Commit dd04fc35 authored by Nick Mathewson's avatar Nick Mathewson 👉
Browse files

Remove tor_tls_shutdown()

This function was supposed to implement a half-duplex mode for our
TLS connections.  However, nothing in Tor actually uses it (besides
some unit tests), and the implementation looks really questionable
to me.  It's probably best to remove it.  We can add a tested one
later if we need one in the future.
parent 5205c7fd
......@@ -111,7 +111,6 @@ int tor_tls_finish_handshake(tor_tls_t *tls);
void tor_tls_unblock_renegotiation(tor_tls_t *tls);
void tor_tls_block_renegotiation(tor_tls_t *tls);
void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
int tor_tls_shutdown(tor_tls_t *tls);
int tor_tls_get_pending_bytes(tor_tls_t *tls);
size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
......
......@@ -533,15 +533,6 @@ tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
/* We don't support renegotiation with NSS. */
}
int
tor_tls_shutdown(tor_tls_t *tls)
{
tor_assert(tls);
/* XXXX This is not actually used, so I'm not implementing it. We can
* XXXX remove this function entirely someday. */
return -1;
}
int
tor_tls_get_pending_bytes(tor_tls_t *tls)
{
......
......@@ -1323,69 +1323,6 @@ tor_tls_finish_handshake(tor_tls_t *tls)
return r;
}
/** Shut down an open tls connection <b>tls</b>. When finished, returns
* TOR_TLS_DONE. On failure, returns TOR_TLS_ERROR, TOR_TLS_WANTREAD,
* or TOR_TLS_WANTWRITE.
*/
int
tor_tls_shutdown(tor_tls_t *tls)
{
int r, err;
char buf[128];
tor_assert(tls);
tor_assert(tls->ssl);
check_no_tls_errors();
while (1) {
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
/* If we've already called shutdown once to send a close message,
* we read until the other side has closed too.
*/
do {
r = SSL_read(tls->ssl, buf, 128);
} while (r>0);
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading to shut down",
LOG_INFO, LD_NET);
if (err == TOR_TLS_ZERORETURN_) {
tls->state = TOR_TLS_ST_GOTCLOSE;
/* fall through... */
} else {
return err;
}
}
r = SSL_shutdown(tls->ssl);
if (r == 1) {
/* If shutdown returns 1, the connection is entirely closed. */
tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_DONE;
}
err = tor_tls_get_error(tls, r, CATCH_SYSCALL|CATCH_ZERO, "shutting down",
LOG_INFO, LD_NET);
if (err == TOR_TLS_SYSCALL_) {
/* The underlying TCP connection closed while we were shutting down. */
tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_DONE;
} else if (err == TOR_TLS_ZERORETURN_) {
/* The TLS connection says that it sent a shutdown record, but
* isn't done shutting down yet. Make sure that this hasn't
* happened before, then go back to the start of the function
* and try to read.
*/
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
tls->state == TOR_TLS_ST_SENTCLOSE) {
log_warn(LD_NET,
"TLS returned \"half-closed\" value while already half-closed");
return TOR_TLS_ERROR_MISC;
}
tls->state = TOR_TLS_ST_SENTCLOSE;
/* fall through ... */
} else {
return err;
}
} /* end loop */
}
/** Return true iff this TLS connection is authenticated.
*/
int
......
......@@ -1710,102 +1710,6 @@ dummy_handshake_func(SSL *s)
return 1;
}
static void
test_tortls_shutdown(void *ignored)
{
(void)ignored;
int ret;
tor_tls_t *tls;
SSL_METHOD *method = give_me_a_test_method();
setup_capture_of_logs(LOG_WARN);
tls = tor_malloc_zero(sizeof(tor_tls_t));
tls->ssl = tor_malloc_zero(sizeof(SSL));
tls->ssl->method = method;
method->ssl_read = fixed_ssl_read;
method->ssl_shutdown = fixed_ssl_shutdown;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, -9);
tls->state = TOR_TLS_ST_SENTCLOSE;
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = -1;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, -9);
#ifndef LIBRESSL_VERSION_NUMBER
tls->ssl->handshake_func = dummy_handshake_func;
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = 42;
fixed_ssl_read_result[2] = 0;
fixed_ssl_shutdown_result = 1;
ERR_clear_error();
tls->ssl->version = SSL2_VERSION;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = 42;
fixed_ssl_read_result[2] = 0;
fixed_ssl_shutdown_result = 0;
ERR_clear_error();
tls->ssl->version = 0;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_DONE);
tt_int_op(tls->state, OP_EQ, TOR_TLS_ST_CLOSED);
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = 42;
fixed_ssl_read_result[2] = 0;
fixed_ssl_shutdown_result = 0;
ERR_clear_error();
tls->ssl->version = 0;
method->ssl_shutdown = setting_version_ssl_shutdown;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = 42;
fixed_ssl_read_result[2] = 0;
fixed_ssl_shutdown_result = 0;
fixed_tls = tls;
fixed_ssl_state_to_set = TOR_TLS_ST_GOTCLOSE;
ERR_clear_error();
tls->ssl->version = 0;
method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
fixed_ssl_read_result_index = 0;
fixed_ssl_read_result[0] = 10;
fixed_ssl_read_result[1] = 42;
fixed_ssl_read_result[2] = 0;
fixed_ssl_read_result[3] = -1;
fixed_ssl_shutdown_result = 0;
fixed_tls = tls;
fixed_ssl_state_to_set = 0;
ERR_clear_error();
tls->ssl->version = 0;
method->ssl_shutdown = setting_version_and_state_ssl_shutdown;
ret = tor_tls_shutdown(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
done:
teardown_capture_of_logs();
tor_free(method);
tor_free(tls->ssl);
tor_free(tls);
}
static int negotiated_callback_called;
static void
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment