diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-07-10 08:51:16 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-07-10 08:51:16 +0000 |
| commit | 3cf12f4fd325fb1a3203f943c2fb19bed7b9b704 (patch) | |
| tree | d5e730712b82fc2fea200e8565430b0a2290eacf | |
| parent | 1c8cb17d239182a04a69b0164b66e830e15dc75e (diff) | |
decompress libssl. ok beck jsing
| -rw-r--r-- | lib/libssl/d1_both.c | 7 | ||||
| -rw-r--r-- | lib/libssl/d1_clnt.c | 26 | ||||
| -rw-r--r-- | lib/libssl/d1_enc.c | 5 | ||||
| -rw-r--r-- | lib/libssl/d1_pkt.c | 28 | ||||
| -rw-r--r-- | lib/libssl/d1_srvr.c | 9 | ||||
| -rw-r--r-- | lib/libssl/dtls1.h | 7 | ||||
| -rw-r--r-- | lib/libssl/s23_clnt.c | 21 | ||||
| -rw-r--r-- | lib/libssl/s23_srvr.c | 4 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 11 | ||||
| -rw-r--r-- | lib/libssl/s3_cbc.c | 5 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 72 | ||||
| -rw-r--r-- | lib/libssl/s3_lib.c | 6 | ||||
| -rw-r--r-- | lib/libssl/s3_pkt.c | 69 | ||||
| -rw-r--r-- | lib/libssl/s3_srvr.c | 97 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 37 | ||||
| -rw-r--r-- | lib/libssl/ssl3.h | 16 | ||||
| -rw-r--r-- | lib/libssl/ssl_algs.c | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_asn1.c | 32 | ||||
| -rw-r--r-- | lib/libssl/ssl_ciph.c | 175 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 30 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 16 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 5 | ||||
| -rw-r--r-- | lib/libssl/ssl_txt.c | 18 | ||||
| -rw-r--r-- | lib/libssl/t1_enc.c | 45 |
24 files changed, 38 insertions, 711 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c index f27588fcff8..e25f69dbb64 100644 --- a/lib/libssl/d1_both.c +++ b/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */ +/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -944,7 +944,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign * ssl->session->read_hash assign */ int @@ -1160,7 +1159,6 @@ dtls1_buffer_message(SSL *s, int is_ccs) /* save current state*/ frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; - frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; @@ -1229,7 +1227,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* save current state */ saved_state.enc_write_ctx = s->enc_write_ctx; saved_state.write_hash = s->write_hash; - saved_state.compress = s->compress; saved_state.session = s->session; saved_state.epoch = s->d1->w_epoch; @@ -1238,7 +1235,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* restore state in which the message was originally sent */ s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; - s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; @@ -1256,7 +1252,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* restore current state */ s->enc_write_ctx = saved_state.enc_write_ctx; s->write_hash = saved_state.write_hash; - s->compress = saved_state.compress; s->session = saved_state.session; s->d1->w_epoch = saved_state.epoch; diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c index 65b59f79874..04ae11d7bc3 100644 --- a/lib/libssl/d1_clnt.c +++ b/lib/libssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -544,15 +544,6 @@ dtls1_connect(SSL *s) s->init_num = 0; s->session->cipher = s->s3->tmp.new_cipher; -#ifdef OPENSSL_NO_COMP - s->session->compress_meth = 0; -#else - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth = 0; - else - s->session->compress_meth = - s->s3->tmp.new_compression->id; -#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; goto end; @@ -768,9 +759,8 @@ dtls1_client_hello(SSL *s) { unsigned char *buf; unsigned char *p, *d; - unsigned int i, j; + unsigned int i; unsigned long l; - SSL_COMP *comp; buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { @@ -839,16 +829,8 @@ dtls1_client_hello(SSL *s) s2n(i, p); p += i; - /* COMPRESSION */ - if (s->ctx->comp_methods == NULL) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } + /* add in (no) COMPRESSION */ + *(p++) = 1; *(p++) = 0; /* Add the NULL method */ if ((p = ssl_add_clienthello_tlsext(s, p, diff --git a/lib/libssl/d1_enc.c b/lib/libssl/d1_enc.c index 104f233937d..fe8df15a94b 100644 --- a/lib/libssl/d1_enc.c +++ b/lib/libssl/d1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_enc.