| blob | 455603030ff908d5814c4b61d46c439015d97b00 |
1 /* Copyright (c) 2003, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file tortls.c
8 * \brief Wrapper functions to present a consistent interface to
9 * TLS, SSL, and X.509 functions from OpenSSL.
10 **/
12 /* (Unlike other tor functions, these
13 * are prefixed with tor_ in order to avoid conflicting with OpenSSL
14 * functions and variables.)
15 */
19 #if defined (WINCE)
20 #include <WinSock2.h>
21 #endif
23 #include <assert.h>
25 #ifndef WIN32_WINNT
26 #define WIN32_WINNT 0x400
27 #endif
28 #ifndef _WIN32_WINNT
29 #define _WIN32_WINNT 0x400
30 #endif
31 #define WIN32_LEAN_AND_MEAN
32 #if defined(_MSC_VER) && (_MSC_VER < 1300)
33 #include <winsock.h>
34 #else
35 #include <winsock2.h>
36 #include <ws2tcpip.h>
37 #endif
38 #endif
39 #include <openssl/ssl.h>
40 #include <openssl/ssl3.h>
41 #include <openssl/err.h>
42 #include <openssl/tls1.h>
43 #include <openssl/asn1.h>
44 #include <openssl/bio.h>
45 #include <openssl/opensslv.h>
47 #if OPENSSL_VERSION_NUMBER < 0x00907000l
49 #endif
51 #ifdef USE_BUFFEREVENTS
52 #include <event2/bufferevent_ssl.h>
53 #include <event2/buffer.h>
55 #endif
58 #define TORTLS_PRIVATE
65 #include <string.h>
67 /* Enable the "v2" TLS handshake.
68 */
69 #define V2_HANDSHAKE_SERVER
70 #define V2_HANDSHAKE_CLIENT
72 /* Copied from or.h */
73 #define LEGAL_NICKNAME_CHARACTERS \
74 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
76 /** How long do identity certificates live? (sec) */
77 #define IDENTITY_CERT_LIFETIME (365*24*60*60)
81 /* We redefine these so that we can run correctly even if the vendor gives us
82 * a version of OpenSSL that does not match its header files. (Apple: I am
83 * looking at you.)
84 */
85 #ifndef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
86 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
87 #endif
88 #ifndef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
89 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
90 #endif
92 /** Does the run-time openssl version look like we need
93 * SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
95 /** Does the run-time openssl version look like we need
96 * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */
99 /** Holds a SSL_CTX object and related state used to configure TLS
100 * connections.
101 */
110 #define TOR_TLS_MAGIC 0x71571571
112 /** Holds a SSL object and its associated data. Members are only
113 * accessed from within tortls.c.
114 */
124 TOR_TLS_ST_BUFFEREVENT
126 * completed successfully. */
129 * this connection used the updated version
130 * of the connection protocol (client sends
131 * different cipher list, server sends only
132 * one certificate). */
133 /** True iff we should call negotiated_callback when we're done reading. */
135 /** Incremented every time we start the server side of a handshake. */
138 * time. */
139 /** Last values retrieved from BIO_number_read()/write(); see
140 * tor_tls_get_n_raw_bytes() for usage.
141 */
144 /** If set, a callback to invoke whenever the client tries to renegotiate
145 * the handshake. */
147 /** Argument to pass to negotiated_callback. */
149 };
151 #ifdef V2_HANDSHAKE_CLIENT
152 /** An array of fake SSL_CIPHER objects that we use in order to trick OpenSSL
153 * in client mode into advertising the ciphers we want. See
154 * rectify_client_ciphers() for details. */
156 /** A stack of SSL_CIPHER objects, some real, some fake.
157 * See rectify_client_ciphers() for details. */
159 #endif
161 /** The ex_data index in which we store a pointer to an SSL object's
162 * corresponding tor_tls_t object. */
165 /** Helper: Allocate tor_tls_object_ex_data_index. */
166 static void
168 {
170 tor_tls_object_ex_data_index =
173 }
174 }
176 /** Helper: given a SSL* pointer, return the tor_tls_t object using that
177 * pointer. */
180 {
185 }
201 /** Global TLS contexts. We keep them here because nobody else needs
202 * to touch them. */
206 /** True iff tor_tls_init() has been called. */
209 /* Module-internal error codes. */
210 #define _TOR_TLS_SYSCALL (_MIN_TOR_TLS_ERROR_VAL - 2)
211 #define _TOR_TLS_ZERORETURN (_MIN_TOR_TLS_ERROR_VAL - 1)
215 /** Return the symbolic name of an OpenSSL state. */
218 {
224 }
227 }
229 /** Write a description of the current state of <b>tls</b> into the
230 * <b>sz</b>-byte buffer at <b>buf</b>. */
231 void
233 {
240 }
251 #undef CASE
258 }
261 }
263 void
266 {
276 /* Some errors are known-benign, meaning they are the fault of the other
277 * side of the connection. The caller doesn't know this, so override the
278 * priority for those cases. */
290 }
306 }
307 }
309 /** Log all pending tls errors at level <b>severity</b>. Use
310 * <b>doing</b> to describe our current activities.
311 */
312 static void
314 {
319 }
320 }
322 /** Convert an errno (or a WSAerrno on windows) into a TOR_TLS_* error
323 * code. */
324 static int
326 {
327 #if defined(MS_WINDOWS)
340 }
341 #else
354 }
355 #endif
356 }
358 /** Given a TOR_TLS_* error code, return a string equivalent. */
361 {
375 }
376 }
378 #define CATCH_SYSCALL 1
379 #define CATCH_ZERO 2
381 /** Given a TLS object and the result of an SSL_* call, use
382 * SSL_get_error to determine whether an error has occurred, and if so
383 * which one. Return one of TOR_TLS_{DONE|WANTREAD|WANTWRITE|ERROR}.
384 * If extra&CATCH_SYSCALL is true, return _TOR_TLS_SYSCALL instead of
385 * reporting syscall errors. If extra&CATCH_ZERO is true, return
386 * _TOR_TLS_ZERORETURN instead of reporting zero-return errors.
387 *
388 * If an error has occurred, log it at level <b>severity</b> and describe the
389 * current action as <b>doing</b>.
390 */
391 static int
394 {
418 }
431 }
432 }
434 /** Initialize OpenSSL, unless it has already been initialized.
435 */
436 static void
438 {
446 /* OpenSSL 0.9.8l introduced SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
447 * here, but without thinking too hard about it: it turns out that the
448 * flag in question needed to be set at the last minute, and that it
449 * conflicted with an existing flag number that had already been added
450 * in the OpenSSL 1.0.0 betas. OpenSSL 0.9.8m thoughtfully replaced
451 * the flag with an option and (it seems) broke anything that used
452 * SSL3_FLAGS_* for the purpose. So we need to know how to do both,
453 * and we mustn't use the SSL3_FLAGS option with anything besides
454 * OpenSSL 0.9.8l.
455 *
456 * No, we can't just set flag 0x0010 everywhere. It breaks Tor with
457 * OpenSSL 1.0.0beta3 and later. On the other hand, we might be able to
458 * set option 0x00040000L everywhere.
459 *
460 * No, we can't simply detect whether the flag or the option is present
461 * in the headers at build-time: some vendors (notably Apple) like to
462 * leave their headers out of sync with their libraries.
463 *
464 * Yes, it _is_ almost as if the OpenSSL developers decided that no
465 * program should be allowed to use renegotiation unless it first passed
466 * a test of intelligence and determination.
