summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/src/ssl/d1_both.c7
-rw-r--r--lib/libssl/src/ssl/d1_clnt.c26
-rw-r--r--lib/libssl/src/ssl/d1_enc.c5
-rw-r--r--lib/libssl/src/ssl/d1_pkt.c28
-rw-r--r--lib/libssl/src/ssl/d1_srvr.c9
-rw-r--r--lib/libssl/src/ssl/dtls1.h7
-rw-r--r--lib/libssl/src/ssl/s23_clnt.c21
-rw-r--r--lib/libssl/src/ssl/s23_srvr.c4
-rw-r--r--lib/libssl/src/ssl/s3_both.c11
-rw-r--r--lib/libssl/src/ssl/s3_cbc.c5
-rw-r--r--lib/libssl/src/ssl/s3_clnt.c72
-rw-r--r--lib/libssl/src/ssl/s3_enc.c48
-rw-r--r--lib/libssl/src/ssl/s3_lib.c6
-rw-r--r--lib/libssl/src/ssl/s3_pkt.c69
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c97
-rw-r--r--lib/libssl/src/ssl/ssl.h37
-rw-r--r--lib/libssl/src/ssl/ssl3.h16
-rw-r--r--lib/libssl/src/ssl/ssl_algs.c8
-rw-r--r--lib/libssl/src/ssl/ssl_asn1.c32
-rw-r--r--lib/libssl/src/ssl/ssl_ciph.c175
-rw-r--r--lib/libssl/src/ssl/ssl_lib.c30
-rw-r--r--lib/libssl/src/ssl/ssl_locl.h16
-rw-r--r--lib/libssl/src/ssl/ssl_sess.c5
-rw-r--r--lib/libssl/src/ssl/ssl_txt.c18
-rw-r--r--lib/libssl/src/ssl/t1_enc.c45
25 files changed, 39 insertions, 758 deletions
diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index f27588fcff8..e25f69dbb64 100644
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */
+/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -944,7 +944,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
* ssl->s3->read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
* ssl->session->read_hash assign
*/
int
@@ -1160,7 +1159,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
/* save current state*/
frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
- frag->msg_header.saved_retransmit_state.compress = s->compress;
frag->msg_header.saved_retransmit_state.session = s->session;
frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
@@ -1229,7 +1227,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
/* save current state */
saved_state.enc_write_ctx = s->enc_write_ctx;
saved_state.write_hash = s->write_hash;
- saved_state.compress = s->compress;
saved_state.session = s->session;
saved_state.epoch = s->d1->w_epoch;
@@ -1238,7 +1235,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
/* restore state in which the message was originally sent */
s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
- s->compress = frag->msg_header.saved_retransmit_state.compress;
s->session = frag->msg_header.saved_retransmit_state.session;
s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
@@ -1256,7 +1252,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
/* restore current state */
s->enc_write_ctx = saved_state.enc_write_ctx;
s->write_hash = saved_state.write_hash;
- s->compress = saved_state.compress;
s->session = saved_state.session;
s->d1->w_epoch = saved_state.epoch;
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 65b59f79874..04ae11d7bc3 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -544,15 +544,6 @@ dtls1_connect(SSL *s)
s->init_num = 0;
s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth = 0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth = 0;
- else
- s->session->compress_meth =
- s->s3->tmp.new_compression->id;
-#endif
if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1;
goto end;
@@ -768,9 +759,8 @@ dtls1_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p, *d;
- unsigned int i, j;
+ unsigned int i;
unsigned long l;
- SSL_COMP *comp;
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -839,16 +829,8 @@ dtls1_client_hello(SSL *s)
s2n(i, p);
p += i;
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j = 0;
- else
- j = sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++) = 1 + j;
- for (i = 0; i < j; i++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
- *(p++) = comp->id;
- }
+ /* add in (no) COMPRESSION */
+ *(p++) = 1;
*(p++) = 0; /* Add the NULL method */
if ((p = ssl_add_clienthello_tlsext(s, p,
diff --git a/lib/libssl/src/ssl/d1_enc.c b/lib/libssl/src/ssl/d1_enc.c
index 104f233937d..fe8df15a94b 100644
--- a/lib/libssl/src/ssl/d1_enc.c
+++ b/lib/libssl/src/ssl/d1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_enc.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: d1_enc.c,v 1.6 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -115,9 +115,6 @@
#include <stdio.h>
#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c
index 56e6939aedc..c9ffab1f3c2 100644
--- a/lib/libssl/src/ssl/d1_pkt.c
+++ b/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.31 2014/07/09 16:06:14 miod Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -427,20 +427,6 @@ dtls1_process_record(SSL *s)
