mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Mechanical rename: tor_cert_t -> tor_x509_cert_t
This commit is contained in:
parent
4a17c541b7
commit
f253aef14f
@ -122,7 +122,7 @@ static int use_unsafe_renegotiation_op = 0;
|
|||||||
static int use_unsafe_renegotiation_flag = 0;
|
static int use_unsafe_renegotiation_flag = 0;
|
||||||
|
|
||||||
/** Structure that we use for a single certificate. */
|
/** Structure that we use for a single certificate. */
|
||||||
struct tor_cert_t {
|
struct tor_x509_cert_t {
|
||||||
X509 *cert;
|
X509 *cert;
|
||||||
uint8_t *encoded;
|
uint8_t *encoded;
|
||||||
size_t encoded_len;
|
size_t encoded_len;
|
||||||
@ -137,9 +137,9 @@ struct tor_cert_t {
|
|||||||
typedef struct tor_tls_context_t {
|
typedef struct tor_tls_context_t {
|
||||||
int refcnt;
|
int refcnt;
|
||||||
SSL_CTX *ctx;
|
SSL_CTX *ctx;
|
||||||
tor_cert_t *my_link_cert;
|
tor_x509_cert_t *my_link_cert;
|
||||||
tor_cert_t *my_id_cert;
|
tor_x509_cert_t *my_id_cert;
|
||||||
tor_cert_t *my_auth_cert;
|
tor_x509_cert_t *my_auth_cert;
|
||||||
crypto_pk_t *link_key;
|
crypto_pk_t *link_key;
|
||||||
crypto_pk_t *auth_key;
|
crypto_pk_t *auth_key;
|
||||||
} tor_tls_context_t;
|
} tor_tls_context_t;
|
||||||
@ -821,7 +821,7 @@ static const int N_CLIENT_CIPHERS = ARRAY_LENGTH(CLIENT_CIPHER_INFO_LIST);
|
|||||||
|
|
||||||
/** Free all storage held in <b>cert</b> */
|
/** Free all storage held in <b>cert</b> */
|
||||||
void
|
void
|
||||||
tor_cert_free(tor_cert_t *cert)
|
tor_x509_cert_free(tor_x509_cert_t *cert)
|
||||||
{
|
{
|
||||||
if (! cert)
|
if (! cert)
|
||||||
return;
|
return;
|
||||||
@ -833,14 +833,14 @@ tor_cert_free(tor_cert_t *cert)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allocate a new tor_cert_t to hold the certificate "x509_cert".
|
* Allocate a new tor_x509_cert_t to hold the certificate "x509_cert".
|
||||||
*
|
*
|
||||||
* Steals a reference to x509_cert.
|
* Steals a reference to x509_cert.
|
||||||
*/
|
*/
|
||||||
static tor_cert_t *
|
static tor_x509_cert_t *
|
||||||
tor_cert_new(X509 *x509_cert)
|
tor_x509_cert_new(X509 *x509_cert)
|
||||||
{
|
{
|
||||||
tor_cert_t *cert;
|
tor_x509_cert_t *cert;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
int length;
|
int length;
|
||||||
@ -850,7 +850,7 @@ tor_cert_new(X509 *x509_cert)
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
length = i2d_X509(x509_cert, &buf);
|
length = i2d_X509(x509_cert, &buf);
|
||||||
cert = tor_malloc_zero(sizeof(tor_cert_t));
|
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
|
||||||
if (length <= 0 || buf == NULL) {
|
if (length <= 0 || buf == NULL) {
|
||||||
tor_free(cert);
|
tor_free(cert);
|
||||||
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
|
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
|
||||||
@ -880,14 +880,14 @@ tor_cert_new(X509 *x509_cert)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
|
/** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>,
|
||||||
* from a <b>certificate</b>. Return a newly allocated tor_cert_t on success
|
* from a <b>certificate</b>. Return a newly allocated tor_x509_cert_t on success
|
||||||
* and NULL on failure. */
|
* and NULL on failure. */
|
||||||
tor_cert_t *
|
tor_x509_cert_t *
|
||||||
tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
|
tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len)
|
||||||
{
|
{
|
||||||
X509 *x509;
|
X509 *x509;
|
||||||
const unsigned char *cp = (const unsigned char *)certificate;
|
const unsigned char *cp = (const unsigned char *)certificate;
|
||||||
tor_cert_t *newcert;
|
tor_x509_cert_t *newcert;
|
||||||
tor_assert(certificate);
|
tor_assert(certificate);
|
||||||
check_no_tls_errors();
|
check_no_tls_errors();
|
||||||
|
|
||||||
@ -902,14 +902,14 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
|
|||||||
X509_free(x509);
|
X509_free(x509);
