Merge branch 'maint-0.4.5' into maint-0.4.6

bab2b29f · Alexander Hansen Færøy · debede5e · 4a7379b8 · bab2b29f · bab2b29f
Commit bab2b29f authored 3 years ago by Alexander Hansen Færøy
--- a/changes/bug40399
+++ b/changes/bug40399
+  o Minor features (compatibility):
+    - Remove an assertion function related to TLS renegotiation.
+      It was used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0.
+      Closes ticket 40399.
--- a/src/lib/tls/tortls.h
+++ b/src/lib/tls/tortls.h
@@ -108,7 +108,6 @@ int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 void tor_tls_block_renegotiation(tor_tls_t *tls);
-void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
 int tor_tls_get_pending_bytes(tor_tls_t *tls);
 size_t tor_tls_get_forced_write_size(tor_tls_t *tls);


--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -646,13 +646,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
  /* We don't support renegotiation with NSS. */
 }

-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-  tor_assert(tls);
-  /* We don't support renegotiation with NSS. */
-}
-
 int
 tor_tls_get_pending_bytes(tor_tls_t *tls)
 {

--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -1190,19 +1190,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
 #endif
 }

-/** Assert that the flags that allow legacy renegotiation are still set */
-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \
-  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
-  long options = SSL_get_options(tls->ssl);
-  tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-#else
-  (void) tls;
-#endif /* defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && ... */
-}
-
 /**
 * Tell the TLS library that the underlying socket for <b>tls</b> has been
 * closed, and the library should not attempt to free that socket itself.

--- a/src/test/test_tortls_openssl.c
+++ b/src/test/test_tortls_openssl.c
@@ -1143,25 +1143,6 @@ test_tortls_unblock_renegotiation(void *ignored)
 }
 #endif /* !defined(OPENSSL_OPAQUE) */

-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_assert_renegotiation_unblocked(void *ignored)
-{
-  (void)ignored;
-  tor_tls_t *tls;
-
-  tls = tor_malloc_zero(sizeof(tor_tls_t));
-  tls->ssl = tor_malloc_zero(sizeof(SSL));
-  tor_tls_unblock_renegotiation(tls);
-  tor_tls_assert_renegotiation_unblocked(tls);
-  /* No assertion here - this test will fail if tor_assert is turned on
-   * and things are bad. */
-
-  tor_free(tls->ssl);
-  tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
 static void
 test_tortls_set_logged_address(void *ignored)
 {
@@ -2224,7 +2205,6 @@ struct testcase_t tortls_openssl_tests[] = {
  INTRUSIVE_TEST_CASE(server_info_callback, 0),
  LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
  LOCAL_TEST_CASE(is_server, 0),
-  INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
  INTRUSIVE_TEST_CASE(block_renegotiation, 0),
  INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
  INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),