467 */
481 "0.9.8l, but some vendors have backported 0.9.8l's "
482 "renegotiation code to earlier versions, and some have "
483 "backported the code from 0.9.8m or 0.9.8n. I'll set both "
491 }
496 }
497 }
499 /** Free all global TLS structures. */
500 void
502 {
507 }
512 }
513 #ifdef V2_HANDSHAKE_CLIENT
518 #endif
519 }
521 /** We need to give OpenSSL a callback to verify certificates. This is
522 * it: We always accept peer certs and complete the handshake. We
523 * don't validate them until later.
524 */
525 static int
528 {
532 }
534 /** Return a newly allocated X509 name with commonName <b>cname</b>. */
537 {
547 error:
550 }
552 /** Generate and sign an X509 certificate with the public key <b>rsa</b>,
553 * signed by the private key <b>rsa_sign</b>. The commonName of the
554 * certificate will be <b>cname</b>; the commonName of the issuer will be
555 * <b>cname_sign</b>. The cert will be valid for <b>cert_lifetime</b> seconds
556 * starting from now. Return a certificate on success, NULL on
557 * failure.
558 */
565 {
610 error:
614 }
615 done:
626 }
628 /** List of ciphers that servers should select from.*/
629 #define SERVER_CIPHER_LIST \
632 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
633 /* Note: to set up your own private testing network with link crypto
634 * disabled, set your Tors' cipher list to
635 * (SSL3_TXT_RSA_NULL_SHA). If you do this, you won't be able to communicate
636 * with any of the "real" Tors, though. */
638 #ifdef V2_HANDSHAKE_CLIENT
640 #define XCIPHER(id, name)
641 /** List of ciphers that clients should advertise, omitting items that
642 * our OpenSSL doesn't know about. */
645 ;
646 #undef CIPHER
647 #undef XCIPHER
649 /** Holds a cipher that we want to advertise, and its 2-byte ID. */
651 /** A list of all the ciphers that clients should advertise, including items
652 * that OpenSSL might not know about. */
654 #define CIPHER(id, name) { id, name },
655 #define XCIPHER(id, name) { id, #name },
657 #undef CIPHER
658 #undef XCIPHER
659 };
661 /** The length of CLIENT_CIPHER_INFO_LIST and CLIENT_CIPHER_DUMMIES. */
664 #endif
666 #ifndef V2_HANDSHAKE_CLIENT
667 #undef CLIENT_CIPHER_LIST
669 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
670 #endif
672 /** Remove a reference to <b>ctx</b>, and free it if it has no more
673 * references. */
674 static void
676 {
684 }
685 }
687 /** Increase the reference count of <b>ctx</b>. */
688 static void
690 {
692 }
694 /** Create new global client and server TLS contexts.
695 *
696 * If <b>server_identity</b> is NULL, this will not generate a server
697 * TLS context. If <b>is_public_server</b> is non-zero, this will use
698 * the same TLS context for incoming and outgoing connections, and
699 * ignore <b>client_identity</b>. */
700 int
705 {
716 server_identity,
717 key_lifetime);
727 }
728 }
732 server_identity,
733 key_lifetime);
740 }
741 }
744 client_identity,
745 key_lifetime);
746 }
749 }
751 /** Create a new global TLS context.
752 *
753 * You can call this function multiple times. Each time you call it,
754 * it generates new certificates; all new connections will use
755 * the new SSL context.
756 */
757 static int
761 {
763 key_lifetime);
769 /* Free the old context if one existed. */
771 /* This is safe even if there are open connections: we reference-
772 * count tor_tls_context_t objects. */
774 }
775 }
778 }
780 /** Create a new TLS context for use with Tor TLS handshakes.
781 * <b>identity</b> should be set to the identity key used to sign the
782 * certificate.