|
||||||
goto err; /* Didn't use all the bytes */
|
goto err; /* Didn't use all the bytes */
|
||||||
}
|
}
|
||||||
newcert = tor_cert_new(x509);
|
newcert = tor_x509_cert_new(x509);
|
||||||
if (!newcert) {
|
if (!newcert) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (newcert->encoded_len != certificate_len ||
|
if (newcert->encoded_len != certificate_len ||
|
||||||
fast_memneq(newcert->encoded, certificate, certificate_len)) {
|
fast_memneq(newcert->encoded, certificate, certificate_len)) {
|
||||||
/* Cert wasn't in DER */
|
/* Cert wasn't in DER */
|
||||||
tor_cert_free(newcert);
|
tor_x509_cert_free(newcert);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
return newcert;
|
return newcert;
|
||||||
@ -921,7 +921,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
|
|||||||
/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
|
/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
|
||||||
* representation and length, respectively. */
|
* representation and length, respectively. */
|
||||||
void
|
void
|
||||||
tor_cert_get_der(const tor_cert_t *cert,
|
tor_x509_cert_get_der(const tor_x509_cert_t *cert,
|
||||||
const uint8_t **encoded_out, size_t *size_out)
|
const uint8_t **encoded_out, size_t *size_out)
|
||||||
{
|
{
|
||||||
tor_assert(cert);
|
tor_assert(cert);
|
||||||
@ -934,7 +934,7 @@ tor_cert_get_der(const tor_cert_t *cert,
|
|||||||
/** Return a set of digests for the public key in <b>cert</b>, or NULL if this
|
/** Return a set of digests for the public key in <b>cert</b>, or NULL if this
|
||||||
* cert's public key is not one we know how to take the digest of. */
|
* cert's public key is not one we know how to take the digest of. */
|
||||||
const digests_t *
|
const digests_t *
|
||||||
tor_cert_get_id_digests(const tor_cert_t *cert)
|
tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
|
||||||
{
|
{
|
||||||
if (cert->pkey_digests_set)
|
if (cert->pkey_digests_set)
|
||||||
return &cert->pkey_digests;
|
return &cert->pkey_digests;
|
||||||
@ -944,7 +944,7 @@ tor_cert_get_id_digests(const tor_cert_t *cert)
|
|||||||
|
|
||||||
/** Return a set of digests for the public key in <b>cert</b>. */
|
/** Return a set of digests for the public key in <b>cert</b>. */
|
||||||
const digests_t *
|
const digests_t *
|
||||||
tor_cert_get_cert_digests(const tor_cert_t *cert)
|
tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
|
||||||
{
|
{
|
||||||
return &cert->cert_digests;
|
return &cert->cert_digests;
|
||||||
}
|
}
|
||||||
@ -957,9 +957,9 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
|
|||||||
tor_assert(ctx);
|
tor_assert(ctx);
|
||||||
if (--ctx->refcnt == 0) {
|
if (--ctx->refcnt == 0) {
|
||||||
SSL_CTX_free(ctx->ctx);
|
SSL_CTX_free(ctx->ctx);
|
||||||
tor_cert_free(ctx->my_link_cert);
|
tor_x509_cert_free(ctx->my_link_cert);
|
||||||
tor_cert_free(ctx->my_id_cert);
|
tor_x509_cert_free(ctx->my_id_cert);
|
||||||
tor_cert_free(ctx->my_auth_cert);
|
tor_x509_cert_free(ctx->my_auth_cert);
|
||||||
crypto_pk_free(ctx->link_key);
|
crypto_pk_free(ctx->link_key);
|
||||||
crypto_pk_free(ctx->auth_key);
|
crypto_pk_free(ctx->auth_key);
|
||||||
tor_free(ctx);
|
tor_free(ctx);
|
||||||
@ -973,8 +973,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
|
|||||||
* client mode. */
|
* client mode. */
|
||||||
int
|
int
|
||||||
tor_tls_get_my_certs(int server,
|
tor_tls_get_my_certs(int server,
|
||||||
const tor_cert_t **link_cert_out,
|
const tor_x509_cert_t **link_cert_out,
|
||||||
const tor_cert_t **id_cert_out)
|
const tor_x509_cert_t **id_cert_out)
|
||||||
{
|
{
|
||||||
tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
|
tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
|
||||||
if (! ctx)
|
if (! ctx)
|
||||||
@ -1003,7 +1003,7 @@ tor_tls_get_my_client_auth_key(void)
|
|||||||
* certifies. Return NULL if the cert's key is not RSA.
