diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2005-09-30 23:38:20 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2005-09-30 23:38:20 +0000 |
| commit | 54f51116b2fb12410fb17a1bfe6a400399e6456b (patch) | |
| tree | 003cb5f9abe8553139ba1ce48c78201cdea57c69 | |
| parent | b0d90958fc13818ae3feb058b3320aaf678c0959 (diff) | |
Update from HEAD.
| -rw-r--r-- | apps/s_client.c | 4 | ||||
| -rw-r--r-- | ssl/d1_clnt.c | 4 | ||||
| -rw-r--r-- | ssl/d1_srvr.c | 4 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 24 | ||||
| -rw-r--r-- | ssl/s3_enc.c | 14 | ||||
| -rw-r--r-- | ssl/s3_pkt.c | 5 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 12 | ||||
| -rw-r--r-- | ssl/ssl3.h | 4 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 23 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 13 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 2 | ||||
| -rw-r--r-- | ssl/ssltest.c | 4 | ||||
| -rw-r--r-- | ssl/t1_enc.c | 8 |
13 files changed, 118 insertions, 3 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index b22f3196e6..cfee531349 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) SSL_CIPHER *c; X509_NAME *xn; int j,i; +#ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; +#endif if (full) { @@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } +#ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); BIO_printf(bio,"Compression: %s\n", comp ? SSL_COMP_get_name(comp) : "NONE"); BIO_printf(bio,"Expansion: %s\n", expansion ? SSL_COMP_get_name(expansion) : "NONE"); +#endif SSL_SESSION_print(bio,SSL_get_session(s)); BIO_printf(bio,"---\n"); if (peer != NULL) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 0ba0628668..f10b34bd70 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -371,11 +371,15 @@ int dtls1_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else if (s->s3->tmp.new_compression == NULL) s->session->compress_meth=0; else s->session->compress_meth= s->s3->tmp.new_compression->id; +#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 76c51691c3..180fc6e646 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -705,10 +705,14 @@ int dtls1_send_server_hello(SSL *s) p+=i; /* put the compression method */ +#ifdef OPENSSL_NO_COMP + *(p++)=0; +#else if (s->s3->tmp.new_compression == NULL) *(p++)=0; else *(p++)=s->s3->tmp.new_compression->id; +#endif /* do the header */ l=(p-d); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 51d4c48724..eb7e87f9b1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -369,11 +369,15 @@ int ssl3_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else if (s->s3->tmp.new_compression == NULL) s->session->compress_meth=0; else s->session->compress_meth= s->s3->tmp.new_compression->id; +#endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; @@ -517,9 +521,12 @@ int ssl3_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,j; + int i; unsigned long Time,l; +#ifndef OPENSSL_NO_COMP + int j; SSL_COMP *comp; +#endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) @@ -578,6 +585,9 @@ int ssl3_client_hello(SSL *s) p+=i; /* COMPRESSION */ +#ifdef OPENSSL_NO_COMP + *(p++)=1; +#else if (s->ctx->comp_methods == NULL) j=0; else @@ -588,6 +598,7 @@ int ssl3_client_hello(SSL *s) comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); *(p++)=comp->id; } +#endif *(p++)=0; /* Add the NULL method */ l=(p-d); @@ -615,7 +626,9 @@ int ssl3_get_server_hello(SSL *s) int i,al,ok; unsigned int j; long n; +#ifndef OPENSSL_NO_COMP SSL_COMP *comp; +#endif n=s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -746,6 +759,14 @@ int ssl3_get_server_hello(SSL *s) /* lets get the compression algorithm */ /* COMPRESSION */ +#ifdef OPENSSL_NO_COMP + if (*(p++) != 0) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + goto f_err; + } +#else j= *(p++); if (j == 0) comp=NULL; @@ -762,6 +783,7 @@ int ssl3_get_server_hello(SSL *s) { s->s3->tmp.new_compression=comp; } +#endif if (p != (d+n)) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 6d92050bb1..d83d42e583 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which) unsigned char *ms,*key,*iv,*er1,*er2; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; +#ifndef OPENSSL_NO_COMP COMP_METHOD *comp; +#endif const EVP_MD *m; EVP_MD_CTX md; int is_exp,n,i,j,k,cl; @@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which) is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; +#ifndef