aboutsummaryrefslogtreecommitdiff
path: root/src/common/tortls.c
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2003-12-17 21:14:13 +0000
committerRoger Dingledine <arma@torproject.org>2003-12-17 21:14:13 +0000
commiteb730c41c8a799bc61dfd7d106443fe467921caa (patch)
tree20154333f62aadb2d851d42baae6dc30a57067bf /src/common/tortls.c
parent6a19e64066fc0fb362db9b16e386008807d0984c (diff)
downloadtor-eb730c41c8a799bc61dfd7d106443fe467921caa.tar.gz
tor-eb730c41c8a799bc61dfd7d106443fe467921caa.zip
clean tabs, trailing whitespace
svn:r952
Diffstat (limited to 'src/common/tortls.c')
-rw-r--r--src/common/tortls.c84
1 files changed, 42 insertions, 42 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index aab22b88ec..89009ea13e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -34,16 +34,16 @@ struct tor_tls_context_st {
struct tor_tls_st {
SSL *ssl;
int socket;
- enum {
- TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
+ enum {
+ TOR_TLS_ST_HANDSHAKE, TOR_TLS_ST_OPEN, TOR_TLS_ST_GOTCLOSE,
TOR_TLS_ST_SENTCLOSE, TOR_TLS_ST_CLOSED
} state;
int isServer;
int wantwrite_n; /* 0 normally, >0 if we returned wantwrite last time */
};
-static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
- const char *nickname);
+static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
+ const char *nickname);
/* global tls context, keep it here because nobody else needs to touch it */
static tor_tls_context *global_tls_context = NULL;
@@ -80,7 +80,7 @@ tls_log_errors(int severity, const char *doing)
static int
tor_tls_get_error(tor_tls *tls, int r, int extra,
- const char *doing, int severity)
+ const char *doing, int severity)
{
int err = SSL_get_error(tls->ssl, r);
switch (err) {
@@ -92,13 +92,13 @@ tor_tls_get_error(tor_tls *tls, int r, int extra,
return TOR_TLS_WANTWRITE;
case SSL_ERROR_SYSCALL:
if (extra&CATCH_SYSCALL)
- return _TOR_TLS_SYSCALL;
+ return _TOR_TLS_SYSCALL;
log(severity, "TLS error: <syscall error> (errno=%d)",errno);
tls_log_errors(severity, doing);
return TOR_TLS_ERROR;
case SSL_ERROR_ZERO_RETURN:
if (extra&CATCH_ZERO)
- return _TOR_TLS_ZERORETURN;
+ return _TOR_TLS_ZERORETURN;
log(severity, "TLS error: Zero return");
tls_log_errors(severity, doing);
return TOR_TLS_ERROR;
@@ -119,7 +119,7 @@ tor_tls_init() {
}
}
-static int always_accept_verify_cb(int preverify_ok,
+static int always_accept_verify_cb(int preverify_ok,
X509_STORE_CTX *x509_ctx)
{
/* We always accept peer certs and complete the handshake. We don't validate
@@ -132,7 +132,7 @@ static int always_accept_verify_cb(int preverify_ok,
* by 'certfile'. Return 0 on success, -1 for failure.
*/
X509 *
-tor_tls_create_certificate(crypto_pk_env_t *rsa,
+tor_tls_create_certificate(crypto_pk_env_t *rsa,
const char *nickname)
{
time_t start_time, end_time;
@@ -140,7 +140,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
X509 *x509 = NULL;
X509_NAME *name = NULL;
int nid;
-
+
tor_tls_init();
start_time = time(NULL);
@@ -154,7 +154,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
goto error;
if (!(ASN1_INTEGER_set(X509_get_serialNumber(x509), (long)start_time)))
goto error;
-
+
if (!(name = X509_NAME_new()))
goto error;
if ((nid = OBJ_txt2nid("organizationName")) == NID_undef) goto error;
@@ -163,7 +163,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC,
(char*)nickname, -1, -1, 0))) goto error;
-
+
if (!(X509_set_issuer_name(x509, name)))
goto error;
if (!(X509_set_subject_name(x509, name)))
@@ -181,7 +181,7 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
goto done;
error:
if (x509) {
- X509_free(x509);
+ X509_free(x509);
x509 = NULL;
}
done:
@@ -198,11 +198,11 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
* is needed. */
#define CIPHER_LIST TLS1_TXT_DHE_RSA_WITH_AES_128_SHA
#elif defined(TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)
-/* Some people are running OpenSSL before 0.9.7, but we aren't.
+/* Some people are running OpenSSL before 0.9.7, but we aren't.
* We can support AES and 3DES.