|
* certifies. Return NULL if the cert's key is not RSA.
|
||||||
*/
|
*/
|
||||||
crypto_pk_t *
|
crypto_pk_t *
|
||||||
tor_tls_cert_get_key(tor_cert_t *cert)
|
tor_tls_cert_get_key(tor_x509_cert_t *cert)
|
||||||
{
|
{
|
||||||
crypto_pk_t *result = NULL;
|
crypto_pk_t *result = NULL;
|
||||||
EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
|
EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
|
||||||
@ -1024,7 +1024,7 @@ tor_tls_cert_get_key(tor_cert_t *cert)
|
|||||||
* the key certified in <b>cert</b> is the same as the key they used to do it.
|
* the key certified in <b>cert</b> is the same as the key they used to do it.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
|
tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
|
||||||
{
|
{
|
||||||
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
|
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
|
||||||
EVP_PKEY *link_key = NULL, *cert_key = NULL;
|
EVP_PKEY *link_key = NULL, *cert_key = NULL;
|
||||||
@ -1053,8 +1053,8 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert)
|
|||||||
* we couldn't check it. */
|
* we couldn't check it. */
|
||||||
int
|
int
|
||||||
tor_tls_cert_is_valid(int severity,
|
tor_tls_cert_is_valid(int severity,
|
||||||
const tor_cert_t *cert,
|
const tor_x509_cert_t *cert,
|
||||||
const tor_cert_t *signing_cert,
|
const tor_x509_cert_t *signing_cert,
|
||||||
int check_rsa_1024)
|
int check_rsa_1024)
|
||||||
{
|
{
|
||||||
check_no_tls_errors();
|
check_no_tls_errors();
|
||||||
@ -1265,9 +1265,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
|||||||
result = tor_malloc_zero(sizeof(tor_tls_context_t));
|
result = tor_malloc_zero(sizeof(tor_tls_context_t));
|
||||||
result->refcnt = 1;
|
result->refcnt = 1;
|
||||||
if (!is_client) {
|
if (!is_client) {
|
||||||
result->my_link_cert = tor_cert_new(X509_dup(cert));
|
result->my_link_cert = tor_x509_cert_new(X509_dup(cert));
|
||||||
result->my_id_cert = tor_cert_new(X509_dup(idcert));
|
result->my_id_cert = tor_x509_cert_new(X509_dup(idcert));
|
||||||
result->my_auth_cert = tor_cert_new(X509_dup(authcert));
|
result->my_auth_cert = tor_x509_cert_new(X509_dup(authcert));
|
||||||
if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
|
if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
|
||||||
goto error;
|
goto error;
|
||||||
result->link_key = crypto_pk_dup_key(rsa);
|
result->link_key = crypto_pk_dup_key(rsa);
|
||||||
@ -2394,7 +2394,7 @@ tor_tls_peer_has_cert(tor_tls_t *tls)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Return the peer certificate, or NULL if there isn't one. */
|
/** Return the peer certificate, or NULL if there isn't one. */
|
||||||
tor_cert_t *
|
tor_x509_cert_t *
|
||||||
tor_tls_get_peer_cert(tor_tls_t *tls)
|
tor_tls_get_peer_cert(tor_tls_t *tls)
|
||||||
{
|
{
|
||||||
X509 *cert;
|
X509 *cert;
|
||||||
@ -2402,7 +2402,7 @@ tor_tls_get_peer_cert(tor_tls_t *tls)
|
|||||||
tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
|
tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate");
|
||||||
if (!cert)
|
if (!cert)
|
||||||
return NULL;
|
return NULL;
|
||||||
return tor_cert_new(cert);
|
return tor_x509_cert_new(cert);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Warn that a certificate lifetime extends through a certain range. */
|
/** Warn that a certificate lifetime extends through a certain range. */
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
typedef struct tor_tls_t tor_tls_t;
|
typedef struct tor_tls_t tor_tls_t;
|
||||||
|
|
||||||
/* Opaque structure to hold an X509 certificate. */
|
/* Opaque structure to hold an X509 certificate. */
|
||||||
typedef struct tor_cert_t tor_cert_t;
|
typedef struct tor_x509_cert_t tor_x509_cert_t;
|
||||||
|
|
||||||
/* Possible return values for most tor_tls_* functions. */
|
/* Possible return values for most tor_tls_* functions. */
|
||||||
#define MIN_TOR_TLS_ERROR_VAL_ -9
|
#define MIN_TOR_TLS_ERROR_VAL_ -9
|