goto err;
}
- /* r->length is now just compressed */
- if (s->expand != NULL) {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s)) {
- al = SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1373,16 +1359,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
/* we now 'read' from wr->input, wr->length bytes into
* wr->data */
- /* first we compress */
- if (s->compress != NULL) {
- if (!ssl3_do_compress(s)) {
- SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- } else {
- memcpy(wr->data, wr->input, wr->length);
- wr->input = wr->data;
- }
+ memcpy(wr->data, wr->input, wr->length);
+ wr->input = wr->data;
/* we should still have the output to wr->data and the input
* from wr->input. Length should be wr->length.
diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index c01dc77254e..9fdb6c290b1 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.29 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,14 +946,7 @@ dtls1_send_server_hello(SSL *s)
p += i;
/* put the compression method */
-#ifdef OPENSSL_NO_COMP
*(p++) = 0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++) = 0;
- else
- *(p++) = s->s3->tmp.new_compression->id;
-#endif
if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
diff --git a/lib/libssl/src/ssl/dtls1.h b/lib/libssl/src/ssl/dtls1.h
index c6e302faf4f..e7229fb56be 100644
--- a/lib/libssl/src/ssl/dtls1.h
+++ b/lib/libssl/src/ssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: dtls1.h,v 1.14 2014/07/10 08:51:14 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -108,11 +108,6 @@ typedef struct dtls1_bitmap_st {
struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-#endif
SSL_SESSION *session;
unsigned short epoch;
};
diff --git a/lib/libssl/src/ssl/s23_clnt.c b/lib/libssl/src/ssl/s23_clnt.c
index 510e729d554..e2f1544486b 100644
--- a/lib/libssl/src/ssl/s23_clnt.c
+++ b/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.29 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -293,10 +293,6 @@ ssl23_client_hello(SSL *s)
int i;
unsigned long l;
int version = 0, version_major, version_minor;
-#ifndef OPENSSL_NO_COMP
- int j;
- SSL_COMP *comp;
-#endif
int ret;
unsigned long mask, options = s->options;
@@ -384,21 +380,8 @@ ssl23_client_hello(SSL *s)
s2n(i, p);
p += i;
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
+ /* add in (no) COMPRESSION */
*(p++) = 1;
-#else
- if ((s->options & SSL_OP_NO_COMPRESSION) ||
- !s->ctx->comp_methods)
- j = 0;
- else
- j = sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++) = 1 + j;
- for (i = 0; i < j; i++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
- *(p++) = comp->id;
- }
-#endif
/* Add the NULL method */
*(p++) = 0;
diff --git a/lib/libssl/src/ssl/s23_srvr.c b/lib/libssl/src/ssl/s23_srvr.c
index cd1a5174a70..caeb34b78e9 100644
--- a/lib/libssl/src/ssl/s23_srvr.c
+++ b/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.29 2014/06/30 14:13:27 tedu Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -487,7 +487,7 @@ ssl23_get_client_hello(SSL *s)
}
s2n(j, dd);
- /* COMPRESSION */
+ /* add in (no) COMPRESSION */
*(d++) = 1;
*(d++) = 0;
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index 2da6b527e11..500387e3720 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -287,7 +287,6 @@ f_err:
* ssl->s3->read_sequence zero
* ssl->s3->read_mac_secret re-init
* ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
* ssl->session->read_hash assign
*/
int
@@ -640,10 +639,6 @@ ssl3_setup_read_buffer(SSL *s)
s->s3->init_extra = 1;
len += SSL3_RT_MAX_EXTRA;
}
-#ifndef OPENSSL_NO_COMP
- if (!(s->options & SSL_OP_NO_COMPRESSION))
- len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
if ((p = malloc(len)) == NULL)
goto err;
s->s3->rbuf.buf = p;
@@ -676,10 +671,6 @@ ssl3_setup_write_buffer(SSL *s)
if (s->s3->wbuf.buf == NULL) {
len = s->max_send_fragment +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-#ifndef OPENSSL_NO_COMP
- if (!(s->options & SSL_OP_NO_COMPRESSION))
- len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
diff --git a/lib/libssl/src/ssl/s3_cbc.c b/lib/libssl/src/ssl/s3_cbc.c
index 24f0a22d073..74bd4b47c8a 100644
--- a/lib/libssl/src/ssl/s3_cbc.c
+++ b/lib/libssl/src/ssl/s3_cbc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_cbc.c,v 1.7 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */
/* ====================================================================
* Copyright (c) 2012 The OpenSSL Project. All rights reserved.
