t *client_identity,
    87. 

  87.                      crypto_pk_t *server_identity,
    88. 

  88.                      unsigned int key_lifetime)
    89. 

  89. {
    90. 

  90.   int rv1 = 0;
    91. 

  91.   int rv2 = 0;
    92. 

  92.   const int is_public_server = flags & TOR_TLS_CTX_IS_PUBLIC_SERVER;
    93. 

  93.   check_no_tls_errors();
    94. 

  94. 

  95.   if (is_public_server) {
    96. 

  96.     tor_tls_context_t *new_ctx;
    97. 

  97.     tor_tls_context_t *old_ctx;
    98. 

  98. 

  99.     tor_assert(server_identity != NULL);
    100. 

  100. 

  101.     rv1 = tor_tls_context_init_one(&server_tls_context,
    102. 

  102.                                    server_identity,
    103. 

  103.                                    key_lifetime, flags, 0);
    104. 

  104. 

  105.     if (rv1 >= 0) {
    106. 

  106.       new_ctx = server_tls_context;
    107. 

  107.       tor_tls_context_incref(new_ctx);
    108. 

  108.       old_ctx = client_tls_context;
    109. 

  109.       client_tls_context = new_ctx;
    110. 

  110. 

  111.       if (old_ctx != NULL) {
    112. 

  112.         tor_tls_context_decref(old_ctx);
    113. 

  113.       }
    114. 

  114.     }
    115. 

  115.   } else {
    116. 

  116.     if (server_identity != NULL) {
    117. 

  117.       rv1 = tor_tls_context_init_one(&server_tls_context,
    118. 

  118.                                      server_identity,
    119. 

  119.                                      key_lifetime,
    120. 

  120.                                      flags,
    121. 

  121.                                      0);
    122. 

  122.     } else {
    123. 

  123.       tor_tls_context_t *old_ctx = server_tls_context;
    124. 

  124.       server_tls_context = NULL;
    125. 

  125. 

  126.       if (old_ctx != NULL) {
    127. 

  127.         tor_tls_context_decref(old_ctx);
    128. 

  128.       }
    129. 

  129.     }
    130. 

  130. 

  131.     rv2 = tor_tls_context_init_one(&client_tls_context,
    132. 

  132.                                    client_identity,
    133. 

  133.                                    key_lifetime,
    134. 

  134.                                    flags,
    135. 

  135.                                    1);
    136. 

  136.   }
    137. 

  137. 

  138.   tls_log_errors(NULL, LOG_WARN, LD_CRYPTO, "constructing a TLS context");
    139. 

  139.   return MIN(rv1, rv2);
    140. 

  140. }
    141. 

  141. 

  142. /** Make future log messages about <b>tls</b> display the address
    143. 

  143.  * <b>address</b>.
    144. 

  144.  */
    145. 

  145. void
    146. 

  146. tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
    147. 

  147. {
    148. 

  148.   tor_assert(tls);
    149. 

  149.   tor_free(tls->address);
    150. 

  150.   tls->address = tor_strdup(address);
    151. 

  151. }
    152. 

  152. 

  153. /** Return whether this tls initiated the connect (client) or
    154. 

  154.  * received it (server). */
    155. 

  155. int
    156. 

  156. tor_tls_is_server(tor_tls_t *tls)
    157. 

  157. {
    158. 

  158.   tor_assert(tls);
    159. 

  159.   return tls->isServer;
    160. 

  160. }
    161.