783 */
786 {
797 /* Generate short-term RSA key. */
802 /* Create certificate signed by identity key. */
804 key_lifetime);
805 /* Create self-signed certificate for identity key. */
807 IDENTITY_CERT_LIFETIME);
811 }
819 #ifdef EVERYONE_HAS_AES
820 /* Tell OpenSSL to only use TLS1 */
823 #else
824 /* Tell OpenSSL to use SSL3 or TLS1 but not SSL2. */
828 #endif
831 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
833 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
834 #endif
835 /* Yes, we know what we are doing here. No, we do not treat a renegotiation
836 * as authenticating any earlier-received data.
837 */
840 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
841 }
842 /* Don't actually allow compression; it uses ram and time, but the data
843 * we transmit is all encrypted anyway. */
846 #ifdef SSL_MODE_RELEASE_BUFFERS
848 #endif
859 }
870 {
875 }
877 always_accept_verify_cb);
878 /* let us realloc bufs that we're writing from */
887 error:
902 }
904 #ifdef V2_HANDSHAKE_SERVER
905 /** Return true iff the cipher list suggested by the client for <b>ssl</b> is
906 * a list that indicates that the client knows how to do the v2 TLS connection
907 * handshake. */
908 static int
910 {
913 /* If we reached this point, we just got a client hello. See if there is
914 * a cipher list. */
918 }
922 }
923 /* Now we need to see if there are any ciphers whose presence means we're
924 * dealing with an updated Tor. */
933 // return 1;
935 }
936 }
938 dump_list:
939 {
946 }
952 }
954 }
956 static void
958 {
961 }
963 /** Invoked when we're accepting a connection on <b>ssl</b>, and the connection
964 * changes state. We use this:
965 * <ul><li>To alter the state of the handshake partway through, so we
966 * do not send or request extra certificates in v2 handshakes.</li>
967 * <li>To detect renegotiation</li></ul>
968 */
969 static void
971 {
984 /* Check whether we're watching for renegotiates. If so, this is one! */
992 }
994 /* Now check the cipher list. */
996 /*XXXX_TLS keep this from happening more than once! */
998 /* Yes, we're casting away the const from ssl. This is very naughty of us.
999 * Let's hope openssl doesn't notice! */
1001 /* Set SSL_MODE_NO_AUTO_CHAIN to keep from sending back any extra certs. */
1003 /* Don't send a hello request. */
1008 #ifdef USE_BUFFEREVENTS
1011 #endif
1014 }
1015 }
1016 }
1017 #endif
1019 /** Replace *<b>ciphers</b> with a new list of SSL ciphersuites: specifically,
1020 * a list designed to mimic a common web browser. Some of the ciphers in the
1021 * list won't actually be implemented by OpenSSL: that's okay so long as the
1022 * server doesn't select them, and the server won't select anything besides
1023 * what's in SERVER_CIPHER_LIST.
1024 *
1025 * [If the server <b>does</b> select a bogus cipher, we won't crash or
1026 * anything; we'll just fail later when we try to look up the cipher in
1027 * ssl->cipher_list_by_id.]
1028 */
1029 static void
1031 {
1032 #ifdef V2_HANDSHAKE_CLIENT
1034 /* We need to set CLIENT_CIPHER_STACK to an array of the ciphers
1035 * we want.*/
1038 /* First, create a dummy SSL_CIPHER for every cipher. */
1039 CLIENT_CIPHER_DUMMIES =
1045 }
1054 }
1056 /* Then copy as many ciphers as we can from the good list, inserting
1057 * dummies as needed. */
1076 }
1077 }
1078 }
1084 #else
1086 #endif
1087 }
1089 /** Create a new TLS object from a file descriptor, and a flag to
1090 * determine whether it is functioning as a server.
1091 */
1092 tor_tls_t *
1094 {
1098 client_tls_context;
1106 }
1108 #ifdef SSL_set_tlsext_host_name
1109 /* Browsers use the TLS hostname extension, so we should too. */
1114 }
1115 #endif
1120 #ifdef SSL_set_tlsext_host_name
1122 #endif
1126 }
1133 #ifdef SSL_set_tlsext_host_name
1135 #endif
1139 }
1140 {
1146 }
1147 }
1159 }
1160 #ifdef V2_HANDSHAKE_SERVER
1164 #endif
1165 {
1167 }
1169 /* Not expected to get called. */
1172 }
1174 /** Make future log messages about <b>tls</b> display the address
1175 * <b>address</b>.
