mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
Resolve XXXXs in tortls.c
svn:r443
This commit is contained in:
parent
f5b4ef1fa2
commit
529d3bc56f
@ -10,6 +10,7 @@
|
||||
#include "./crypto.h"
|
||||
#include "./tortls.h"
|
||||
#include "./util.h"
|
||||
#include "./log.h"
|
||||
|
||||
#include <assert.h>
|
||||
#include <openssl/ssl.h>
|
||||
@ -271,7 +272,7 @@ tor_tls_read(tor_tls *tls, char *cp, int len)
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_CLOSE;
|
||||
} else {
|
||||
/* XXXX Make sure it's not TOR_TLS_DONE. */
|
||||
assert(err != TOR_TLS_DONE);
|
||||
return err;
|
||||
}
|
||||
}
|
||||
@ -287,12 +288,12 @@ tor_tls_write(tor_tls *tls, char *cp, int n)
|
||||
int r, err;
|
||||
assert(tls && tls->ssl);
|
||||
assert(tls->state == TOR_TLS_ST_OPEN);
|
||||
if (n == 0)
|
||||
return 0;
|
||||
r = SSL_write(tls->ssl, cp, n);
|
||||
err = tor_tls_get_error(tls, r, 1);
|
||||
if (err == _TOR_TLS_ZERORETURN) {
|
||||
/* should never happen XXXX */
|
||||
return 0;
|
||||
} else if (err == TOR_TLS_DONE) {
|
||||
assert(err != _TOR_TLS_ZERORETURN);
|
||||
if (err == TOR_TLS_DONE) {
|
||||
return r;
|
||||
} else {
|
||||
return err;
|
||||
@ -332,41 +333,54 @@ tor_tls_shutdown(tor_tls *tls)
|
||||
char buf[128];
|
||||
assert(tls && tls->ssl);
|
||||
|
||||
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||
do {
|
||||
r = SSL_read(tls->ssl, buf, 128);
|
||||
} while (r>0);
|
||||
while (1) {
|
||||
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||
/* If we've already called shutdown once to send a close message,
|
||||
* we read until the other side has closed too.
|
||||
*/
|
||||
do {
|
||||
r = SSL_read(tls->ssl, buf, 128);
|
||||
} while (r>0);
|
||||
err = tor_tls_get_error(tls, r, 1);
|
||||
if (err == _TOR_TLS_ZERORETURN) {
|
||||
tls->state = TOR_TLS_ST_GOTCLOSE;
|
||||
/* fall through... */
|
||||
} else {
|
||||
if (err == _TOR_TLS_SYSCALL)
|
||||
err = TOR_TLS_ERROR;
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
r = SSL_shutdown(tls->ssl);
|
||||
if (r == 1) {
|
||||
/* If shutdown returns 1, the connection is entirely closed. */
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_DONE;
|
||||
}
|
||||
err = tor_tls_get_error(tls, r, 1);
|
||||
if (err == _TOR_TLS_ZERORETURN) {
|
||||
tls->state = TOR_TLS_ST_GOTCLOSE;
|
||||
/* fall through */
|
||||
if (err == _TOR_TLS_SYSCALL) {
|
||||
/* The underlying TCP connection closed while we were shutting down. */
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_DONE;
|
||||
} else if (err == _TOR_TLS_ZERORETURN) {
|
||||
/* The TLS connection says that it sent a shutdown record, but
|
||||
* isn't done shutting down yet. Make sure that this hasn't
|
||||
* happened before, then go back to the start of the function
|
||||
* and try to read.
|
||||
*/
|
||||
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
|
||||
tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||
log(LOG_ERR,
|
||||
"TLS returned \"half-closed\" value while already half-closed");
|
||||
return TOR_TLS_ERROR;
|
||||
}
|
||||
tls->state = TOR_TLS_ST_SENTCLOSE;
|
||||
/* fall through ... */
|
||||
} else {
|
||||
if (err == _TOR_TLS_SYSCALL)
|
||||
err = TOR_TLS_ERROR;
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
r = SSL_shutdown(tls->ssl);
|
||||
if (r == 1) {
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_DONE;
|
||||
}
|
||||
err = tor_tls_get_error(tls, r, 1);
|
||||
if (err == _TOR_TLS_SYSCALL)
|
||||
return TOR_TLS_ST_CLOSED; /* XXXX is this right? */
|
||||
else if (err == _TOR_TLS_ZERORETURN) {
|
||||
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
|
||||
tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||
/* XXXX log; unexpected. */
|
||||
return TOR_TLS_ERROR;
|
||||
}
|
||||
tls->state = TOR_TLS_ST_SENTCLOSE;
|
||||
return tor_tls_shutdown(tls);
|
||||
} else {
|
||||
/* XXXX log if not error. */
|
||||
return err;
|
||||
}
|
||||
} /* end loop */
|
||||
}
|
||||
|
||||
/* Return true iff this TLS connection is authenticated.
|
||||
|
Loading…
Reference in New Issue
Block a user