*
@@ -169,8 +169,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
* even length so the padding bug check cannot be performed. This bug
* workaround has been around since SSLeay so hopefully it is either
* fixed now or no buggy implementation supports compression [steve]
+ * (We don't support compression either, so it's not in operation.)
*/
- if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
+ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) {
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 61de494244e..079544da846 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -472,15 +472,6 @@ ssl3_connect(SSL *s)
s->init_num = 0;
s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth = 0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth = 0;
- else
- s->session->compress_meth =
- s->s3->tmp.new_compression->id;
-#endif
if (!s->method->ssl3_enc->setup_key_block(s)) {
ret = -1;
goto end;
@@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s)
unsigned char *p, *d;
int i;
unsigned long l;
-#ifndef OPENSSL_NO_COMP
- int j;
- SSL_COMP *comp;
-#endif
buf = (unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s)
s2n(i, p);
p += i;
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
+ /* add in (no) COMPRESSION */
*(p++) = 1;
-#else
-
- if ((s->options & SSL_OP_NO_COMPRESSION) ||
- !s->ctx->comp_methods)
- j = 0;
- else
- j = sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++) = 1 + j;
- for (i = 0; i < j; i++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
- *(p++) = comp->id;
- }
-#endif
*(p++) = 0; /* Add the NULL method */
/* TLS extensions*/
@@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s)
int i, al, ok;
unsigned int j;
long n;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp;
-#endif
n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s)
}
/* lets get the compression algorithm */
/* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
if (*(p++) != 0) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
- /*
- * If compression is disabled we'd better not try to resume a session
- * using compression.
- */
- if (s->session->compress_meth != 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
-#else
- j= *(p++);
- if (s->hit && j != s->session->compress_meth) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
- goto f_err;
- }
- if (j == 0)
- comp = NULL;
- else if (s->options & SSL_OP_NO_COMPRESSION) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_COMPRESSION_DISABLED);
- goto f_err;
- } else
- comp = ssl3_comp_find(s->ctx->comp_methods, j);
-
- if ((j != 0) && (comp == NULL)) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
- SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- } else {
- s->s3->tmp.new_compression = comp;
- }
-#endif
/* TLS extensions*/
if (s->version >= SSL3_VERSION) {
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index 5111e0e4fa7..d9fedfbb1a2 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.51 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.52 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -225,9 +225,6 @@ ssl3_change_cipher_state(SSL *s, int which)
const EVP_CIPHER *cipher;
const EVP_MD *mac;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *comp;
-#endif
cipher = s->s3->tmp.new_sym_enc;
mac = s->s3->tmp.new_hash;
@@ -250,41 +247,6 @@ ssl3_change_cipher_state(SSL *s, int which)
use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ));
-#ifndef OPENSSL_NO_COMP
- comp = s->s3->tmp.new_compression;
- if (is_read) {
- if (s->expand != NULL) {
- COMP_CTX_free(s->expand);
- s->expand = NULL;
- }
- if (comp != NULL) {
- s->expand = COMP_CTX_new(comp->method);
- if (s->expand == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp =
- malloc(SSL3_RT_MAX_PLAIN_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
- } else {
- if (s->compress != NULL) {
- COMP_CTX_free(s->compress);
- s->compress = NULL;
- }
- if (comp != NULL) {
- s->compress = COMP_CTX_new(comp->method);
- if (s->compress == NULL) {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
- }
-#endif
if (is_read) {
EVP_CIPHER_CTX_free(s->enc_read_ctx);
@@ -365,17 +327,10 @@ ssl3_setup_key_block(SSL *s)
const EVP_CIPHER *cipher;
const EVP_MD *mac;
int ret = 0;
- SSL_COMP *comp;
if (s->s3->tmp.key_block_length != 0)
return (1);
- if (!ssl_cipher_get_comp(s->session, &comp)) {
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,
- SSL_R_CIPHER_COMPRESSION_UNAVAILABLE);
- return (0);
- }
-
if (!ssl_cipher_get_evp(s->session, &cipher, &mac, NULL, NULL)) {
SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,
SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
@@ -384,7 +339,6 @@ ssl3_setup_key_block(SSL *s)
s->s3->tmp.new_sym_enc = cipher;
s->s3->tmp.new_hash = mac;
- s->s3->tmp.new_compression = comp;
mac_len = EVP_MD_size(mac);
key_len = EVP_CIPHER_key_length(cipher);
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index 5c4e530d34e..400c1b87e0d 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2420,7 +2420,6 @@ ssl3_free(SSL *s)
ssl3_release_read_buffer(s);
ssl3_release_write_buffer(s);
- free(s->s3->rrec.comp);
DH_free(s->s3->tmp.dh);
EC_KEY_free(s->s3->tmp.ecdh);
@@ -2444,9 +2443,6 @@ ssl3_clear(SSL *s)
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
- free(s->s3->rrec.comp);
- s->s3->rrec.comp = NULL;
-
DH_free(s->s3->tmp.dh);
s->s3->tmp.dh = NULL;
EC_KEY_free(s->s3->tmp.ecdh);
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index a508d5ee495..237d90c5812 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.49 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -469,21 +469,6 @@ again:
goto f_err;
}
- /* r->length is now just compressed */
- if (s->expand != NULL) {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
- al = SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,
- SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s)) {
- al = SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
al = SSL_AD_RECORD_OVERFLOW;
SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -516,46 +501,6 @@ err:
return (ret);
}
-int
-ssl3_do_uncompress(SSL *ssl)
-{
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *rr;
-
- rr = &(ssl->s3->rrec);
- i = COMP_expand_block(ssl->expand, rr->comp,
- SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
- if (i < 0)
- return (0);
- else
- rr->length = i;
- rr->data = rr->comp;
-#endif
- return (1);
-}
-
-int
-ssl3_do_compress(SSL *ssl)
-{
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *wr;
-
- wr = &(ssl->s3->wrec);
- i = COMP_compress_block(ssl->compress, wr->data,
- SSL3_RT_MAX_COMPRESSED_LENGTH,
- wr->input, (int)wr->length);
- if (i < 0)
- return (0);
- else
- wr->length = i;
-
- wr->input = wr->data;
-#endif
- return (1);
-}
-
/* Call this to write data in records of type 'type'
* It will return <= 0 if not all data has been sent or non-blocking IO.
*/
@@ -766,16 +711,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* we now 'read' from wr->input, wr->length bytes into wr->data */
- /* first we compress */
- if (s->compress != NULL) {
- if (!ssl3_do_compress(s)) {
- SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- } else {
- memcpy(wr->data, wr->input, wr->length);
- wr->input = wr->data;
- }
+ memcpy(wr->data, wr->input, wr->length);
+ wr->input = wr->data;
/* we should still have the output to wr->data and the input
* from wr->input. Length should be wr->length.