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: d1_enc.c,v 1.6 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -115,9 +115,6 @@ #include <stdio.h> #include "ssl_locl.h" -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/md5.h> diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 56e6939aedc..c9ffab1f3c2 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.31 2014/07/09 16:06:14 miod Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -427,20 +427,6 @@ dtls1_process_record(SSL *s) goto err; } - /* r->length is now just compressed */ - if (s->expand != NULL) { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) { - al = SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); @@ -1373,16 +1359,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) /* we now 'read' from wr->input, wr->length bytes into * wr->data */ - /* first we compress */ - if (s->compress != NULL) { - if (!ssl3_do_compress(s)) { - SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE); - goto err; - } - } else { - memcpy(wr->data, wr->input, wr->length); - wr->input = wr->data; - } + memcpy(wr->data, wr->input, wr->length); + wr->input = wr->data; /* we should still have the output to wr->data and the input * from wr->input. Length should be wr->length. diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c index c01dc77254e..9fdb6c290b1 100644 --- a/lib/libssl/d1_srvr.c +++ b/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.29 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -946,14 +946,7 @@ dtls1_send_server_hello(SSL *s) p += i; /* put the compression method */ -#ifdef OPENSSL_NO_COMP *(p++) = 0; -#else - if (s->s3->tmp.new_compression == NULL) - *(p++) = 0; - else - *(p++) = s->s3->tmp.new_compression->id; -#endif if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index c6e302faf4f..e7229fb56be 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls1.h,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: dtls1.h,v 1.14 2014/07/10 08:51:14 tedu Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -108,11 +108,6 @@ typedef struct dtls1_bitmap_st { struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -#else - char *compress; -#endif SSL_SESSION *session; unsigned short epoch; }; diff --git a/lib/libssl/s23_clnt.c b/lib/libssl/s23_clnt.c index 510e729d554..e2f1544486b 100644 --- a/lib/libssl/s23_clnt.c +++ b/lib/libssl/s23_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_clnt.c,v 1.29 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: s23_clnt.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -293,10 +293,6 @@ ssl23_client_hello(SSL *s) int i; unsigned long l; int version = 0, version_major, version_minor; -#ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; -#endif int ret; unsigned long mask, options = s->options; @@ -384,21 +380,8 @@ ssl23_client_hello(SSL *s) s2n(i, p); p += i; - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP + /* add in (no) COMPRESSION */ *(p++) = 1; -#else - if ((s->options & SSL_OP_NO_COMPRESSION) || - !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } -#endif /* Add the NULL method */ *(p++) = 0; diff --git a/lib/libssl/s23_srvr.c b/lib/libssl/s23_srvr.c index cd1a5174a70..caeb34b78e9 100644 --- a/lib/libssl/s23_srvr.c +++ b/lib/libssl/s23_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s23_srvr.c,v 1.29 2014/06/30 14:13:27 tedu Exp $ */ +/* $OpenBSD: s23_srvr.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -487,7 +487,7 @@ ssl23_get_client_hello(SSL *s) } s2n(j, dd); - /* COMPRESSION */ + /* add in (no) COMPRESSION */ *(d++) = 1; *(d++) = 0; diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 2da6b527e11..500387e3720 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ +/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -287,7 +287,6 @@ f_err: * ssl->s3->read_sequence zero * ssl->s3->read_mac_secret re-init * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign * ssl->session->read_hash assign */ int @@ -640,10 +639,6 @@ ssl3_setup_read_buffer(SSL *s) s->s3->init_extra = 1; len += SSL3_RT_MAX_EXTRA; } -#ifndef OPENSSL_NO_COMP - if (!(s->options & SSL_OP_NO_COMPRESSION)) - len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; -#endif if ((p = malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; @@ -676,10 +671,6 @@ ssl3_setup_write_buffer(SSL *s) if (s->s3->wbuf.buf == NULL) { len = s->max_send_fragment + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; -#ifndef OPENSSL_NO_COMP - if (!