*/
#define CIPHER_LIST (TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" \
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
+ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA)
#else
/* We're running OpenSSL before 0.9.7. We only support 3DES. */
#define CIPHER_LIST SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
@@ -221,7 +221,7 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
EVP_PKEY *pkey = NULL;
tor_tls_context *result;
X509 *cert = NULL;
-
+
tor_tls_init();
if (rsa) {
@@ -264,10 +264,10 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
dh = crypto_dh_new();
SSL_CTX_set_tmp_dh(result->ctx, dh->dh);
crypto_dh_free(dh);
- SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
+ SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
/* let us realloc bufs that we're writing from */
- SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+ SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
/* Free the old context if one exists. */
if (global_tls_context) {
@@ -292,7 +292,7 @@ tor_tls_context_new(crypto_pk_env_t *rsa,
return -1;
}
-/* Create a new TLS object from a TLS context, a filedescriptor, and
+/* Create a new TLS object from a TLS context, a filedescriptor, and
* a flag to determine whether it is functioning as a server.
*/
tor_tls *
@@ -346,7 +346,7 @@ tor_tls_read(tor_tls *tls, char *cp, int len)
/* Underlying function for TLS writing. Write up to 'n' characters
* from 'cp' onto 'tls'. On success, returns the number of characters
- * written. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
+ * written. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
* or TOR_TLS_WANTWRITE.
*/
int
@@ -394,11 +394,11 @@ tor_tls_handshake(tor_tls *tls)
}
r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO);
if (r == TOR_TLS_DONE) {
- tls->state = TOR_TLS_ST_OPEN;
+ tls->state = TOR_TLS_ST_OPEN;
}
return r;
}
-
+
/* Shut down an open tls connection 'tls'. When finished, returns
* TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
* or TOR_TLS_WANTWRITE.
@@ -416,15 +416,15 @@ tor_tls_shutdown(tor_tls *tls)
* we read until the other side has closed too.
*/
do {
- r = SSL_read(tls->ssl, buf, 128);
+ r = SSL_read(tls->ssl, buf, 128);
} while (r>0);
- err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading to shut down",
- LOG_INFO);
+ err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading to shut down",
+ LOG_INFO);
if (err == _TOR_TLS_ZERORETURN) {
- tls->state = TOR_TLS_ST_GOTCLOSE;
- /* fall through... */
+ tls->state = TOR_TLS_ST_GOTCLOSE;
+ /* fall through... */
} else {
- return err;
+ return err;
}
}
@@ -434,11 +434,11 @@ tor_tls_shutdown(tor_tls *tls)
tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_DONE;
}
- err = tor_tls_get_error(tls, r, CATCH_SYSCALL|CATCH_ZERO, "shutting down",
- LOG_INFO);
+ err = tor_tls_get_error(tls, r, CATCH_SYSCALL|CATCH_ZERO, "shutting down",
+ LOG_INFO);
if (err == _TOR_TLS_SYSCALL) {
/* The underlying TCP connection closed while we were shutting down. */
- tls->state = TOR_TLS_ST_CLOSED;
+ tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_DONE;
} else if (err == _TOR_TLS_ZERORETURN) {
/* The TLS connection says that it sent a shutdown record, but
@@ -446,11 +446,11 @@ tor_tls_shutdown(tor_tls *tls)
* happened before, then go back to the start of the function
* and try to read.
*/
- if (tls->state == TOR_TLS_ST_GOTCLOSE ||
- tls->state == TOR_TLS_ST_SENTCLOSE) {
- log(LOG_WARN,
- "TLS returned \"half-closed\" value while already half-closed");
- return TOR_TLS_ERROR;
+ if (tls->state == TOR_TLS_ST_GOTCLOSE ||
+ tls->state == TOR_TLS_ST_SENTCLOSE) {
+ log(LOG_WARN,
+ "TLS returned \"half-closed\" value while already half-closed");
+ return TOR_TLS_ERROR;
}
tls->state = TOR_TLS_ST_SENTCLOSE;
/* fall through ... */
@@ -479,7 +479,7 @@ tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen)
X509_NAME *name = NULL;
int nid;
int lenout;
-
+
if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
log_fn(LOG_WARN, "Peer has no certificate");
goto error;
@@ -490,7 +490,7 @@ tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen)
}
if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
goto error;
-
+
lenout = X509_NAME_get_text_by_NID(name, nid, buf, buflen);
if (lenout == -1)
goto error;
@@ -521,7 +521,7 @@ tor_tls_verify(tor_tls *tls)
crypto_pk_env_t *r = NULL;
if (!(cert = SSL_get_peer_certificate(tls->ssl)))
return NULL;
-
+
now = time(NULL);
t = now + CERT_ALLOW_SKEW;
if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
@@ -533,7 +533,7 @@ tor_tls_verify(tor_tls *tls)
log_fn(LOG_WARN,"Certificate already expired; possible clock skew.");
goto done;
}
-
+
/* Get the public key. */
if (!(pkey = X509_get_pubkey(cert))) {
log_fn(LOG_WARN,"X509_get_pubkey returned null");
@@ -554,7 +554,7 @@ tor_tls_verify(tor_tls *tls)
r = _crypto_new_pk_env_rsa(rsa);
rsa = NULL;
-
+
done:
if (cert)
X509_free(cert);
@@ -565,7 +565,7 @@ tor_tls_verify(tor_tls *tls)
return r;
}
-int
+int
tor_tls_get_pending_bytes(tor_tls *tls)
{
assert(tls);