[or-cvs] hide the global tls context inside tortls.c
Roger Dingledine
arma at seul.org
Mon Sep 8 06:22:21 UTC 2003
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/common
Modified Files:
tortls.c tortls.h
Log Message:
hide the global tls context inside tortls.c
Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- tortls.c 5 Sep 2003 05:58:21 -0000 1.2
+++ tortls.c 8 Sep 2003 06:22:19 -0000 1.3
@@ -32,6 +32,9 @@
int isServer;
};
+/* global tls context, keep it here because nobody else needs to touch it */
+static tor_tls_context *global_tls_context=NULL;
+
#define _TOR_TLS_SYSCALL -6
#define _TOR_TLS_ZERORETURN -5
@@ -82,6 +85,7 @@
assert(rsa && rsa->type == CRYPTO_PK_RSA);
if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key)))
+ /* XXX we have a crypto_pk_dup_key(), it's a shame we can't use it here */
return -1;
if (!(pkey = EVP_PKEY_new()))
return -1;
@@ -130,9 +134,9 @@
/* Create a new TLS context. If we are going to be using it as a
* server, it must have isServer set to true, certfile set to a
* filename for a certificate file, and RSA set to the private key
- * used for that certificate.
+ * used for that certificate. Return -1 if failure, else 0.
*/
-tor_tls_context *
+int
tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer)
{
crypto_dh_env_t *dh = NULL;
@@ -145,28 +149,28 @@
result = tor_malloc(sizeof(tor_tls_context));
if (!(result->ctx = SSL_CTX_new(TLSv1_method())))
- return NULL;
+ return -1;
/* XXXX This should use AES, but we'll need to require OpenSSL 0.9.7 first */
if (!SSL_CTX_set_cipher_list(result->ctx, TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA))
/* TLS1_TXT_DHE_RSA_WITH_AES_128_SHA)) */
- return NULL;
+ return -1;
if (certfile && !SSL_CTX_use_certificate_file(result->ctx,certfile,
SSL_FILETYPE_PEM))
- return NULL;
+ return -1;
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
if (rsa) {
if (!(_rsa = RSAPrivateKey_dup((RSA*)rsa->key)))
- return NULL;
+ return -1;
if (!(pkey = EVP_PKEY_new()))
- return NULL;
+ return -1;
if (!EVP_PKEY_assign_RSA(pkey, _rsa))
- return NULL;
+ return -1;
if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
- return NULL;
+ return -1;
EVP_PKEY_free(pkey);
if (certfile) {
if (!SSL_CTX_check_private_key(result->ctx))
- return NULL;
+ return -1;
}
}
dh = crypto_dh_new();
@@ -175,17 +179,19 @@
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
- return result;
+ global_tls_context = result;
+ return 0;
}
/* Create a new TLS object from a TLS context, a filedescriptor, and
* a flag to determine whether it is functioning as a server.
*/
tor_tls *
-tor_tls_new(tor_tls_context *ctx, int sock, int isServer)
+tor_tls_new(int sock, int isServer)
{
tor_tls *result = tor_malloc(sizeof(tor_tls));
- if (!(result->ssl = SSL_new(ctx->ctx)))
+ assert(global_tls_context); /* make sure somebody made it first */
+ if (!(result->ssl = SSL_new(global_tls_context->ctx)))
return NULL;
result->socket = sock;
SSL_set_fd(result->ssl, sock);
@@ -322,3 +328,4 @@
return err;
}
}
+
Index: tortls.h
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- tortls.h 4 Sep 2003 16:05:08 -0000 1.1
+++ tortls.h 8 Sep 2003 06:22:19 -0000 1.2
@@ -17,8 +17,8 @@
#define TOR_TLS_DONE 0
int tor_tls_write_certificate(char *certfile, crypto_pk_env_t *rsa, char *nickname);
-tor_tls_context *tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
-tor_tls *tor_tls_new(tor_tls_context *ctx, int sock, int isServer);
+int tor_tls_context_new(char *certfile, crypto_pk_env_t *rsa, int isServer);
+tor_tls *tor_tls_new(int sock, int isServer);
void tor_tls_free(tor_tls *tls);
int tor_tls_read(tor_tls *tls, char *cp, int len);
int tor_tls_write(tor_tls *tls, char *cp, int n);
More information about the tor-commits
mailing list