Forbid calling SSL_read, SSL_peek, and SSL_do_handshake post-shutdown.

This explicitly forbids an API pattern which formerly kind of worked, but was extremely buggy (see preceding commits). Depending on how one interprets close_notify and our API, one might wish to call SSL_shutdown only once (morally shutdown(SHUT_WR)) and then SSL_read until EOF. However, this exposes additional confusing states where we might try to send an alert post-SHUT_WR, etc. Early commits made us more robust here (whether one is allowed to touch the SSL* after an operattion failed because it read an alert is... unclear), so we could support it if we wanted to, but this doesn't seem worth the additional statespace. See if we can get away with not allowing it. Change-Id: Ie7a7e5520b464360b1e6316c34ec9854b571782f Reviewed-on: https://boringssl-review.googlesource.com/7433 Reviewed-by: David Benjamin <davidben@google.com>
8 年之前 · c7eae5a326
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -505,7 +505,8 @@ start:
    /* Begin a new handshake. */
    ssl->s3->total_renegotiations++;
    ssl->state = SSL_ST_CONNECT;
    i = ssl->handshake_func(ssl);
    /* TODO(davidben): Lift this call up to SSL_read. */
    i = SSL_do_handshake(ssl);
    if (i < 0) {
      return i;
    }
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -559,6 +559,11 @@ int SSL_do_handshake(SSL *ssl) {
    return -1;
  }

  if (ssl->s3->send_shutdown != ssl_shutdown_none) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
    return -1;
  }

  if (!SSL_in_init(ssl)) {
    return 1;
  }
@@ -599,6 +604,11 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
    return -1;
  }

  if (ssl->s3->send_shutdown != ssl_shutdown_none) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_PROTOCOL_IS_SHUTDOWN);
    return -1;
  }

  /* This may require multiple iterations. False Start will cause
   * |ssl->handshake_func| to signal success one step early, but the handshake
   * must be completely finished before other modes are accepted. */