diff --git a/changes/bug40399 b/changes/bug40399 new file mode 100644 index 00000000000..7954b85eaf4 --- /dev/null +++ b/changes/bug40399 @@ -0,0 +1,5 @@ + o Minor features (compatibility): + - Remove an assertion function related to TLS renegotiation. + It was used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. + Closes ticket 40399. diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h index 8efc7a1c98a..93983180353 100644 --- a/src/lib/tls/tortls.h +++ b/src/lib/tls/tortls.h @@ -107,7 +107,6 @@ int tor_tls_handshake(tor_tls_t *tls); int tor_tls_finish_handshake(tor_tls_t *tls); void tor_tls_unblock_renegotiation(tor_tls_t *tls); void tor_tls_block_renegotiation(tor_tls_t *tls); -void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls); int tor_tls_get_pending_bytes(tor_tls_t *tls); size_t tor_tls_get_forced_write_size(tor_tls_t *tls); diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 6f6c47674ee..b7f35131505 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -633,13 +633,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls) /* We don't support renegotiation with NSS. */ } -void -tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) -{ - tor_assert(tls); - /* We don't support renegotiation with NSS. */ -} - int tor_tls_get_pending_bytes(tor_tls_t *tls) { diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index 80b0df301f2..c5031a00aa0 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -1168,19 +1168,6 @@ tor_tls_block_renegotiation(tor_tls_t *tls) #endif } -/** Assert that the flags that allow legacy renegotiation are still set */ -void -tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) -{ -#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && \ - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION != 0 - long options = SSL_get_options(tls->ssl); - tor_assert(0 != (options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)); -#else - (void) tls; -#endif /* defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) && ... */ -} - /** * Tell the TLS library that the underlying socket for tls has been * closed, and the library should not attempt to free that socket itself. diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index f4e3430daca..81c65d7446a 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -1147,25 +1147,6 @@ test_tortls_unblock_renegotiation(void *ignored) } #endif /* !defined(OPENSSL_OPAQUE) */ -#ifndef OPENSSL_OPAQUE -static void -test_tortls_assert_renegotiation_unblocked(void *ignored) -{ - (void)ignored; - tor_tls_t *tls; - - tls = tor_malloc_zero(sizeof(tor_tls_t)); - tls->ssl = tor_malloc_zero(sizeof(SSL)); - tor_tls_unblock_renegotiation(tls); - tor_tls_assert_renegotiation_unblocked(tls); - /* No assertion here - this test will fail if tor_assert is turned on - * and things are bad. */ - - tor_free(tls->ssl); - tor_free(tls); -} -#endif /* !defined(OPENSSL_OPAQUE) */ - static void test_tortls_set_logged_address(void *ignored) { @@ -2228,7 +2209,6 @@ struct testcase_t tortls_openssl_tests[] = { INTRUSIVE_TEST_CASE(server_info_callback, 0), LOCAL_TEST_CASE(get_write_overhead_ratio, TT_FORK), LOCAL_TEST_CASE(is_server, 0), - INTRUSIVE_TEST_CASE(assert_renegotiation_unblocked, 0), INTRUSIVE_TEST_CASE(block_renegotiation, 0), INTRUSIVE_TEST_CASE(unblock_renegotiation, 0), INTRUSIVE_TEST_CASE(set_renegotiate_callback, 0),