1176 */
1177 void
1179 {
1183 }
1185 /** Set <b>cb</b> to be called with argument <b>arg</b> whenever <b>tls</b>
1186 * next gets a client-side renegotiate in the middle of a read. Do not
1187 * invoke this function until <em>after</em> initial handshaking is done!
1188 */
1189 void
1193 {
1197 #ifdef V2_HANDSHAKE_SERVER
1202 }
1203 #endif
1204 }
1206 /** If this version of openssl requires it, turn on renegotiation on
1207 * <b>tls</b>.
1208 */
1209 void
1211 {
1212 /* Yes, we know what we are doing here. No, we do not treat a renegotiation
1213 * as authenticating any earlier-received data. */
1216 }
1219 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
1220 }
1221 }
1223 /** If this version of openssl supports it, turn off renegotiation on
1224 * <b>tls</b>. (Our protocol never requires this for security, but it's nice
1225 * to use belt-and-suspenders here.)
1226 */
1227 void
1229 {
1231 }
1233 void
1235 {
1238 SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
1239 }
1243 }
1244 }
1246 /** Return whether this tls initiated the connect (client) or
1247 * received it (server). */
1248 int
1250 {
1253 }
1255 /** Release resources associated with a TLS object. Does not close the
1256 * underlying file descriptor.
1257 */
1258 void
1260 {
1264 #ifdef SSL_set_tlsext_host_name
1266 #endif
1275 }
1277 /** Underlying function for TLS reading. Reads up to <b>len</b>
1278 * characters from <b>tls</b> into <b>cp</b>. On success, returns the
1279 * number of characters read. On failure, returns TOR_TLS_ERROR,
1280 * TOR_TLS_CLOSE, TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
1281 */
1282 int
1284 {
1292 #ifdef V2_HANDSHAKE_SERVER
1294 /* Renegotiation happened! */
1299 }
1300 #endif
1302 }
1312 }
1313 }
1315 /** Underlying function for TLS writing. Write up to <b>n</b>
1316 * characters from <b>cp</b> onto <b>tls</b>. On success, returns the
1317 * number of characters written. On failure, returns TOR_TLS_ERROR,
1318 * TOR_TLS_WANTREAD, or TOR_TLS_WANTWRITE.
1319 */
1320 int
1322 {
1331 /* if WANTWRITE last time, we must use the _same_ n as before */
1337 }
1342 }
1345 }
1347 }
1349 /** Perform initial handshake on <b>tls</b>. When finished, returns
1350 * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
1351 * or TOR_TLS_WANTWRITE.
1352 */
1353 int
1355 {
1371 }
1375 /* We need to call this here and not earlier, since OpenSSL has a penchant
1376 * for clearing its flags when you say accept or connect. */
1383 }
1387 }
1389 }
1391 /** Perform the final part of the intial TLS handshake on <b>tls</b>. This
1392 * should be called for the first handshake only: it determines whether the v1
1393 * or the v2 handshake was used, and adjusts things for the renegotiation
1394 * handshake as appropriate.
1395 *
1396 * tor_tls_handshake() calls this on its own; you only need to call this if
1397 * bufferevent is doing the handshake for you.
