mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 18:22:09 +01:00
Resolve XXXXs in tortls.c
svn:r443
This commit is contained in:
parent
f5b4ef1fa2
commit
529d3bc56f
@ -10,6 +10,7 @@
|
|||||||
#include "./crypto.h"
|
#include "./crypto.h"
|
||||||
#include "./tortls.h"
|
#include "./tortls.h"
|
||||||
#include "./util.h"
|
#include "./util.h"
|
||||||
|
#include "./log.h"
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
@ -271,7 +272,7 @@ tor_tls_read(tor_tls *tls, char *cp, int len)
|
|||||||
tls->state = TOR_TLS_ST_CLOSED;
|
tls->state = TOR_TLS_ST_CLOSED;
|
||||||
return TOR_TLS_CLOSE;
|
return TOR_TLS_CLOSE;
|
||||||
} else {
|
} else {
|
||||||
/* XXXX Make sure it's not TOR_TLS_DONE. */
|
assert(err != TOR_TLS_DONE);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -287,12 +288,12 @@ tor_tls_write(tor_tls *tls, char *cp, int n)
|
|||||||
int r, err;
|
int r, err;
|
||||||
assert(tls && tls->ssl);
|
assert(tls && tls->ssl);
|
||||||
assert(tls->state == TOR_TLS_ST_OPEN);
|
assert(tls->state == TOR_TLS_ST_OPEN);
|
||||||
|
if (n == 0)
|
||||||
|
return 0;
|
||||||
r = SSL_write(tls->ssl, cp, n);
|
r = SSL_write(tls->ssl, cp, n);
|
||||||
err = tor_tls_get_error(tls, r, 1);
|
err = tor_tls_get_error(tls, r, 1);
|
||||||
if (err == _TOR_TLS_ZERORETURN) {
|
assert(err != _TOR_TLS_ZERORETURN);
|
||||||
/* should never happen XXXX */
|
if (err == TOR_TLS_DONE) {
|
||||||
return 0;
|
|
||||||
} else if (err == TOR_TLS_DONE) {
|
|
||||||
return r;
|
return r;
|
||||||
} else {
|
} else {
|
||||||
return err;
|
return err;
|
||||||
@ -332,41 +333,54 @@ tor_tls_shutdown(tor_tls *tls)
|
|||||||
char buf[128];
|
char buf[128];
|
||||||
assert(tls && tls->ssl);
|
assert(tls && tls->ssl);
|
||||||
|
|
||||||
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
|
while (1) {
|
||||||
do {
|
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||||
r = SSL_read(tls->ssl, buf, 128);
|
/* If we've already called shutdown once to send a close message,
|
||||||
} while (r>0);
|
* we read until the other side has closed too.
|
||||||
|
*/
|
||||||
|
do {
|
||||||
|
r = SSL_read(tls->ssl, buf, 128);
|
||||||
|
} while (r>0);
|
||||||
|
err = tor_tls_get_error(tls, r, 1);
|
||||||
|
if (err == _TOR_TLS_ZERORETURN) {
|
||||||
|
tls->state = TOR_TLS_ST_GOTCLOSE;
|
||||||
|
/* fall through... */
|
||||||
|
} else {
|
||||||
|
if (err == _TOR_TLS_SYSCALL)
|
||||||
|
err = TOR_TLS_ERROR;
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
r = SSL_shutdown(tls->ssl);
|
||||||
|
if (r == 1) {
|
||||||
|
/* If shutdown returns 1, the connection is entirely closed. */
|
||||||
|
tls->state = TOR_TLS_ST_CLOSED;
|
||||||
|
return TOR_TLS_DONE;
|
||||||
|
}
|
||||||
err = tor_tls_get_error(tls, r, 1);
|
err = tor_tls_get_error(tls, r, 1);
|
||||||
if (err == _TOR_TLS_ZERORETURN) {
|
if (err == _TOR_TLS_SYSCALL) {
|
||||||
tls->state = TOR_TLS_ST_GOTCLOSE;
|
/* The underlying TCP connection closed while we were shutting down. */
|
||||||
/* fall through */
|
tls->state = TOR_TLS_ST_CLOSED;
|
||||||
|
return TOR_TLS_DONE;
|
||||||
|
} else if (err == _TOR_TLS_ZERORETURN) {
|
||||||
|
/* The TLS connection says that it sent a shutdown record, but
|
||||||
|
* isn't done shutting down yet. Make sure that this hasn't
|
||||||
|
* happened before, then go back to the start of the function
|
||||||
|
* and try to read.
|
||||||
|
*/
|
||||||
|
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
|
||||||
|
tls->state == TOR_TLS_ST_SENTCLOSE) {
|
||||||
|
log(LOG_ERR,
|
||||||
|
"TLS returned \"half-closed\" value while already half-closed");
|
||||||
|
return TOR_TLS_ERROR;
|
||||||
|
}
|
||||||
|
tls->state = TOR_TLS_ST_SENTCLOSE;
|
||||||
|
/* fall through ... */
|
||||||
} else {
|
} else {
|
||||||
if (err == _TOR_TLS_SYSCALL)
|
|
||||||
err = TOR_TLS_ERROR;
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
}
|
} /* end loop */
|
||||||
|
|
||||||
r = SSL_shutdown(tls->ssl);
|
|
||||||
if (r == 1) {
|
|
||||||
tls->state = TOR_TLS_ST_CLOSED;
|
|
||||||
return TOR_TLS_DONE;
|
|
||||||
}
|
|
||||||
err = tor_tls_get_error(tls, r, 1);
|
|
||||||
if (err == _TOR_TLS_SYSCALL)
|
|
||||||
return TOR_TLS_ST_CLOSED; /* XXXX is this right? */
|
|
||||||
else if (err == _TOR_TLS_ZERORETURN) {
|
|
||||||
if (tls->state == TOR_TLS_ST_GOTCLOSE ||
|
|
||||||
tls->state == TOR_TLS_ST_SENTCLOSE) {
|
|
||||||
/* XXXX log; unexpected. */
|
|
||||||
return TOR_TLS_ERROR;
|
|
||||||
}
|
|
||||||
tls->state = TOR_TLS_ST_SENTCLOSE;
|
|
||||||
return tor_tls_shutdown(tls);
|
|
||||||
} else {
|
|
||||||
/* XXXX log if not error. */
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Return true iff this TLS connection is authenticated.
|
/* Return true iff this TLS connection is authenticated.
|
||||||
|
Loading…
Reference in New Issue
Block a user