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index a3e62ea3239..200b3b6bf2e 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
unsigned long id;
unsigned char *p, *d, *q;
SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp = NULL;
-#endif
STACK_OF(SSL_CIPHER) *ciphers = NULL;
/*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
}
/*
- * Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q.
- */
- s->s3->tmp.new_compression = NULL;
-#ifndef OPENSSL_NO_COMP
- /* This only happens if we have a cache hit */
- if (s->session->compress_meth != 0) {
- int m, comp_id = s->session->compress_meth;
- /* Perform sanity checks on resumed compression algorithm */
- /* Can't disable compression */
- if (s->options & SSL_OP_NO_COMPRESSION) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
- /* Look for resumed compression method */
- for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
- if (comp_id == comp->id) {
- s->s3->tmp.new_compression = comp;
- break;
- }
- }
- if (s->s3->tmp.new_compression == NULL) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INVALID_COMPRESSION_ALGORITHM);
- goto f_err;
- }
- /* Look for resumed method in compression list */
- for (m = 0; m < i; m++) {
- if (q[m] == comp_id)
- break;
- }
- if (m >= i) {
- al = SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
- goto f_err;
- }
- } else if (s->hit)
- comp = NULL;
- else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
- { /* See if we have a match */
- int m, nn, o, v, done = 0;
-
- nn = sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m = 0; m < nn; m++) {
- comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
- v = comp->id;
- for (o = 0; o < i; o++) {
- if (v == q[o]) {
- done = 1;
- break;
- }
- }
- if (done)
- break;
- }
- if (done)
- s->s3->tmp.new_compression = comp;
- else
- comp = NULL;
- }
-#else
- /*
- * If compression is disabled we'd better not try to resume a session
- * using compression.
- */
- if (s->session->compress_meth != 0) {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
-#endif
-
- /*
* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher
*/
if (!s->hit) {
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth = 0;
-#else
- s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
-#endif
if (s->session->ciphers != NULL)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
p += i;
/* put the compression method */
-#ifdef OPENSSL_NO_COMP
*(p++) = 0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++) = 0;
- else
- *(p++) = s->s3->tmp.new_compression->id;
-#endif
if (ssl_prepare_serverhello_tlsext(s) <= 0) {
SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
SSL_R_SERVERHELLO_TLSEXT);
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index b1eeb85c649..18218f4c611 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.58 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -145,9 +145,6 @@
#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif
@@ -488,8 +485,6 @@ struct ssl_session_st {
time_t time;
int references;
- unsigned int compress_meth; /* Need to lookup the method */
-
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
@@ -682,11 +677,6 @@ typedef struct ssl_comp_st SSL_COMP;
struct ssl_comp_st {
int id;
const char *name;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *method;
-#else
- char *method;
-#endif
};
DECLARE_STACK_OF(SSL_COMP)
@@ -1099,11 +1089,6 @@ struct ssl_st {
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *expand; /* uncompress */
-#else
- char *expand;
-#endif
SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
enc_write_ctx and write_hash are
@@ -1111,12 +1096,6 @@ struct ssl_st {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-
-#endif
/* session info */
@@ -1836,20 +1815,6 @@ void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
void SSL_set_tmp_ecdh_callback(SSL *ssl,
EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-#ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-#else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, void *cm);
-#endif
-
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 235c359af28..f956c50987c 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.23 2014/06/13 11:52:03 jsing Exp $ */
+/* $OpenBSD: ssl3.h,v 1.24 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -117,9 +117,6 @@
#ifndef HEADER_SSL3_H
#define HEADER_SSL3_H
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
@@ -285,12 +282,7 @@ extern "C" {
/* If compression isn't used don't include the compression overhead */
-#ifdef OPENSSL_NO_COMP
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
-#else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH \
- (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-#endif
#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE \
@@ -336,7 +328,6 @@ typedef struct ssl3_record_st {
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
@@ -492,11 +483,6 @@ typedef struct ssl3_state_st {
const EVP_MD *new_hash;
int new_mac_pkey_type;
int new_mac_secret_size;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *new_compression;
-#else
- char *new_compression;
-#endif
int cert_request;
} tmp;
diff --git a/lib/libssl/src/ssl/ssl_algs.c b/lib/libssl/src/ssl/ssl_algs.c
index 0518876ab4f..ce051252f6c 100644
--- a/lib/libssl/src/ssl/ssl_algs.c
+++ b/lib/libssl/src/ssl/ssl_algs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_algs.c,v 1.18 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_algs.c,v 1.19 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -112,12 +112,6 @@ SSL_library_init(void)
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
EVP_add_digest(EVP_ecdsa());
-#ifndef OPENSSL_NO_COMP
- /* This will initialise the built-in compression algorithms.