1398 */
1399 int
1401 {
1406 /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
1408 #ifdef V2_HANDSHAKE_SERVER
1410 /* This check is redundant, but back when we did it in the callback,
1411 * we might have not been able to look up the tor_tls_t if the code
1412 * was buggy. Fixing that. */
1416 }
1422 }
1423 #endif
1425 #ifdef V2_HANDSHAKE_CLIENT
1426 /* If we got no ID cert, we're a v2 handshake. */
1436 "Server sent back a single certificate; looks like "
1439 }
1442 #endif
1446 }
1447 }
1449 }
1451 #ifdef USE_BUFFEREVENTS
1452 /** Put <b>tls</b>, which must be a client connection, into renegotiation
1453 * mode. */
1454 int
1456 {
1460 LD_HANDSHAKE);
1461 }
1463 }
1464 #endif
1466 /** Client only: Renegotiate a TLS session. When finished, returns
1467 * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD, or
1468 * TOR_TLS_WANTWRITE.
1469 */
1470 int
1472 {
1475 /* We could do server-initiated renegotiation too, but that would be tricky.
1476 * Instead of "SSL_renegotiate, then SSL_do_handshake until done" */
1482 LD_HANDSHAKE);
1483 }
1485 }
1492 LD_HANDSHAKE);
1493 }
1495 /** Shut down an open tls connection <b>tls</b>. When finished, returns
1496 * TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
1497 * or TOR_TLS_WANTWRITE.
1498 */
1499 int
1501 {
1509 /* If we've already called shutdown once to send a close message,
1510 * we read until the other side has closed too.
1511 */
1519 /* fall through... */
1522 }
1523 }
1527 /* If shutdown returns 1, the connection is entirely closed. */
1530 }
1534 /* The underlying TCP connection closed while we were shutting down. */
1538 /* The TLS connection says that it sent a shutdown record, but
1539 * isn't done shutting down yet. Make sure that this hasn't
1540 * happened before, then go back to the start of the function
1541 * and try to read.
1542 */
1548 }
1550 /* fall through ... */
1553 }
1555 }
1557 /** Return true iff this TLS connection is authenticated.
1558 */
1559 int
1561 {
1569 }
1571 /** Warn that a certificate lifetime extends through a certain range. */
1572 static void
1574 {
1585 problem);
1589 }
1593 }
1601 }
1611 end:
1612 /* Not expected to get invoked */
1618 }
1620 /** Helper function: try to extract a link certificate and an identity
1621 * certificate from <b>tls</b>, and store them in *<b>cert_out</b> and
1622 * *<b>id_cert_out</b> respectively. Log all messages at level
1623 * <b>severity</b>.
1624 *
1625 * Note that a reference is added to cert_out, so it needs to be
1626 * freed. id_cert_out doesn't. */
1627 static void
1630 {
1642 /* 1 means we're receiving (server-side), and it's just the id_cert.
1643 * 2 means we're connecting (client-side), and it's both the link
1644 * cert and the id_cert.
1645 */
1649 num_in_chain);
1651 }
1656 }
1658 }
1660 /** If the provided tls connection is authenticated and has a
1661 * certificate chain that is currently valid and signed, then set
1662 * *<b>identity_key</b> to the identity certificate's key and return
1663 * 0. Else, return -1 and log complaints with log-level <b>severity</b>.
1664 */
1665 int
1667 {
1681 }
1689 }
1698 done:
1704 /* This should never get invoked, but let's make sure in case OpenSSL
1705 * acts unexpectedly. */
1709 }
1711 /** Check whether the certificate set on the connection <b>tls</b> is
1712 * expired or not-yet-valid, give or take <b>tolerance</b>
1713 * seconds. Return 0 for valid, -1 for failure.
1714 *
1715 * NOTE: you should call tor_tls_verify before tor_tls_check_lifetime.
1716 */
1717 int
1719 {
1733 }
1738 }
1741 done:
1744 /* Not expected to get invoked */
1748 }
1750 /** Return the number of bytes available for reading from <b>tls</b>.