(s->options & SSL_OP_NO_COMPRESSION)) - len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; -#endif if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; diff --git a/lib/libssl/s3_cbc.c b/lib/libssl/s3_cbc.c index 24f0a22d073..74bd4b47c8a 100644 --- a/lib/libssl/s3_cbc.c +++ b/lib/libssl/s3_cbc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_cbc.c,v 1.7 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * @@ -169,8 +169,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, * even length so the padding bug check cannot be performed. This bug * workaround has been around since SSLeay so hopefully it is either * fixed now or no buggy implementation supports compression [steve] + * (We don't support compression either, so it's not in operation.) */ - if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { + if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 61de494244e..079544da846 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -472,15 +472,6 @@ ssl3_connect(SSL *s) s->init_num = 0; s->session->cipher = s->s3->tmp.new_cipher; -#ifdef OPENSSL_NO_COMP - s->session->compress_meth = 0; -#else - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth = 0; - else - s->session->compress_meth = - s->s3->tmp.new_compression->id; -#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; goto end; @@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s) unsigned char *p, *d; int i; unsigned long l; -#ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; -#endif buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { @@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s) s2n(i, p); p += i; - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP + /* add in (no) COMPRESSION */ *(p++) = 1; -#else - - if ((s->options & SSL_OP_NO_COMPRESSION) || - !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } -#endif *(p++) = 0; /* Add the NULL method */ /* TLS extensions*/ @@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s) int i, al, ok; unsigned int j; long n; -#ifndef OPENSSL_NO_COMP - SSL_COMP *comp; -#endif n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); @@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s) } /* lets get the compression algorithm */ /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP if (*(p++) != 0) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } - /* - * If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } -#else - j= *(p++); - if (s->hit && j != s->session->compress_meth) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); - goto f_err; - } - if (j == 0) - comp = NULL; - else if (s->options & SSL_OP_NO_COMPRESSION) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_COMPRESSION_DISABLED); - goto f_err; - } else - comp = ssl3_comp_find(s->ctx->comp_methods, j); - - if ((j != 0) && (comp == NULL)) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; - } else { - s->s3->tmp.new_compression = comp; - } -#endif /* TLS extensions*/ if (s->version >= SSL3_VERSION) { diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index 5c4e530d34e..400c1b87e0d 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2420,7 +2420,6 @@ ssl3_free(SSL *s) ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); - free(s->s3->rrec.comp); DH_free(s->s3->tmp.dh); EC_KEY_free(s->s3->tmp.ecdh); @@ -2444,9 +2443,6 @@ ssl3_clear(SSL *s) if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); - free(s->s3->rrec.comp); - s->s3->rrec.comp = NULL; - DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; EC_KEY_free(s->s3->tmp.ecdh); diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index a508d5ee495..237d90c5812 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ +/* $OpenBSD: s3_pkt.c,v 1.49 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -469,21 +469,6 @@ again: goto f_err; } - /* r->length is now just compressed */ - if (s->expand != NULL) { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, - SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) { - al = SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { al = SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); @@ -516,46 +501,6 @@ err: return (ret); } -int -ssl3_do_uncompress(SSL *ssl) -{ -#ifndef OPENSSL_NO_COMP - int i; - SSL3_RECORD *rr; - - rr = &(ssl->s3->rrec); - i = COMP_expand_block(ssl->expand, rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); - if (i < 0) - return (0); - else - rr->length = i; - rr->data = rr->comp; -#endif - return (1); -} - -int -ssl3_do_compress(SSL *ssl) -{ -#ifndef OPENSSL_NO_COMP - int i; - SSL3_RECORD *wr; - - wr = &(ssl->s3->wrec); - i = COMP_compress_block(ssl->compress, wr->data, - SSL3_RT_MAX_COMPRESSED_LENGTH, - wr->input, (int)wr->length); - if (i < 0) - return (0); - else - wr->length = i; - - wr->input = wr->data; -#endif - return (1); -} - /* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ @@ -766,16 +711,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* we now 'read' from wr->input, wr->length bytes into wr->data */ - /* first we compress */ - if (s->compress != NULL) { - if (!ssl3_do_compress(s)) { - SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE); - goto err; - } - } else { - memcpy(wr->data, wr->input, wr->length); - wr->input = wr->data; - } + memcpy(wr->data, wr->input, wr->length); + wr->input = wr->data; /* we should still