commit f253aef14faf7640f94e9e76947b6a4461c3c1a4 Author: Nick Mathewson <nickm@torproject.org> Date: Tue Sep 30 08:31:08 2014 -0400 Mechanical rename: tor_cert_t -> tor_x509_cert_t --- src/common/tortls.c | 66 ++++++++++++++++++++++++------------------------ src/common/tortls.h | 26 +++++++++---------- src/or/channeltls.c | 26 +++++++++---------- src/or/connection_or.c | 24 +++++++++--------- src/or/or.h | 4 +-- 5 files changed, 73 insertions(+), 73 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 97a82bf..b4d50cd 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -122,7 +122,7 @@ static int use_unsafe_renegotiation_op = 0; static int use_unsafe_renegotiation_flag = 0; /** Structure that we use for a single certificate. */ -struct tor_cert_t { +struct tor_x509_cert_t { X509 *cert; uint8_t *encoded; size_t encoded_len; @@ -137,9 +137,9 @@ struct tor_cert_t { typedef struct tor_tls_context_t { int refcnt; SSL_CTX *ctx; - tor_cert_t *my_link_cert; - tor_cert_t *my_id_cert; - tor_cert_t *my_auth_cert; + tor_x509_cert_t *my_link_cert; + tor_x509_cert_t *my_id_cert; + tor_x509_cert_t *my_auth_cert; crypto_pk_t *link_key; crypto_pk_t *auth_key; } tor_tls_context_t; @@ -821,7 +821,7 @@ static const int N_CLIENT_CIPHERS = ARRAY_LENGTH(CLIENT_CIPHER_INFO_LIST); /** Free all storage held in <b>cert</b> */ void -tor_cert_free(tor_cert_t *cert) +tor_x509_cert_free(tor_x509_cert_t *cert) { if (! cert) return; @@ -833,14 +833,14 @@ tor_cert_free(tor_cert_t *cert) } /** - * Allocate a new tor_cert_t to hold the certificate "x509_cert". + * Allocate a new tor_x509_cert_t to hold the certificate "x509_cert". * * Steals a reference to x509_cert. */ -static tor_cert_t * -tor_cert_new(X509 *x509_cert) +static tor_x509_cert_t * +tor_x509_cert_new(X509 *x509_cert) { - tor_cert_t *cert; + tor_x509_cert_t *cert; EVP_PKEY *pkey; RSA *rsa; int length; @@ -850,7 +850,7 @@ tor_cert_new(X509 *x509_cert) return NULL; length = i2d_X509(x509_cert, &buf); - cert = tor_malloc_zero(sizeof(tor_cert_t)); + cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); if (length <= 0 || buf == NULL) { tor_free(cert); log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate"); @@ -880,14 +880,14 @@ tor_cert_new(X509 *x509_cert) } /** Read a DER-encoded X509 cert, of length exactly <b>certificate_len</b>, - * from a <b>certificate</b>. Return a newly allocated tor_cert_t on success + * from a <b>certificate</b>. Return a newly allocated tor_x509_cert_t on success * and NULL on failure. */ -tor_cert_t * -tor_cert_decode(const uint8_t *certificate, size_t certificate_len) +tor_x509_cert_t * +tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len) { X509 *x509; const unsigned char *cp = (const unsigned char *)certificate; - tor_cert_t *newcert; + tor_x509_cert_t *newcert; tor_assert(certificate); check_no_tls_errors(); @@ -902,14 +902,14 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len) X509_free(x509); goto err; /* Didn't use all the bytes */ } - newcert = tor_cert_new(x509); + newcert = tor_x509_cert_new(x509); if (!newcert) { goto err; } if (newcert->encoded_len != certificate_len || fast_memneq(newcert->encoded, certificate, certificate_len)) { /* Cert wasn't in DER */ - tor_cert_free(newcert); + tor_x509_cert_free(newcert); goto err; } return newcert; @@ -921,7 +921,7 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len) /** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER * representation and length, respectively. */ void -tor_cert_get_der(const tor_cert_t *cert, +tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out) { tor_assert(cert); @@ -934,7 +934,7 @@ tor_cert_get_der(const tor_cert_t *cert, /** Return a set of digests for the public key in <b>cert</b>, or NULL if this * cert's public key is not one we know how to take the digest of. */ const digests_t * -tor_cert_get_id_digests(const tor_cert_t *cert) +tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert) { if (cert->pkey_digests_set) return &cert->pkey_digests; @@ -944,7 +944,7 @@ tor_cert_get_id_digests(const tor_cert_t *cert) /** Return a set of digests for the public key in <b>cert</b>. */ const digests_t * -tor_cert_get_cert_digests(const tor_cert_t *cert) +tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert) { return &cert->cert_digests; } @@ -957,9 +957,9 @@ tor_tls_context_decref(tor_tls_context_t *ctx) tor_assert(ctx); if (--ctx->refcnt == 0) { SSL_CTX_free(ctx->ctx); - tor_cert_free(ctx->my_link_cert); - tor_cert_free(ctx->my_id_cert); - tor_cert_free(ctx->my_auth_cert); + tor_x509_cert_free(ctx->my_link_cert); + tor_x509_cert_free(ctx->my_id_cert); + tor_x509_cert_free(ctx->my_auth_cert); crypto_pk_free(ctx->link_key); crypto_pk_free(ctx->auth_key); tor_free(ctx); @@ -973,8 +973,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx) * client mode. */ int tor_tls_get_my_certs(int server, - const tor_cert_t **link_cert_out, - const tor_cert_t **id_cert_out) + const tor_x509_cert_t **link_cert_out, + const tor_x509_cert_t **id_cert_out) { tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context; if (! ctx) @@ -1003,7 +1003,7 @@ tor_tls_get_my_client_auth_key(void) * certifies. Return NULL if the cert's key is not RSA. */ crypto_pk_t * -tor_tls_cert_get_key(tor_cert_t *cert) +tor_tls_cert_get_key(tor_x509_cert_t *cert) { crypto_pk_t *result = NULL; EVP_PKEY *pkey = X509_get_pubkey(cert->cert); @@ -1024,7 +1024,7 @@ tor_tls_cert_get_key(tor_cert_t *cert) * the key certified in <b>cert</b> is the same as the key they used to do it. */ int -tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert) +tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert) { X509 *peercert = SSL_get_peer_certificate(tls->ssl); EVP_PKEY *link_key = NULL, *cert_key = NULL; @@ -1053,8 +1053,8 @@ tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert) * we couldn't check it. */ int tor_tls_cert_is_valid(int severity, - const tor_cert_t *cert, - const tor_cert_t *signing_cert, + const tor_x509_cert_t *cert, + const tor_x509_cert_t *signing_cert, int check_rsa_1024) { check_no_tls_errors(); @@ -1265,9 +1265,9 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; if (!is_client) { - result->my_link_cert = tor_cert_new(X509_dup(cert)); - result->my_id_cert = tor_cert_new(X509_dup(idcert)); - result->my_auth_cert = tor_cert_new(X509_dup(authcert)); + result->my_link_cert = tor_x509_cert_new(X509_dup(cert)); + result->my_id_cert = tor_x509_cert_new(X509_dup(idcert)); + result->my_auth_cert = tor_x509_cert_new(X509_dup(authcert)); if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert) goto error; result->link_key = crypto_pk_dup_key(rsa); @@ -2394,7 +2394,7 @@ tor_tls_peer_has_cert(tor_tls_t *tls) } /** Return the peer certificate, or NULL if there isn't one. */ -tor_cert_t * +tor_x509_cert_t * tor_tls_get_peer_cert(tor_tls_t *tls) { X509 *cert; @@ -2402,7 +2402,7 @@ tor_tls_get_peer_cert(tor_tls_t *tls) tls_log_errors(tls, LOG_WARN, LD_HANDSHAKE, "getting peer certificate"); if (!cert) return NULL; - return tor_cert_new(cert); + return tor_x509_cert_new(cert); } /** Warn that a certificate lifetime extends through a certain range. */ diff --git a/src/common/tortls.h b/src/common/tortls.h index f8c6d59..22b1a9e 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -19,7 +19,7 @@ typedef struct tor_tls_t tor_tls_t; /* Opaque structure to hold an X509 certificate. */ -typedef struct tor_cert_t tor_cert_t; +typedef struct tor_x509_cert_t tor_x509_cert_t; /* Possible return values for most tor_tls_* functions. */ #define MIN_TOR_TLS_ERROR_VAL_ -9 @@ -72,7 +72,7 @@ void tor_tls_set_renegotiate_callback(tor_tls_t *tls, int tor_tls_is_server(tor_tls_t *tls); void