Merge branch 'maint-0.3.5' into release-0.3.5

torproject · May 25, 2021 · a4e8624 · a4e8624
2 parents 6dc3423 + 42ba87d
commit a4e8624
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 41 deletions.
diff --git a/changes/bug40399 b/changes/bug40399
@@ -0,0 +1,5 @@
+  o Minor features (compatibility):
+    - Remove an assertion function related to TLS renegotiation.
+      It was used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0.
+      Closes ticket 40399.
diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
@@ -107,7 +107,6 @@ int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
 void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 void tor_tls_block_renegotiation(tor_tls_t *tls);
-void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls);
 int tor_tls_get_pending_bytes(tor_tls_t *tls);
 size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
 

diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
@@ -633,13 +633,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
   /* We don't support renegotiation with NSS. */
 }
 
-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-  tor_assert(tls);
-  /* We don't support renegotiation with NSS. */
-}
-
 int
 tor_tls_get_pending_bytes(tor_tls_t *tls)
 {

diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
@@ -1168,19 +1168,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls)
 #endif
 }
 
-/** Assert that the flags that allow legacy renegotiation are still set */
-void
-tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls)
-{
-#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \
-  SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0
-  long options = SSL_get_options(tls->ssl);
-  tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION));
-#else
-  (void) tls;
-#endif /* defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && ... */
-}
-
 /**
  * Tell the TLS library that the underlying socket for <b>tls</b> has been
  * closed, and the library should not attempt to free that socket itself.

diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
@@ -1147,25 +1147,6 @@ test_tortls_unblock_renegotiation(void *ignored)
 }
 #endif /* !defined(OPENSSL_OPAQUE) */
 
-#ifndef OPENSSL_OPAQUE
-static void
-test_tortls_assert_renegotiation_unblocked(void *ignored)
-{
-  (void)ignored;
-  tor_tls_t *tls;
-
-  tls = tor_malloc_zero(sizeof(tor_tls_t));
-  tls->ssl = tor_malloc_zero(sizeof(SSL));
-  tor_tls_unblock_renegotiation(tls);
-  tor_tls_assert_renegotiation_unblocked(tls);
-  /* No assertion here - this test will fail if tor_assert is turned on
-   * and things are bad. */
-
-  tor_free(tls->ssl);
-  tor_free(tls);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
 static void
 test_tortls_set_logged_address(void *ignored)
 {
@@ -2228,7 +2209,6 @@ struct testcase_t tortls_openssl_tests[] = {
   INTRUSIVE_TEST_CASE(server_info_callback, 0),
   LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK),
   LOCAL_TEST_CASE(is_server, 0),
-  INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0),
   INTRUSIVE_TEST_CASE(block_renegotiation, 0),
   INTRUSIVE_TEST_CASE(unblock_renegotiation, 0),
   INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),