- The value returned is a STACK_OF(SSL_COMP), but that can
- be discarded safely */
- (void)SSL_COMP_get_compression_methods();
-#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
return (1);
diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c
index 85944088989..43366b33b8d 100644
--- a/lib/libssl/src/ssl/ssl_asn1.c
+++ b/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.27 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -118,10 +118,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
int v6 = 0, v9 = 0, v10 = 0;
unsigned char ibuf6[LSIZE2];
-#ifndef OPENSSL_NO_COMP
- unsigned char cbuf;
- int v11 = 0;
-#endif
long l;
SSL_SESSION_ASN1 a;
M_ASN1_I2D_vars(in);
@@ -155,14 +151,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
buf[0] = ((unsigned char)(l >> 8L))&0xff;
buf[1] = ((unsigned char)(l ))&0xff;
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth) {
- cbuf = (unsigned char)in->compress_meth;
- a.comp_id.length = 1;
- a.comp_id.type = V_ASN1_OCTET_STRING;
- a.comp_id.data = &cbuf;
- }
-#endif
a.master_key.length = in->master_key_length;
a.master_key.type = V_ASN1_OCTET_STRING;
@@ -248,10 +236,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
if (in->tlsext_hostname)
M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth)
- M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
-#endif
#ifndef OPENSSL_NO_PSK
if (in->psk_identity_hint)
M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
@@ -288,10 +272,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
if (in->tlsext_tick)
M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth)
- M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
-#endif
M_ASN1_I2D_finish();
}
@@ -480,16 +460,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
os.length = 0;
} else
ret->tlsext_tick = NULL;
-#ifndef OPENSSL_NO_COMP
- os.length = 0;
- os.data = NULL;
- M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11);
- if (os.data) {
- ret->compress_meth = os.data[0];
- free(os.data);
- os.data = NULL;
- }
-#endif
M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index d84e45764ed..0ba66cc89fb 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -142,9 +142,6 @@
#include <stdio.h>
#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
#define SSL_COMP_ZLIB_IDX 1
#define SSL_COMP_NUM_IDX 2
-static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
-
#define SSL_MD_MD5_IDX 0
#define SSL_MD_SHA1_IDX 1
#define SSL_MD_GOST94_IDX 2
@@ -645,81 +640,14 @@ ssl_load_ciphers(void)
ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
}
-#ifndef OPENSSL_NO_COMP
-
-static int
-sk_comp_cmp(const SSL_COMP * const *a,
- const SSL_COMP * const *b)
-{
- return ((*a)->id - (*b)->id);
-}
-
-static void
-load_builtin_compressions(void)
-{
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL);
- if (ssl_comp_methods == NULL) {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- got_write_lock = 1;
-
- if (ssl_comp_methods == NULL) {
- SSL_COMP *comp = NULL;
-
- ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL) {
- comp = malloc(sizeof(SSL_COMP));
- if (comp != NULL) {
- comp->method = COMP_zlib();
- if (comp->method &&
- comp->method->type == NID_undef)
- free(comp);
- else {
- comp->id = SSL_COMP_ZLIB_IDX;
- comp->name = comp->method->name;
- sk_SSL_COMP_push(ssl_comp_methods, comp);
- }
- }
- sk_SSL_COMP_sort(ssl_comp_methods);
- }
- }
- }
-
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-}
-#endif
/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
* session and returns 1. On error it returns 0. */
int
ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
{
- SSL_COMP ctmp;
- int i;
-
-#ifndef OPENSSL_NO_COMP
- load_builtin_compressions();
-#endif
-
*comp = NULL;
- if (s->compress_meth == 0)
- return 1;
- if (ssl_comp_methods == NULL)
- return 0;
-
- ctmp.id = s->compress_meth;
- i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
- if (i >= 0) {