1751 */
1752 int
1754 {
1757 }
1759 /** If <b>tls</b> requires that the next write be of a particular size,
1760 * return that size. Otherwise, return 0. */
1761 size_t
1763 {
1765 }
1767 /** Sets n_read and n_written to the number of bytes read and written,
1768 * respectively, on the raw socket used by <b>tls</b> since the last time this
1769 * function was called on <b>tls</b>. */
1770 void
1772 {
1776 /* We want the number of bytes actually for real written. Unfortunately,
1777 * sometimes OpenSSL replaces the wbio on tls->ssl with a buffering bio,
1778 * which makes the answer turn out wrong. Let's cope with that. Note
1779 * that this approach will fail if we ever replace tls->ssl's BIOs with
1780 * buffering bios for reasons of our own. As an alternative, we could
1781 * save the original BIO for tls->ssl in the tor_tls_t structure, but
1782 * that would be tempting fate. */
1788 /* We are ok with letting these unsigned ints go "negative" here:
1789 * If we wrapped around, this should still give us the right answer, unless
1790 * we wrapped around by more than ULONG_MAX since the last time we called
1791 * this function.
1792 */
1799 }
1802 }
1804 /** Implement check_no_tls_errors: If there are any pending OpenSSL
1805 * errors, log an error message. */
1806 void
1808 {
1814 }
1816 /** Return true iff the initial TLS connection at <b>tls</b> did not use a v2
1817 * TLS handshake. Output is undefined if the handshake isn't finished. */
1818 int
1820 {
1822 #ifdef V2_HANDSHAKE_SERVER
1824 #endif
1826 #ifdef V2_HANDSHAKE_CLIENT
1828 #endif
1829 }
1831 }
1833 /** Return the number of server handshakes that we've noticed doing on
1834 * <b>tls</b>. */
1835 int
1837 {
1839 }
1841 /** Return true iff the server TLS connection <b>tls</b> got the renegotiation
1842 * request it was waiting for. */
1843 int
1845 {
1847 }
1849 /** Examine the amount of memory used and available for buffers in <b>tls</b>.
1850 * Set *<b>rbuf_capacity</b> to the amount of storage allocated for the read
1851 * buffer and *<b>rbuf_bytes</b> to the amount actually used.
1852 * Set *<b>wbuf_capacity</b> to the amount of storage allocated for the write
1853 * buffer and *<b>wbuf_bytes</b> to the amount actually used. */
1854 void
1858 {
1861 else
1865 else
1869 }
1871 #ifdef USE_BUFFEREVENTS
1872 /** Construct and return an TLS-encrypting bufferevent to send data over
1873 * <b>socket</b>, which must match the socket of the underlying bufferevent
1874 * <b>bufev_in</b>. The TLS object <b>tls</b> is used for encryption.
1875 *
1876 * This function will either create a filtering bufferevent that wraps around
1877 * <b>bufev_in</b>, or it will free bufev_in and return a new bufferevent that
1878 * uses the <b>tls</b> to talk to the network directly. Do not use
1879 * <b>bufev_in</b> after calling this function.
1880 *
1881 * The connection will start out doing a server handshake if <b>receiving</b>
1882 * is strue, and a client handshake otherwise.
1883 *
1884 * Returns NULL on failure.
1885 */
1890 {
1896 /* Grab an extra reference to the SSL, since BEV_OPT_CLOSE_ON_FREE
1897 means that the SSL will get freed too.
1899 This increment makes our SSL usage not-threadsafe, BTW. We should
1900 see if we're allowed to use CRYPTO_add from outside openssl. */
1903 bufev_in,
1905 state,
1906 BEV_OPT_DEFER_CALLBACKS|
1907 BEV_OPT_CLOSE_ON_FREE);
1917 }
1919 /* Current versions (as of 2.0.x) of Libevent need to defer
1920 * bufferevent_openssl callbacks, or else our callback functions will
1921 * get called reentrantly, which is bad for us.
1922 */
1924 socket,
1926 state,
1927 BEV_OPT_DEFER_CALLBACKS);
1928 }
1931 /* Unblock _after_ creating the bufferevent, since accept/connect tend to
1932 * clear flags. */
1936 }
1937 #endif