have the output to wr->data and the input * from wr->input. Length should be wr->length. diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index a3e62ea3239..200b3b6bf2e 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s) unsigned long id; unsigned char *p, *d, *q; SSL_CIPHER *c; -#ifndef OPENSSL_NO_COMP - SSL_COMP *comp = NULL; -#endif STACK_OF(SSL_CIPHER) *ciphers = NULL; /* @@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s) } /* - * Worst case, we will use the NULL compression, but if we have other - * options, we will now look for them. We have i-1 compression - * algorithms from the client, starting at q. - */ - s->s3->tmp.new_compression = NULL; -#ifndef OPENSSL_NO_COMP - /* This only happens if we have a cache hit */ - if (s->session->compress_meth != 0) { - int m, comp_id = s->session->compress_meth; - /* Perform sanity checks on resumed compression algorithm */ - /* Can't disable compression */ - if (s->options & SSL_OP_NO_COMPRESSION) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } - /* Look for resumed compression method */ - for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); - if (comp_id == comp->id) { - s->s3->tmp.new_compression = comp; - break; - } - } - if (s->s3->tmp.new_compression == NULL) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_INVALID_COMPRESSION_ALGORITHM); - goto f_err; - } - /* Look for resumed method in compression list */ - for (m = 0; m < i; m++) { - if (q[m] == comp_id) - break; - } - if (m >= i) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); - goto f_err; - } - } else if (s->hit) - comp = NULL; - else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) - { /* See if we have a match */ - int m, nn, o, v, done = 0; - - nn = sk_SSL_COMP_num(s->ctx->comp_methods); - for (m = 0; m < nn; m++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); - v = comp->id; - for (o = 0; o < i; o++) { - if (v == q[o]) { - done = 1; - break; - } - } - if (done) - break; - } - if (done) - s->s3->tmp.new_compression = comp; - else - comp = NULL; - } -#else - /* - * If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } -#endif - - /* * Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ if (!s->hit) { -#ifdef OPENSSL_NO_COMP - s->session->compress_meth = 0; -#else - s->session->compress_meth = (comp == NULL) ? 0 : comp->id; -#endif if (s->session->ciphers != NULL) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; @@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s) p += i; /* put the compression method */ -#ifdef OPENSSL_NO_COMP *(p++) = 0; -#else - if (s->s3->tmp.new_compression == NULL) - *(p++) = 0; - else - *(p++) = s->s3->tmp.new_compression->id; -#endif if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index b1eeb85c649..18218f4c611 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.58 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -145,9 +145,6 @@ #include <openssl/opensslconf.h> -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #ifndef OPENSSL_NO_BIO #include <openssl/bio.h> #endif @@ -488,8 +485,6 @@ struct ssl_session_st { time_t time; int references; - unsigned int compress_meth; /* Need to lookup the method */ - const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load @@ -682,11 +677,6 @@ typedef struct ssl_comp_st SSL_COMP; struct ssl_comp_st { int id; const char *name; -#ifndef OPENSSL_NO_COMP - COMP_METHOD *method; -#else - char *method; -#endif }; DECLARE_STACK_OF(SSL_COMP) @@ -1099,11 +1089,6 @@ struct ssl_st { EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ EVP_MD_CTX *read_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *expand; /* uncompress */ -#else - char *expand; -#endif SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then enc_write_ctx and write_hash are @@ -1111,12 +1096,6 @@ struct ssl_st { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -#ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -#else - char *compress; - -#endif /* session info */ @@ -1836,20 +1815,6 @@ void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, void SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); -#ifndef OPENSSL_NO_COMP -const COMP_METHOD *SSL_get_current_compression(SSL *s); -const COMP_METHOD *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const COMP_METHOD *comp); -STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -#else -const void *SSL_get_current_compression(SSL *s); -const void *SSL_get_current_expansion(SSL *s); -const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -int SSL_COMP_add_compression_method(int id, void *cm); -#endif - /* TLS extensions functions */ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); diff --git