- *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
- return 1;
- }
-
- return 0;
+ return 1;
}
int
@@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c)
{
return c->id;
}
-
-SSL_COMP *
-ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-{
- SSL_COMP *ctmp;
- int i, nn;
-
- if ((n == 0) || (sk == NULL))
- return (NULL);
- nn = sk_SSL_COMP_num(sk);
- for (i = 0; i < nn; i++) {
- ctmp = sk_SSL_COMP_value(sk, i);
- if (ctmp->id == n)
- return (ctmp);
- }
- return (NULL);
-}
-
-#ifdef OPENSSL_NO_COMP
-void *
-SSL_COMP_get_compression_methods(void)
-{
- return NULL;
-}
-
-int
-SSL_COMP_add_compression_method(int id, void *cm)
-{
- return 1;
-}
-
-const char *
-SSL_COMP_get_name(const void *comp)
-{
- return NULL;
-}
-#else
-STACK_OF(SSL_COMP) *
-SSL_COMP_get_compression_methods(void)
-{
- load_builtin_compressions();
- return (ssl_comp_methods);
-}
-
-int
-SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
-{
- SSL_COMP *comp;
-
- if (cm == NULL || cm->type == NID_undef)
- return 1;
-
- /* According to draft-ietf-tls-compression-04.txt, the
- compression number ranges should be the following:
-
- 0 to 63: methods defined by the IETF
- 64 to 192: external party methods assigned by IANA
- 193 to 255: reserved for private use */
- if (id < 193 || id > 255) {
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
- SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
- return 1;
- }
-
- comp = malloc(sizeof(SSL_COMP));
- if (comp == NULL) {
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
- ERR_R_MALLOC_FAILURE);
- return (1);
- }
- comp->id = id;
- comp->method = cm;
- load_builtin_compressions();
- if (ssl_comp_methods &&
- sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
- free(comp);
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
- SSL_R_DUPLICATE_COMPRESSION_ID);
- return (1);
- } else if ((ssl_comp_methods == NULL) ||
- !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
- free(comp);
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
- ERR_R_MALLOC_FAILURE);
- return (1);
- } else {
- return (0);
- }
-}
-
-const char *
-SSL_COMP_get_name(const COMP_METHOD *comp)
-{
- if (comp)
- return comp->name;
- return NULL;
-}
-
-#endif
diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index a5f2f3f7515..765012e861e 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.71 2014/07/10 08:18:55 bcook Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.72 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1793,9 +1793,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
ret->extra_certs = NULL;
- /* No compression for DTLS */
- if (meth->version != DTLS1_VERSION)
- ret->comp_methods = SSL_COMP_get_compression_methods();
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -2610,12 +2607,6 @@ ssl_clear_cipher_ctx(SSL *s)
s->aead_write_ctx = NULL;
}
-#ifndef OPENSSL_NO_COMP
- COMP_CTX_free(s->expand);
- s->expand = NULL;
- COMP_CTX_free(s->compress);
- s->compress = NULL;
-#endif
}
/* Fix this function so that it takes an optional type parameter */
@@ -2645,7 +2636,6 @@ SSL_get_current_cipher(const SSL *s)
return (s->session->cipher);
return (NULL);
}
-#ifdef OPENSSL_NO_COMP
const void *
SSL_get_current_compression(SSL *s)
{
@@ -2657,24 +2647,6 @@ SSL_get_current_expansion(SSL *s)
{
return (NULL);
}
-#else
-
-const COMP_METHOD *
-SSL_get_current_compression(SSL *s)
-{
- if (s->compress != NULL)
- return (s->compress->meth);
- return (NULL);
-}
-
-const COMP_METHOD *
-SSL_get_current_expansion(SSL *s)
-{
- if (s->expand != NULL)
- return (s->expand->meth);
- return (NULL);
-}
-#endif
int
ssl_init_wbio_buffer(SSL *s, int push)
diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 2b3d1b8e444..b3bc4f4ae4a 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.57 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -153,9 +153,6 @@
#include <openssl/opensslconf.h>
#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#include <openssl/bio.h>