||||||
@ -72,7 +72,7 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls,
|
|||||||
int tor_tls_is_server(tor_tls_t *tls);
|
int tor_tls_is_server(tor_tls_t *tls);
|
||||||
void tor_tls_free(tor_tls_t *tls);
|
void tor_tls_free(tor_tls_t *tls);
|
||||||
int tor_tls_peer_has_cert(tor_tls_t *tls);
|
int tor_tls_peer_has_cert(tor_tls_t *tls);
|
||||||
tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
|
tor_x509_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
|
||||||
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
|
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
|
||||||
int tor_tls_check_lifetime(int severity,
|
int tor_tls_check_lifetime(int severity,
|
||||||
tor_tls_t *tls, int past_tolerance,
|
tor_tls_t *tls, int past_tolerance,
|
||||||
@ -120,22 +120,22 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls,
|
|||||||
int filter);
|
int filter);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void tor_cert_free(tor_cert_t *cert);
|
void tor_x509_cert_free(tor_x509_cert_t *cert);
|
||||||
tor_cert_t *tor_cert_decode(const uint8_t *certificate,
|
tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate,
|
||||||
size_t certificate_len);
|
size_t certificate_len);
|
||||||
void tor_cert_get_der(const tor_cert_t *cert,
|
void tor_x509_cert_get_der(const tor_x509_cert_t *cert,
|
||||||
const uint8_t **encoded_out, size_t *size_out);
|
const uint8_t **encoded_out, size_t *size_out);
|
||||||
const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert);
|
const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert);
|
||||||
const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
|
const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert);
|
||||||
int tor_tls_get_my_certs(int server,
|
int tor_tls_get_my_certs(int server,
|
||||||
const tor_cert_t **link_cert_out,
|
const tor_x509_cert_t **link_cert_out,
|
||||||
const tor_cert_t **id_cert_out);
|
const tor_x509_cert_t **id_cert_out);
|
||||||
crypto_pk_t *tor_tls_get_my_client_auth_key(void);
|
crypto_pk_t *tor_tls_get_my_client_auth_key(void);
|
||||||
crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
|
crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
|
||||||
int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
|
int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert);
|
||||||
int tor_tls_cert_is_valid(int severity,
|
int tor_tls_cert_is_valid(int severity,
|
||||||
const tor_cert_t *cert,
|
const tor_x509_cert_t *cert,
|
||||||
const tor_cert_t *signing_cert,
|
const tor_x509_cert_t *signing_cert,
|
||||||
int check_rsa_1024);
|
int check_rsa_1024);
|
||||||
const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
|
const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
|
||||||
|
|
||||||
|
@ -1747,9 +1747,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
|
|||||||
static void
|
static void
|
||||||
channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
||||||
{
|
{
|
||||||
tor_cert_t *link_cert = NULL;
|
tor_x509_cert_t *link_cert = NULL;
|
||||||
tor_cert_t *id_cert = NULL;
|
tor_x509_cert_t *id_cert = NULL;
|
||||||
tor_cert_t *auth_cert = NULL;
|
tor_x509_cert_t *auth_cert = NULL;
|
||||||
uint8_t *ptr;
|
uint8_t *ptr;
|
||||||
int n_certs, i;
|
int n_certs, i;
|
||||||
int send_netinfo = 0;
|
int send_netinfo = 0;
|
||||||
@ -1803,7 +1803,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
|||||||
if (cert_type == OR_CERT_TYPE_TLS_LINK ||
|
if (cert_type == OR_CERT_TYPE_TLS_LINK ||
|
||||||
cert_type == OR_CERT_TYPE_ID_1024 ||
|
cert_type == OR_CERT_TYPE_ID_1024 ||
|
||||||
cert_type == OR_CERT_TYPE_AUTH_1024) {
|
cert_type == OR_CERT_TYPE_AUTH_1024) {
|
||||||
tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
|
tor_x509_cert_t *cert = tor_x509_cert_decode(ptr + 3, cert_len);
|
||||||
if (!cert) {
|
if (!cert) {
|
||||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||||
"Received undecodable certificate in CERTS cell from %s:%d",
|