a/lib/libssl/ssl3.h b/lib/libssl/ssl3.h index 235c359af28..f956c50987c 100644 --- a/lib/libssl/ssl3.h +++ b/lib/libssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.23 2014/06/13 11:52:03 jsing Exp $ */ +/* $OpenBSD: ssl3.h,v 1.24 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -117,9 +117,6 @@ #ifndef HEADER_SSL3_H #define HEADER_SSL3_H -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #include <openssl/buffer.h> #include <openssl/evp.h> #include <openssl/ssl.h> @@ -285,12 +282,7 @@ extern "C" { /* If compression isn't used don't include the compression overhead */ -#ifdef OPENSSL_NO_COMP #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH -#else -#define SSL3_RT_MAX_COMPRESSED_LENGTH \ - (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD) -#endif #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE \ @@ -336,7 +328,6 @@ typedef struct ssl3_record_st { /*r */ unsigned int off; /* read/write offset into 'buf' */ /*rw*/ unsigned char *data; /* pointer to the record data */ /*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ /*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ } SSL3_RECORD; @@ -492,11 +483,6 @@ typedef struct ssl3_state_st { const EVP_MD *new_hash; int new_mac_pkey_type; int new_mac_secret_size; -#ifndef OPENSSL_NO_COMP - const SSL_COMP *new_compression; -#else - char *new_compression; -#endif int cert_request; } tmp; diff --git a/lib/libssl/ssl_algs.c b/lib/libssl/ssl_algs.c index 0518876ab4f..ce051252f6c 100644 --- a/lib/libssl/ssl_algs.c +++ b/lib/libssl/ssl_algs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_algs.c,v 1.18 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_algs.c,v 1.19 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -112,12 +112,6 @@ SSL_library_init(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); EVP_add_digest(EVP_ecdsa()); -#ifndef OPENSSL_NO_COMP - /* This will initialise the built-in compression algorithms. - The value returned is a STACK_OF(SSL_COMP), but that can - be discarded safely */ - (void)SSL_COMP_get_compression_methods(); -#endif /* initialize cipher/digest methods table */ ssl_load_ciphers(); return (1); diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c index 85944088989..43366b33b8d 100644 --- a/lib/libssl/ssl_asn1.c +++ b/lib/libssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.27 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,10 +118,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; int v6 = 0, v9 = 0, v10 = 0; unsigned char ibuf6[LSIZE2]; -#ifndef OPENSSL_NO_COMP - unsigned char cbuf; - int v11 = 0; -#endif long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -155,14 +151,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) buf[0] = ((unsigned char)(l >> 8L))&0xff; buf[1] = ((unsigned char)(l ))&0xff; -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) { - cbuf = (unsigned char)in->compress_meth; - a.comp_id.length = 1; - a.comp_id.type = V_ASN1_OCTET_STRING; - a.comp_id.data = &cbuf; - } -#endif a.master_key.length = in->master_key_length; a.master_key.type = V_ASN1_OCTET_STRING; @@ -248,10 +236,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); if (in->tlsext_hostname) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) - M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); -#endif #ifndef OPENSSL_NO_PSK if (in->psk_identity_hint) M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); @@ -288,10 +272,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); -#ifndef OPENSSL_NO_COMP - if (in->compress_meth) - M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); -#endif M_ASN1_I2D_finish(); } @@ -480,16 +460,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) os.length = 0; } else ret->tlsext_tick = NULL; -#ifndef OPENSSL_NO_COMP - os.length = 0; - os.data = NULL; - M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); - if (os.data) { - ret->compress_meth = os.data[0]; - free(os.data); - os.data = NULL; - } -#endif M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index d84e45764ed..0ba66cc89fb 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,9 +142,6 @@ #include <stdio.h> #include <openssl/objects.h> -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { #define SSL_COMP_ZLIB_IDX 1 #define SSL_COMP_NUM_IDX 2 -static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; - #define SSL_MD_MD5_IDX 0 #define SSL_MD_SHA1_IDX 1 #define SSL_MD_GOST94_IDX 2 @@ -645,81 +640,14 @@ ssl_load_ciphers(void) ssl_mac_secret_size[SSL_MD_SHA384_IDX]= EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); } -#ifndef OPENSSL_NO_COMP - -static int -sk_comp_cmp(const SSL_COMP * const *a, - const SSL_COMP * const *b) -{ - return ((*a)->id - (*b)->id); -} - -static void -load_builtin_compressions(void) -{ - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL); - if (ssl_comp_methods == NULL) { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); - CRYPTO_w_lock(CRYPTO_LOCK_SSL); - got_write_lock = 1; - - if (ssl_comp_methods == NULL) { - SSL_COMP *comp = NULL; - - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) { - comp = malloc(sizeof(SSL_COMP)); - if (comp != NULL) { - comp->method = COMP_zlib(); - if (comp->method && - comp->method->type == NID_undef) - free(comp); - else { - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods, comp); - } - } - sk_SSL_COMP_sort(ssl_comp_methods); - } - } - } - - if (got_write_lock) - CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - else - CRYPTO_r_unlock(CRYPTO_LOCK_SSL); -} -#endif /* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given * session and returns 1. On error it returns 0. */ int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp) { - SSL_COMP ctmp; - int i; - -#ifndef OPENSSL_NO_COMP - load_builtin_compressions(); -#endif - *comp = NULL; - if (s->compress_meth == 0) - return 1; - if (ssl_comp_methods == NULL) - return 0; - - ctmp.id = s->compress_meth; - i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); - if (i >= 0) { - *comp = sk_SSL_COMP_value(ssl_comp_methods, i); - return 1; - } - - return 0; + return 1; } int @@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; } - -SSL_COMP * -ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) -{ - SSL_COMP *ctmp; - int i, nn; - - if ((n == 0) || (sk == NULL)) - return (NULL); - nn = sk_SSL_COMP_num(sk); - for (i = 0; i < nn; i++) { - ctmp = sk_SSL_COMP_value(sk, i); - if (ctmp->id == n) - return (ctmp); - } - return (NULL); -} - -#ifdef OPENSSL_NO_COMP -void * -SSL_COMP_get_compression_methods(void) -{ - return NULL; -} - -int -SSL_COMP_add_compression_method(int id, void *cm) -{ - return 1; -} - -const char * -SSL_COMP_get_name(const void *comp) -{ - return NULL; -} -#else -STACK_OF(SSL_COMP) * -SSL_COMP_get_compression_methods(void) -{ - load_builtin_compressions(); - return (ssl_comp_methods); -} - -int -SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) -{ - SSL_COMP *comp; - - if (cm == NULL || cm->type == NID_undef) - return 1; - - /* According to draft-ietf-tls-compression-04.txt, the - compression number ranges should be the following: - - 0 to 63: methods defined by the IETF - 64 to 192: external party methods assigned by IANA - 193 to 255: reserved for private use */ - if (id < 193 || id > 255) { - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, - SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); - return 1; - } - - comp = malloc(sizeof(SSL_COMP)); - if (comp == NULL) { - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, - ERR_R_MALLOC_FAILURE); - return (1); - } - comp->id = id; - comp->method = cm; - load_builtin_compressions(); - if (ssl_comp_methods && - sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { - free(comp); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, - SSL_R_DUPLICATE_COMPRESSION_ID); - return (1); - } else if ((ssl_comp_methods == NULL) || - !sk_SSL_COMP_push(ssl_comp_methods, comp)) { - free(comp); - SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, - ERR_R_MALLOC_FAILURE); - return (1); - } else { - return (0); - } -} - -const char * -SSL_COMP_get_name(const COMP_METHOD *comp) -{ - if (comp) - return comp->name; - return NULL; -} - -#endif diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index a5f2f3f7515..765012e861e 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.71 2014/07/10 08:18:55 bcook Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.72 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1793,9 +1793,6 @@ SSL_CTX_new(const SSL_METHOD *meth) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); ret->extra_certs = NULL; - /* No compression for DTLS */ - if (meth->version != DTLS1_VERSION) - ret->comp_methods = SSL_COMP_get_compression_methods(); ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; @@ -2610,12 +2607,6 @@ ssl_clear_cipher_ctx(SSL *s) s->aead_write_ctx = NULL; } -#ifndef OPENSSL_NO_COMP - COMP_CTX_free(s->expand); - s->expand = NULL; - COMP_CTX_free(s->compress); - s->compress = NULL; -#endif } /* Fix this function so that it takes an optional type parameter */ @@ -2645,7 +2636,6 @@ SSL_get_current_cipher(const SSL *s) return (s->session->cipher); return (NULL); } -#ifdef OPENSSL_NO_COMP const void * SSL_get_current_compression(SSL *s) { @@ -2657,24 +2647,6 @@ SSL_get_current_expansion(SSL *s) { return (NULL); } -#else - -const COMP_METHOD * -SSL_get_current_compression(SSL *s) -{ - if (s->compress != NULL) - return (s->compress->meth); - return (NULL); -} - -const COMP_METHOD * -SSL_get_current_expansion(SSL *s) -{ - if (s->expand != NULL) - return (s->expand->meth); - return (NULL); -} -#endif int ssl_init_wbio_buffer(SSL *s, int push) diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 2b3d1b8e444..b3bc4f4ae4a 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.57 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -153,9 +153,6 @@ #include <openssl/opensslconf.h> #include <openssl/buffer.h> -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #include <openssl/bio.h> #include <openssl/stack.h> #include <openssl/rsa.h> @@ -547,15 +544,6 @@ struct ssl_aead_ctx_st { char variable_nonce_in_record; }; -#ifndef OPENSSL_NO_COMP -/* Used for holding the relevant compression methods loaded into SSL_CTX */ -typedef struct ssl3_comp_st { - int comp_id; /* The identifier byte for this compression type */ - char *name; /* Text name used for the compression type */ - COMP_METHOD *method; /* The method :-) */ -} SSL3_COMP; -#endif - extern SSL3_ENC_METHOD ssl3_undef_enc_method; extern SSL_CIPHER ssl3_ciphers[]; @@ -685,8 +673,6 @@ long tls1_default_timeout(void); int dtls1_do_write(SSL *s, int type); int ssl3_read_n(SSL *s, int n, int max, int extend); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -int ssl3_do_compress(SSL *ssl); -int ssl3_do_uncompress(SSL *ssl); int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len); unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 7932f201512..b3dd3e61173 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.35 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -207,7 +207,6 @@ SSL_SESSION_new(void) ss->time = time(NULL); ss->prev = NULL; ss->next = NULL; - ss->compress_meth = 0; ss->tlsext_hostname = NULL; ss->tlsext_ecpointformatlist_length = 0; @@ -233,7 +232,7 @@ SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) { - return s->compress_meth; + return 0; } /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 diff --git a/lib/libssl/ssl_txt.c b/lib/libssl/ssl_txt.c index c06e2d23b7f..25f22902904 100644 --- a/lib/libssl/ssl_txt.c +++ b/lib/libssl/ssl_txt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_txt.c,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_txt.c,v 1.22 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -182,22 +182,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) goto err; } -#ifndef OPENSSL_NO_COMP - if (x->compress_meth != 0) { - SSL_COMP *comp = NULL; - - if (!ssl_cipher_get_comp(x, &comp)) - goto err; - - if (comp == NULL) { - if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0) - goto err; - } else { - if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) - goto err; - } - } -#endif if (x->time != 0) { if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) goto err; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 26d98522d0a..cccf17eab5f 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */ +/* $OpenBSD: t1_enc.c,v 1.66 2014/07/10 08:51:15 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,9 +137,6 @@ #include <stdio.h> #include "ssl_locl.h" -#ifndef OPENSSL_NO_COMP -#include <openssl/comp.h> -#endif #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/md5.h> @@ -470,9 +467,6 @@ tls1_change_cipher_state(SSL *s, int which) const EVP_AEAD *aead; char is_read, use_client_keys; -#ifndef OPENSSL_NO_COMP - const SSL_COMP *comp; -#endif cipher = s->s3->tmp.new_sym_enc; aead = s->s3->tmp.new_aead; @@ -492,41 +486,6 @@ tls1_change_cipher_state(SSL *s, int which) use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)); -#ifndef OPENSSL_NO_COMP - comp = s->s3->tmp.new_compression; - if (is_read) { - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } - if (comp != NULL) { - s->expand = COMP_CTX_new(comp->method); - if (s->expand == NULL) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - if (s->s3->rrec.comp == NULL) - s->s3->rrec.comp = - malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); - if (s->s3->rrec.comp == NULL) - goto err; - } - } else { - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } - if (comp != NULL) { - s->compress = COMP_CTX_new(comp->method); - if (s->compress == NULL) { - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, - SSL_R_COMPRESSION_LIBRARY_ERROR); - goto err2; - } - } - } -#endif /* * Reset sequence number to zero - for DTLS this is handled in @@ -596,8 +555,6 @@ tls1_change_cipher_state(SSL *s, int which) return tls1_change_cipher_state_cipher(s, is_read, use_client_keys, mac_secret, mac_secret_size, key, key_len, iv, iv_len); -err: - SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: return (0); } |