#include <openssl/stack.h>
#include <openssl/rsa.h>
@@ -547,15 +544,6 @@ struct ssl_aead_ctx_st {
char variable_nonce_in_record;
};
-#ifndef OPENSSL_NO_COMP
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st {
- int comp_id; /* The identifier byte for this compression type */
- char *name; /* Text name used for the compression type */
- COMP_METHOD *method; /* The method :-) */
-} SSL3_COMP;
-#endif
-
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
extern SSL_CIPHER ssl3_ciphers[];
@@ -685,8 +673,6 @@ long tls1_default_timeout(void);
int dtls1_do_write(SSL *s, int type);
int ssl3_read_n(SSL *s, int n, int max, int extend);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);
unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 7932f201512..b3dd3e61173 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.35 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -207,7 +207,6 @@ SSL_SESSION_new(void)
ss->time = time(NULL);
ss->prev = NULL;
ss->next = NULL;
- ss->compress_meth = 0;
ss->tlsext_hostname = NULL;
ss->tlsext_ecpointformatlist_length = 0;
@@ -233,7 +232,7 @@ SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
unsigned int
SSL_SESSION_get_compress_id(const SSL_SESSION *s)
{
- return s->compress_meth;
+ return 0;
}
/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
diff --git a/lib/libssl/src/ssl/ssl_txt.c b/lib/libssl/src/ssl/ssl_txt.c
index c06e2d23b7f..25f22902904 100644
--- a/lib/libssl/src/ssl/ssl_txt.c
+++ b/lib/libssl/src/ssl/ssl_txt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_txt.c,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_txt.c,v 1.22 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -182,22 +182,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
goto err;
}
-#ifndef OPENSSL_NO_COMP
- if (x->compress_meth != 0) {
- SSL_COMP *comp = NULL;
-
- if (!ssl_cipher_get_comp(x, &comp))
- goto err;
-
- if (comp == NULL) {
- if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0)
- goto err;
- } else {
- if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0)
- goto err;
- }
- }
-#endif
if (x->time != 0) {
if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
goto err;
diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c
index 26d98522d0a..cccf17eab5f 100644
--- a/lib/libssl/src/ssl/t1_enc.c
+++ b/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.66 2014/07/10 08:51:15 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -137,9 +137,6 @@
#include <stdio.h>
#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
@@ -470,9 +467,6 @@ tls1_change_cipher_state(SSL *s, int which)
const EVP_AEAD *aead;
char is_read, use_client_keys;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *comp;
-#endif
cipher = s->s3->tmp.new_sym_enc;
aead = s->s3->tmp.new_aead;
@@ -492,41 +486,6 @@ tls1_change_cipher_state(SSL *s, int which)
use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
(which == SSL3_CHANGE_CIPHER_SERVER_READ));
-#ifndef OPENSSL_NO_COMP
- comp = s->s3->tmp.new_compression;
- if (is_read) {
- if (s->expand != NULL) {
- COMP_CTX_free(s->expand);
- s->expand = NULL;
- }
- if (comp != NULL) {
- s->expand = COMP_CTX_new(comp->method);
- if (s->expand == NULL) {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp =
- malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
- } else {
- if (s->compress != NULL) {
- COMP_CTX_free(s->compress);
- s->compress = NULL;
- }
- if (comp != NULL) {
- s->compress = COMP_CTX_new(comp->method);
- if (s->compress == NULL) {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
- SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
- }
-#endif
/*
* Reset sequence number to zero - for DTLS this is handled in
@@ -596,8 +555,6 @@ tls1_change_cipher_state(SSL *s, int which)
return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
mac_secret, mac_secret_size, key, key_len, iv, iv_len);
-err:
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
err2:
return (0);
}