"Received undecodable certificate in CERTS cell from %s:%d",
|
||||||
@ -1812,24 +1812,24 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
|||||||
} else {
|
} else {
|
||||||
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
|
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
|
||||||
if (link_cert) {
|
if (link_cert) {
|
||||||
tor_cert_free(cert);
|
tor_x509_cert_free(cert);
|
||||||
ERR("Too many TLS_LINK certificates");
|
ERR("Too many TLS_LINK certificates");
|
||||||
}
|
}
|
||||||
link_cert = cert;
|
link_cert = cert;
|
||||||
} else if (cert_type == OR_CERT_TYPE_ID_1024) {
|
} else if (cert_type == OR_CERT_TYPE_ID_1024) {
|
||||||
if (id_cert) {
|
if (id_cert) {
|
||||||
tor_cert_free(cert);
|
tor_x509_cert_free(cert);
|
||||||
ERR("Too many ID_1024 certificates");
|
ERR("Too many ID_1024 certificates");
|
||||||
}
|
}
|
||||||
id_cert = cert;
|
id_cert = cert;
|
||||||
} else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
|
} else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
|
||||||
if (auth_cert) {
|
if (auth_cert) {
|
||||||
tor_cert_free(cert);
|
tor_x509_cert_free(cert);
|
||||||
ERR("Too many AUTH_1024 certificates");
|
ERR("Too many AUTH_1024 certificates");
|
||||||
}
|
}
|
||||||
auth_cert = cert;
|
auth_cert = cert;
|
||||||
} else {
|
} else {
|
||||||
tor_cert_free(cert);
|
tor_x509_cert_free(cert);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1864,7 +1864,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
|||||||
|
|
||||||
chan->conn->handshake_state->authenticated = 1;
|
chan->conn->handshake_state->authenticated = 1;
|
||||||
{
|
{
|
||||||
const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
|
const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
|
||||||
crypto_pk_t *identity_rcvd;
|
crypto_pk_t *identity_rcvd;
|
||||||
if (!id_digests)
|
if (!id_digests)
|
||||||
ERR("Couldn't compute digests for key in ID cert");
|
ERR("Couldn't compute digests for key in ID cert");
|
||||||
@ -1929,9 +1929,9 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
|||||||
}
|
}
|
||||||
|
|
||||||
err:
|
err:
|
||||||
tor_cert_free(id_cert);
|
tor_x509_cert_free(id_cert);
|
||||||
tor_cert_free(link_cert);
|
tor_x509_cert_free(link_cert);
|
||||||
tor_cert_free(auth_cert);
|
tor_x509_cert_free(auth_cert);
|
||||||
#undef ERR
|
#undef ERR
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2151,7 +2151,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
|
|||||||
crypto_pk_t *identity_rcvd =
|
crypto_pk_t *identity_rcvd =
|
||||||
tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
|
tor_tls_cert_get_key(chan->conn->handshake_state->id_cert);
|
||||||
const digests_t *id_digests =
|
const digests_t *id_digests =
|
||||||
tor_cert_get_id_digests(chan->conn->handshake_state->id_cert);
|
tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert);
|
||||||
|
|
||||||
/* This must exist; we checked key type when reading the cert. */
|
/* This must exist; we checked key type when reading the cert. */
|
||||||
tor_assert(id_digests);
|
tor_assert(id_digests);
|
||||||
|
@ -1878,8 +1878,8 @@ or_handshake_state_free(or_handshake_state_t *state)
|
|||||||
return;
|
return;
|
||||||
crypto_digest_free(state->digest_sent);
|
crypto_digest_free(state->digest_sent);
|
||||||
crypto_digest_free(state->digest_received);
|
crypto_digest_free(state->digest_received);
|
||||||
tor_cert_free(state->auth_cert);
|
tor_x509_cert_free(state->auth_cert);
|
||||||
tor_cert_free(state->id_cert);
|
tor_x509_cert_free(state->id_cert);
|
||||||
memwipe(state, 0xBE, sizeof(or_handshake_state_t));
|
memwipe(state, 0xBE, sizeof(or_handshake_state_t));
|
||||||
tor_free(state);
|
tor_free(state);
|
||||||
}
|
}
|
||||||
@ -2227,7 +2227,7 @@ connection_or_send_netinfo(or_connection_t *conn)
|
|||||||
int
|
int
|
||||||
connection_or_send_certs_cell(or_connection_t *conn)
|
connection_or_send_certs_cell(or_connection_t *conn)
|
||||||
{
|
{
|
||||||
