diff options
author | Roger Dingledine <arma@torproject.org> | 2003-09-08 06:22:19 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2003-09-08 06:22:19 +0000 |
commit | ace475f01cf8fd6f2cd95e61c08b43d8296e2c88 (patch) | |
tree | 1bda1f9906cbafa3f7b0762b58610280e524ae04 | |
parent | 413c7a19edac25e3bbed1973008a63ca13f15b5d (diff) | |
download | tor-ace475f01cf8fd6f2cd95e61c08b43d8296e2c88.tar tor-ace475f01cf8fd6f2cd95e61c08b43d8296e2c88.tar.gz |
hide the global tls context inside tortls.c
svn:r431
-rw-r--r-- | src/common/tortls.c | 33 | ||||
-rw-r--r-- | src/common/tortls.h | 4 |
2 files changed, 22 insertions, 15 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 19a814be9..5eeadbb39 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -32,6 +32,9 @@ struct tor_tls_st { int isServer; }; +/* global tls context, keep it here because nobody else needs to touch it */ +static tor_tls_context *global_tls_context=NULL; + #define _TOR_TLS_SYSCALL -6 #define _TOR_TLS_ZERORETURN -5 @@ -82,6 +85,7 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname) assert(rsa && rsa->type == CRYPTO_PK_RSA); if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key))) + /* XXX we have a crypto_pk_dup_key(), it's a shame we can't use it here */ return -1; if (!(pkey = EVP_PKEY_new())) return -1; @@ -130,9 +134,9 @@ tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname) /* Create a new TLS context. If we are going to be using it as a * server, it must have isServer set to true, certfile set to a * filename for a certificate file, and RSA set to the private key - * used for that certificate. + * used for that certificate. Return -1 if failure, else 0. */ -tor_tls_context * +int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer) { crypto_dh_env_t *dh = NULL; @@ -145,28 +149,28 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer) result = tor_malloc(sizeof(tor_tls_context)); if (!(result->ctx = SSL_CTX_new(TLSv1_method()))) - return NULL; + return -1; /* XXXX This should use AES, but we'll need to require OpenSSL 0.9.7 first */ if (!SSL_CTX_set_cipher_list(result->ctx, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA)) /* TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)) */ - return NULL; + return -1; if (certfile && !SSL_CTX_use_certificate_file(result->ctx,certfile, SSL_FILETYPE_PEM)) - return NULL; + return -1; SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF); if (rsa) { if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key))) - return NULL; + return -1; if (!(pkey = EVP_PKEY_new())) - return NULL; + return -1; if (!EVP_PKEY_assign_RSA(pkey, _rsa)) - return NULL; + return -1; if (!SSL_CTX_use_PrivateKey(result->ctx, pkey)) - return NULL; + return -1; EVP_PKEY_free(pkey); if (certfile) { if (!SSL_CTX_check_private_key(result->ctx)) - return NULL; + return -1; } } dh = crypto_dh_new(); @@ -175,17 +179,19 @@ tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer) SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER, always_accept_verify_cb); - return result; + global_tls_context = result; + return 0; } /* Create a new TLS object from a TLS context, a filedescriptor, and * a flag to determine whether it is functioning as a server. */ tor_tls * -tor_tls_new(tor_tls_context *ctx, int sock, int isServer) +tor_tls_new(int sock, int isServer) { tor_tls *result = tor_malloc(sizeof(tor_tls)); - if (!(result->ssl = SSL_new(ctx->ctx))) + assert(global_tls_context); /* make sure somebody made it first */ + if (!(result->ssl = SSL_new(global_tls_context->ctx))) return NULL; result->socket = sock; SSL_set_fd(result->ssl, sock); @@ -322,3 +328,4 @@ tor_tls_shutdown(tor_tls *tls) return err; } } + diff --git a/src/common/tortls.h b/src/common/tortls.h index fa1b72f20..3cd9ea337 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -17,8 +17,8 @@ typedef struct tor_tls_st tor_tls; #define TOR_TLS_DONE 0 int tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname); -tor_tls_context *tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer); -tor_tls *tor_tls_new(tor_tls_context *ctx, int sock, int isServer); +int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer); +tor_tls *tor_tls_new(int sock, int isServer); void tor_tls_free(tor_tls *tls); int tor_tls_read(tor_tls *tls, char *cp, int len); int tor_tls_write(tor_tls *tls, char *cp, int n); |