%!s(int64=17) %!d(string=hai) anos · 22c31d91ab
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -20,6 +20,7 @@ const char tortls_c_id[] =
 
				 
			
 
				 #include <assert.h>
			
 
				 #include <openssl/ssl.h>
			
 
				+#include <openssl/ssl3.h>
			
 
				 #include <openssl/err.h>
			
 
				 #include <openssl/tls1.h>
			
 
				 #include <openssl/asn1.h>
			
@@ -896,3 +897,39 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
 
				   return 1;
			
 
				 }
			
 
				 
			
 
				+#if SSL3_RANDOM_SIZE != TOR_TLS_RANDOM_LEN
			
 
				+#error "The TOR_TLS_RANDOM_LEN macro is defined incorrectly.  That's a bug."
			
 
				+#endif
			
 
				+
			
 
				+/** DOCDOC */
			
 
				+int
			
 
				+tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
			
 
				+                          char *server_random_out)
			
 
				+{
			
 
				+  tor_assert(tls && tls->ssl);
			
 
				+  if (!tls->ssl->s3)
			
 
				+    return -1;
			
 
				+  memcpy(client_random_out, tls->ssl->s3->client_random, SSL3_RANDOM_SIZE);
			
 
				+  memcpy(server_random_out, tls->ssl->s3->server_random, SSL3_RANDOM_SIZE);
			
 
				+  return 0;
			
 
				+}
			
 
				+
			
 
				+/** DOCDOC */
			
 
				+int
			
 
				+tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
			
 
				+                                const char *data, size_t data_len)
			
 
				+{
			
 
				+  SSL_SESSION *s;
			
 
				+  tor_assert(tls && tls->ssl);
			
 
				+  if (!(s = SSL_get_session(tls->ssl)))
			
 
				+    return -1;
			
 
				+  if (s->master_key_length < 0)
			
 
				+    return -1;
			
 
				+  crypto_hmac_sha1(hmac_out,
			
 
				+                   (const char*)s->master_key,
			
 
				+                   (size_t)s->master_key_length,
			
 
				+                   data, data_len);
			
 
				+  return 0;
			
 
				+}
			
 
				+
			
 
				+
			
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -41,6 +41,9 @@ typedef struct tor_tls_t tor_tls_t;
 
				   case TOR_TLS_ERROR_NO_ROUTE:                  \
			
 
				   case TOR_TLS_ERROR_TIMEOUT
			
 
				 
			
 
				+/**DOCDOC*/
			
 
				+#define TOR_TLS_RANDOM_LEN 32
			
 
				+
			
 
				 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
			
 
				 
			
 
				 void tor_tls_free_all(void);
			
@@ -65,6 +68,10 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
 
				                              size_t *n_read, size_t *n_written);
			
 
				 
			
 
				 int tor_tls_used_v1_handshake(tor_tls_t *tls);
			
 
				+int tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
			
 
				+                              char *server_random_out);
			
 
				+int tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
			
 
				+                                    const char *data, size_t data_len);
			
 
				 
			
 
				 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
			
 
				  */
			
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -728,7 +728,7 @@ connection_tls_finish_handshake(or_connection_t *conn)
 
				   if (connection_or_check_valid_handshake(conn, started_here, digest_rcvd) < 0)
			
 
				     return -1;
			
 
				 
			
 
				-  if (!started_here) {
			
 
				+  if (!started_here) { /* V1 only XXX020 */
			
 
				     connection_or_init_conn_from_address(conn,conn->_base.addr,
			
 
				                                          conn->_base.port, digest_rcvd, 0);
			
 
				   }
			
@@ -741,10 +741,16 @@ connection_tls_finish_handshake(or_connection_t *conn)
 
				   } else {
			
 
				     conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
			
 
				     conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
			
 
				+    conn->handshake_state->started_here = started_here ? 1 : 0;
			
 
				+    if (tor_tls_get_random_values(conn->tls,
			
 
				+                                  conn->handshake_state->client_random,
			
 
				+                                  conn->handshake_state->server_random) < 0)
			
 
				+      return -1;
			
 
				     return connection_or_send_versions(conn);
			
 
				   }
			
 
				 }
			
 
				 
			
 
				+
			
 
				 /** DOCDOC */
			
 
				 void
			
 
				 or_handshake_state_free(or_handshake_state_t *state)
			
@@ -752,6 +758,7 @@ or_handshake_state_free(or_handshake_state_t *state)
 
				   tor_assert(state);
			
 
				   if (state->signing_key)
			
 
				     crypto_free_pk_env(state->signing_key);
			
 
				+  memset(state, 0xBE, sizeof(or_handshake_state_t));
			
 
				   tor_free(state);
			
 
				 }
			
 
				 
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -861,6 +861,7 @@ typedef struct connection_t {
 
				 /** DOCDOC */
			
 
				 typedef struct or_handshake_state_t {
			
 
				   time_t sent_versions_at;
			
 
				+  unsigned int started_here : 1;
			
 
				   unsigned int received_versions : 1;
			
 
				   unsigned int received_netinfo : 1;
			
 
				   unsigned int received_certs : 1;
			
@@ -878,7 +879,6 @@ typedef struct or_handshake_state_t {
 
				   /* from certs */
			
 
				   char cert_id_digest[DIGEST_LEN];
			
 
				   crypto_pk_env_t *signing_key;
			
 
				-
			
 
				 } or_handshake_state_t;
			
 
				 
			
 
				 /** Subtype of connection_t for an "OR connection" -- that is, one that speaks