const tor_cert_t *link_cert = NULL, *id_cert = NULL;
|
const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
|
||||||
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
|
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
|
||||||
size_t link_len, id_len;
|
size_t link_len, id_len;
|
||||||
var_cell_t *cell;
|
var_cell_t *cell;
|
||||||
@ -2242,8 +2242,8 @@ connection_or_send_certs_cell(or_connection_t *conn)
|
|||||||
server_mode = ! conn->handshake_state->started_here;
|
server_mode = ! conn->handshake_state->started_here;
|
||||||
if (tor_tls_get_my_certs(server_mode, &link_cert, &id_cert) < 0)
|
if (tor_tls_get_my_certs(server_mode, &link_cert, &id_cert) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
tor_cert_get_der(link_cert, &link_encoded, &link_len);
|
tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
|
||||||
tor_cert_get_der(id_cert, &id_encoded, &id_len);
|
tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
|
||||||
|
|
||||||
cell_len = 1 /* 1 byte: num certs in cell */ +
|
cell_len = 1 /* 1 byte: num certs in cell */ +
|
||||||
2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
|
2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
|
||||||
@ -2342,13 +2342,13 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
|||||||
ptr += 8;
|
ptr += 8;
|
||||||
|
|
||||||
{
|
{
|
||||||
const tor_cert_t *id_cert=NULL, *link_cert=NULL;
|
const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
|
||||||
const digests_t *my_digests, *their_digests;
|
const digests_t *my_digests, *their_digests;
|
||||||
const uint8_t *my_id, *their_id, *client_id, *server_id;
|
const uint8_t *my_id, *their_id, *client_id, *server_id;
|
||||||
if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
|
if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
|
||||||
return -1;
|
return -1;
|
||||||
my_digests = tor_cert_get_id_digests(id_cert);
|
my_digests = tor_x509_cert_get_id_digests(id_cert);
|
||||||
their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
|
their_digests = tor_x509_cert_get_id_digests(conn->handshake_state->id_cert);
|
||||||
tor_assert(my_digests);
|
tor_assert(my_digests);
|
||||||
tor_assert(their_digests);
|
tor_assert(their_digests);
|
||||||
my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
|
my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
|
||||||
@ -2387,8 +2387,8 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
|||||||
|
|
||||||
{
|
{
|
||||||
/* Digest of cert used on TLS link : 32 octets. */
|
/* Digest of cert used on TLS link : 32 octets. */
|
||||||
const tor_cert_t *cert = NULL;
|
const tor_x509_cert_t *cert = NULL;
|
||||||
tor_cert_t *freecert = NULL;
|
tor_x509_cert_t *freecert = NULL;
|
||||||
if (server) {
|
if (server) {
|
||||||
tor_tls_get_my_certs(1, &cert, NULL);
|
tor_tls_get_my_certs(1, &cert, NULL);
|
||||||
} else {
|
} else {
|
||||||
@ -2397,10 +2397,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
|||||||
}
|
}
|
||||||
if (!cert)
|
if (!cert)
|
||||||
return -1;
|
return -1;
|
||||||
memcpy(ptr, tor_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
|
memcpy(ptr, tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
|
||||||
|
|
||||||
if (freecert)
|
if (freecert)
|
||||||
tor_cert_free(freecert);
|
tor_x509_cert_free(freecert);
|
||||||
ptr += 32;
|
ptr += 32;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1411,9 +1411,9 @@ typedef struct or_handshake_state_t {
|
|||||||
* @{
|
* @{
|
||||||
*/
|
*/
|
||||||
/** The cert for the key that's supposed to sign the AUTHENTICATE cell */
|
/** The cert for the key that's supposed to sign the AUTHENTICATE cell */
|
||||||
tor_cert_t *auth_cert;
|
tor_x509_cert_t *auth_cert;
|
||||||
/** A self-signed identity certificate */
|
/** A self-signed identity certificate */
|
||||||
tor_cert_t *id_cert;
|
tor_x509_cert_t *id_cert;
|
||||||
/**@}*/
|
/**@}*/
|
||||||
} or_handshake_state_t;
|
} or_handshake_state_t;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user