tor_tls_free(tor_tls_t *tls); int tor_tls_peer_has_cert(tor_tls_t *tls); -tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls); +tor_x509_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls); int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity); int tor_tls_check_lifetime(int severity, tor_tls_t *tls, int past_tolerance, @@ -120,22 +120,22 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls, int filter); #endif -void tor_cert_free(tor_cert_t *cert); -tor_cert_t *tor_cert_decode(const uint8_t *certificate, +void tor_x509_cert_free(tor_x509_cert_t *cert); +tor_x509_cert_t *tor_x509_cert_decode(const uint8_t *certificate, size_t certificate_len); -void tor_cert_get_der(const tor_cert_t *cert, +void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out); -const digests_t *tor_cert_get_id_digests(const tor_cert_t *cert); -const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert); +const digests_t *tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert); +const digests_t *tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert); int tor_tls_get_my_certs(int server, - const tor_cert_t **link_cert_out, - const tor_cert_t **id_cert_out); + const tor_x509_cert_t **link_cert_out, + const tor_x509_cert_t **id_cert_out); crypto_pk_t *tor_tls_get_my_client_auth_key(void); -crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert); -int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert); +crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert); +int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert); int tor_tls_cert_is_valid(int severity, - const tor_cert_t *cert, - const tor_cert_t *signing_cert, + const tor_x509_cert_t *cert, + const tor_x509_cert_t *signing_cert, int check_rsa_1024); const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls); diff --git a/src/or/channeltls.c b/src/or/channeltls.c index e194c1c..10fcb28 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1747,9 +1747,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) static void channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) { - tor_cert_t *link_cert = NULL; - tor_cert_t *id_cert = NULL; - tor_cert_t *auth_cert = NULL; + tor_x509_cert_t *link_cert = NULL; + tor_x509_cert_t *id_cert = NULL; + tor_x509_cert_t *auth_cert = NULL; uint8_t *ptr; int n_certs, i; int send_netinfo = 0; @@ -1803,7 +1803,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) if (cert_type == OR_CERT_TYPE_TLS_LINK || cert_type == OR_CERT_TYPE_ID_1024 || cert_type == OR_CERT_TYPE_AUTH_1024) { - tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len); + tor_x509_cert_t *cert = tor_x509_cert_decode(ptr + 3, cert_len); if (!cert) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Received undecodable certificate in CERTS cell from %s:%d", @@ -1812,24 +1812,24 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) } else { if (cert_type == OR_CERT_TYPE_TLS_LINK) { if (link_cert) { - tor_cert_free(cert); + tor_x509_cert_free(cert); ERR("Too many TLS_LINK certificates"); } link_cert = cert; } else if (cert_type == OR_CERT_TYPE_ID_1024) { if (id_cert) { - tor_cert_free(cert); + tor_x509_cert_free(cert); ERR("Too many ID_1024 certificates"); } id_cert = cert; } else if (cert_type == OR_CERT_TYPE_AUTH_1024) { if (auth_cert) { - tor_cert_free(cert); + tor_x509_cert_free(cert); ERR("Too many AUTH_1024 certificates"); } auth_cert = cert; } else { - tor_cert_free(cert); + tor_x509_cert_free(cert); } } } @@ -1864,7 +1864,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) chan->conn->handshake_state->authenticated = 1; { - const digests_t *id_digests = tor_cert_get_id_digests(id_cert); + const digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert); crypto_pk_t *identity_rcvd; if (!id_digests) ERR("Couldn't compute digests for key in ID cert"); @@ -1929,9 +1929,9 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) } err: - tor_cert_free(id_cert); - tor_cert_free(link_cert); - tor_cert_free(auth_cert); + tor_x509_cert_free(id_cert); + tor_x509_cert_free(link_cert); + tor_x509_cert_free(auth_cert); #undef ERR } @@ -2151,7 +2151,7 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(chan->conn->handshake_state->id_cert); const digests_t *id_digests = - tor_cert_get_id_digests(chan->conn->handshake_state->id_cert); + tor_x509_cert_get_id_digests(chan->conn->handshake_state->id_cert); /* This must exist; we checked key type when reading the cert. */ tor_assert(id_digests); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 85462d8..6c584a5 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1878,8 +1878,8 @@ or_handshake_state_free(or_handshake_state_t *state) return; crypto_digest_free(state->digest_sent); crypto_digest_free(state->digest_received); - tor_cert_free(state->auth_cert); - tor_cert_free(state->id_cert); + tor_x509_cert_free(state->auth_cert); + tor_x509_cert_free(state->id_cert); memwipe(state, 0xBE, sizeof(or_handshake_state_t)); tor_free(state); } @@ -2227,7 +2227,7 @@ connection_or_send_netinfo(or_connection_t *conn) int connection_or_send_certs_cell(or_connection_t *conn) { - const tor_cert_t *link_cert = NULL, *id_cert = NULL; + const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL; const uint8_t *link_encoded = NULL, *id_encoded = NULL; size_t link_len, id_len; var_cell_t *cell; @@ -2242,8 +2242,8 @@ connection_or_send_certs_cell(or_connection_t *conn) server_mode = ! conn->handshake_state->started_here; if (tor_tls_get_my_certs(server_mode, &link_cert, &id_cert) < 0) return -1; - tor_cert_get_der(link_cert, &link_encoded, &link_len); - tor_cert_get_der(id_cert, &id_encoded, &id_len); + tor_x509_cert_get_der(link_cert, &link_encoded, &link_len); + tor_x509_cert_get_der(id_cert, &id_encoded, &id_len); cell_len = 1 /* 1 byte: num certs in cell */ + 2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ + @@ -2342,13 +2342,13 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, ptr += 8; { - const tor_cert_t *id_cert=NULL, *link_cert=NULL; + const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL; const digests_t *my_digests, *their_digests; const uint8_t *my_id, *their_id, *client_id, *server_id; if (tor_tls_get_my_certs(server, &link_cert, &id_cert)) return -1; - my_digests = tor_cert_get_id_digests(id_cert); - their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert); + my_digests = tor_x509_cert_get_id_digests(id_cert); + their_digests = tor_x509_cert_get_id_digests(conn->handshake_state->id_cert); tor_assert(my_digests); tor_assert(their_digests); my_id = (uint8_t*)my_digests->d[DIGEST_SHA256]; @@ -2387,8 +2387,8 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, { /* Digest of cert used on TLS link : 32 octets. */ - const tor_cert_t *cert = NULL; - tor_cert_t *freecert = NULL; + const tor_x509_cert_t *cert = NULL; + tor_x509_cert_t *freecert = NULL; if (server) { tor_tls_get_my_certs(1, &cert, NULL); } else { @@ -2397,10 +2397,10 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, } if (!cert) return -1; - memcpy(ptr, tor_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32); + memcpy(ptr, tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32); if (freecert) - tor_cert_free(freecert); + tor_x509_cert_free(freecert); ptr += 32; } diff --git a/src/or/or.h b/src/or/or.h index 6723f93..19694a0 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1411,9 +1411,9 @@ typedef struct or_handshake_state_t { * @{ */ /** The cert for the key that's supposed to sign the AUTHENTICATE cell */ - tor_cert_t *auth_cert; + tor_x509_cert_t *auth_cert; /** A self-signed identity certificate */ - tor_cert_t *id_cert; + tor_x509_cert_t *id_cert; /**@}*/ } or_handshake_state_t;