OPENSSL_NO_COMP if (s->s3->tmp.new_compression == NULL) comp=NULL; else comp=s->s3->tmp.new_compression->method; +#endif key_block=s->s3->tmp.key_block; if (which & SSL3_CC_READ) @@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_read_ctx; s->read_hash=m; +#ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->expand != NULL) { @@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->s3->rrec.comp == NULL) goto err; } +#endif memset(&(s->s3->read_sequence[0]),0,8); mac_secret= &(s->s3->read_mac_secret[0]); } @@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_write_ctx; s->write_hash=m; +#ifndef OPENSSL_NO_COMP /* COMPRESS */ if (s->compress != NULL) { @@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } } +#endif memset(&(s->s3->write_sequence[0]),0,8); mac_secret= &(s->s3->write_mac_secret[0]); } @@ -350,7 +358,9 @@ int ssl3_setup_key_block(SSL *s) const EVP_MD *hash; int num; int ret = 0; +#ifdef OPENSSL_NO_COMP SSL_COMP *comp; +#endif if (s->s3->tmp.key_block_length != 0) return(1); @@ -363,7 +373,11 @@ int ssl3_setup_key_block(SSL *s) s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; +#ifdef OPENSSL_NO_COMP + s->s3->tmp.new_compression=NULL; +#else s->s3->tmp.new_compression=comp; +#endif num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); num*=2; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index f90bb77666..d0f54e297b 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -476,6 +476,7 @@ err: int ssl3_do_uncompress(SSL *ssl) { +#ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *rr; @@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl) else rr->length=i; rr->data=rr->comp; - +#endif return(1); } int ssl3_do_compress(SSL *ssl) { +#ifndef OPENSSL_NO_COMP int i; SSL3_RECORD *wr; @@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl) wr->length=i; wr->input=wr->data; +#endif return(1); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3aa42d7e4f..f762480a02 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -666,7 +666,9 @@ int ssl3_get_client_hello(SSL *s) unsigned long id; unsigned char *p,*d,*q; SSL_CIPHER *c; +#ifndef OPENSSL_NO_COMP SSL_COMP *comp=NULL; +#endif STACK_OF(SSL_CIPHER) *ciphers=NULL; /* We do this so that we will respond with our native type. @@ -897,6 +899,7 @@ int ssl3_get_client_hello(SSL *s) * options, we will now look for them. We have i-1 compression * algorithms from the client, starting at q. */ s->s3->tmp.new_compression=NULL; +#ifndef OPENSSL_NO_COMP if (s->ctx->comp_methods != NULL) { /* See if we have a match */ int m,nn,o,v,done=0; @@ -921,6 +924,7 @@ int ssl3_get_client_hello(SSL *s) else comp=NULL; } +#endif /* TLS does not mind if there is extra stuff */ #if 0 /* SSL 3.0 does not mind either, so we should disable this test @@ -944,7 +948,11 @@ int ssl3_get_client_hello(SSL *s) if (!s->hit) { +#ifdef OPENSSL_NO_COMP + s->session->compress_meth=0; +#else s->session->compress_meth=(comp == NULL)?0:comp->id; +#endif if (s->session->ciphers != NULL) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers=ciphers; @@ -1070,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s) p+=i; /* put the compression method */ +#ifdef OPENSSL_NO_COMP + *(p++)=0; +#else if (s->s3->tmp.new_compression == NULL) *(p++)=0; else *(p++)=s->s3->tmp.new_compression->id; +#endif /* do the header */ l=(p-d); diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 1e762f276e..bacaff157e 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -254,7 +254,11 @@ extern "C" { #endif #define SSL3_RT_MAX_PLAIN_LENGTH 16384 +#ifdef OPENSSL_NO_COMP +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#else #define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +#endif #define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) #define SSL3_RT_MAX_DATA_SIZE (1024*1024) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 8c2e1c305e..cdd7a9ae74 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -192,6 +192,9 @@ void ssl_load_ciphers(void) EVP_get_digestbyname(SN_sha1); } + +#ifndef OPENSSL_NO_COMP + static int sk_comp_cmp(const SSL_COMP * const *a, const SSL_COMP * const *b) { @@ -231,6 +234,7 @@ static void load_builtin_compressions(void) } CRYPTO_w_unlock(CRYPTO_LOCK_SSL); } +#endif int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, SSL_COMP **comp) @@ -243,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, if (comp != NULL) { SSL_COMP ctmp; - +#ifndef OPENSSL_NO_COMP load_builtin_compressions(); +#endif *comp=NULL; ctmp.id=s->compress_meth; @@ -1131,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) return(NULL); } +#ifdef OPENSSL_NO_COMP +void *SSL_COMP_get_compression_methods(void) + { + return NULL; + } +int SSL_COMP_add_compression_method(int id, void *cm) + { + return 1; + } + +const char *SSL_COMP_get_name(const void *comp) + { + return NULL; + } +#else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { load_builtin_compressions(); @@ -1191,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) return NULL; } +#endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3df0f022d9..dfc1bad52a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2246,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s) OPENSSL_free(s->enc_write_ctx); s->enc_write_ctx=NULL; } +#ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -2256,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s) COMP_CTX_free(s->compress); s->compress=NULL; } +#endif } /* Fix this function so that it takes an optional type parameter */ @@ -2282,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s) return(s->session->cipher); return(NULL); } +#ifdef OPENSSL_NO_COMP +const void *SSL_get_current_compression(SSL *s) + { + return NULL; + } +const void *SSL_get_current_expansion(SSL *s) + { + return NULL; + } +#else const COMP_METHOD *SSL_get_current_compression(SSL *s) { @@ -2296,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s) return(s->expand->meth); return(NULL); } +#endif int ssl_init_wbio_buffer(SSL *s,int push) { diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 39cf55cbfd..4eb0867155 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -151,6 +151,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; } #endif /* OPENSSL_NO_KRB5 */ +#ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { SSL_COMP *comp = NULL; @@ -165,6 +166,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; } } +#endif if (x->time != 0L) { if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c77dc86673..10a5293b05 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -420,7 +420,9 @@ int main(int argc, char *argv[]) int print_time = 0; clock_t s_time = 0, c_time = 0; int comp = 0; +#ifndef OPENSSL_NO_COMP COMP_METHOD *cm = NULL; +#endif STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; int test_cipherlist = 0; @@ -652,6 +654,7 @@ bad: SSL_library_init(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_COMP if (comp == COMP_ZLIB) cm = COMP_zlib(); if (comp == COMP_RLE) cm = COMP_rle(); if (cm != NULL) @@ -675,6 +678,7 @@ bad: ERR_print_errors_fp(stderr); } } +#endif ssl_comp_methods = SSL_COMP_get_compression_methods(); fprintf(stderr, "Available compression methods:\n"); { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index cfcfedaa5d..c544c76495 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -231,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which) int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; +#ifndef OPENSSL_NO_COMP const SSL_COMP *comp; +#endif const EVP_MD *m; int is_export,n,i,j,k,exp_label_len,cl; int reuse_dd = 0; @@ -239,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which) is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c=s->s3->tmp.new_sym_enc; m=s->s3->tmp.new_hash; +#ifndef OPENSSL_NO_COMP comp=s->s3->tmp.new_compression; +#endif key_block=s->s3->tmp.key_block; #ifdef KSSL_DEBUG @@ -265,6 +269,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_read_ctx; s->read_hash=m; +#ifndef OPENSSL_NO_COMP if (s->expand != NULL) { COMP_CTX_free(s->expand); @@ -284,6 +289,7 @@ int tls1_change_cipher_state(SSL *s, int which) if (s->s3->rrec.comp == NULL) goto err; } +#endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->read_sequence[0]),0,8); @@ -301,6 +307,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; dd= s->enc_write_ctx; s->write_hash=m; +#ifndef OPENSSL_NO_COMP if (s->compress != NULL) { COMP_CTX_free(s->compress); @@ -315,6 +322,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err2; } } +#endif /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */ if (s->version != DTLS1_VERSION) memset(&(s->s3->write_sequence[0]),0,8); |