diff options
| author | sashan <anedvedicky@gmail.com> | 2024-05-16 06:33:55 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-05-28 08:56:13 +0200 |
| commit | da9342ed5edabfbbd658e35f6bad1831682cc7e7 (patch) | |
| tree | 00cf057471eefa0ba61357afc1206e3d19e36ec6 /ssl | |
| parent | 184d29dbabbb6c7a5cc829d3ac4b966f781d2b2e (diff) | |
Move stack of compression methods from libssl to OSSL_LIB_CTX
The compression methods are now a global variable in libssl.
This change moves it into OSSL library context.
It is necessary to eliminate atexit call from libssl.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24414)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 1 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 126 | ||||
| -rw-r--r-- | ssl/ssl_init.c | 23 | ||||
| -rw-r--r-- | ssl/ssl_local.h | 6 | ||||
| -rw-r--r-- | ssl/ssl_txt.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 1 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 1 |
7 files changed, 51 insertions, 109 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 6a31efe1c0..e61861d9fd 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -19,6 +19,7 @@ #include <openssl/core_names.h> #include "record_local.h" #include "internal/packet.h" +#include "internal/comp.h" void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e70b800a5c..ce6d0d99a2 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -21,6 +21,7 @@ #include "ssl_local.h" #include "internal/thread_once.h" #include "internal/cryptlib.h" +#include "internal/comp.h" /* NB: make sure indices in these tables match values above */ @@ -57,16 +58,6 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ }; -#define SSL_COMP_NULL_IDX 0 -#define SSL_COMP_ZLIB_IDX 1 -#define SSL_COMP_NUM_IDX 2 - -static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; - -#ifndef OPENSSL_NO_COMP -static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; -#endif - /* NB: make sure indices in this table matches values above */ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */ @@ -445,40 +436,6 @@ int ssl_load_ciphers(SSL_CTX *ctx) return 1; } -#ifndef OPENSSL_NO_COMP - -static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) -{ - return ((*a)->id - (*b)->id); -} - -DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) -{ - SSL_COMP *comp = NULL; - COMP_METHOD *method = COMP_zlib(); - - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - - if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) { - comp = OPENSSL_malloc(sizeof(*comp)); - if (comp != NULL) { - comp->method = method; - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = COMP_get_name(method); - if (!sk_SSL_COMP_push(ssl_comp_methods, comp)) - OPENSSL_free(comp); - sk_SSL_COMP_sort(ssl_comp_methods); - } - } - return 1; -} - -static int load_builtin_compressions(void) -{ - return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions); -} -#endif - int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, const EVP_CIPHER **enc) { @@ -549,20 +506,15 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, return 0; if (comp != NULL) { SSL_COMP ctmp; -#ifndef OPENSSL_NO_COMP - if (!load_builtin_compressions()) { - /* - * Currently don't care, since a failure only means that - * ssl_comp_methods is NULL, which is perfectly OK - */ - } -#endif + STACK_OF(SSL_COMP) *comp_methods; + *comp = NULL; ctmp.id = s->compress_meth; - if (ssl_comp_methods != NULL) { - i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) { + i = sk_SSL_COMP_find(comp_methods, &ctmp); if (i >= 0) - *comp = sk_SSL_COMP_value(ssl_comp_methods, i); + *comp = sk_SSL_COMP_value(comp_methods, i); } /* If were only interested in comp then return success */ if ((enc == NULL) && (md == NULL)) @@ -649,6 +601,7 @@ const EVP_MD *ssl_prf_md(SSL_CONNECTION *s) ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); } + #define ITEM_SEP(a) \ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) @@ -1988,17 +1941,19 @@ uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c) SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) { SSL_COMP *ctmp; - int i, nn; + SSL_COMP srch_key; + int i; if ((n == 0) || (sk == NULL)) return NULL; - nn = sk_SSL_COMP_num(sk); - for (i = 0; i < nn; i++) { + srch_key.id = n; + i = sk_SSL_COMP_find(sk, &srch_key); + if (i >= 0) ctmp = sk_SSL_COMP_value(sk, i); - if (ctmp->id == n) - return ctmp; - } - return NULL; + else + ctmp = NULL; + + return ctmp; } #ifdef OPENSSL_NO_COMP @@ -2021,34 +1976,44 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) #else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { - load_builtin_compressions(); - return ssl_comp_methods; + STACK_OF(SSL_COMP) **rv; + + rv = (STACK_OF(SSL_COMP) **)OSSL_LIB_CTX_get_data(NULL, + OSSL_LIB_CTX_COMP_METHODS); + if (rv != NULL) + return *rv; + else + return NULL; } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths) { - STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; - ssl_comp_methods = meths; - return old_meths; -} + STACK_OF(SSL_COMP) **comp_methods; + STACK_OF(SSL_COMP) *old_meths; -static void cmeth_free(SSL_COMP *cm) -{ - OPENSSL_free(cm); -} + comp_methods = (STACK_OF(SSL_COMP) **)OSSL_LIB_CTX_get_data(NULL, + OSSL_LIB_CTX_COMP_METHODS); + if (comp_methods == NULL) { + old_meths = meths; + } else { + old_meths = *comp_methods; + *comp_methods = meths; + } -void ssl_comp_free_compression_methods_int(void) -{ - STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; - ssl_comp_methods = NULL; - sk_SSL_COMP_pop_free(old_meths, cmeth_free); + return old_meths; } int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { + STACK_OF(SSL_COMP) *comp_methods; SSL_COMP *comp; + comp_methods = SSL_COMP_get_compression_methods(); + + if (comp_methods == NULL) + return 1; + if (cm == NULL || COMP_get_type(cm) == NID_undef) return 1; @@ -2070,18 +2035,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return 1; comp->id = id; - comp->method = cm; - load_builtin_compressions(); - if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { + if (sk_SSL_COMP_find(comp_methods, comp) >= 0) { OPENSSL_free(comp); ERR_raise(ERR_LIB_SSL, SSL_R_DUPLICATE_COMPRESSION_ID); return 1; } - if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { + if (!sk_SSL_COMP_push(comp_methods, comp)) { OPENSSL_free(comp); ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); return 1; } + return 0; } #endif diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 70e567b72c..c99639db7c 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -19,8 +19,6 @@ static int stopped; -static void ssl_library_stop(void); - static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; static int ssl_base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) @@ -36,11 +34,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) #endif ssl_sort_cipher_list(); OSSL_TRACE(INIT, "ossl_init_ssl_base: SSL_add_ssl_module()\n"); - /* - * We ignore an error return here. Not much we can do - but not that bad - * either. We can still safely continue. - */ - OPENSSL_atexit(ssl_library_stop); ssl_base_inited = 1; return 1; } @@ -67,22 +60,6 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, return 1; } -static void ssl_library_stop(void) -{ - /* Might be explicitly called and also by atexit */ - if (stopped) - return; - stopped = 1; - - if (ssl_base_inited) { -#ifndef OPENSSL_NO_COMP - OSSL_TRACE(INIT, "ssl_library_stop: " - "ssl_comp_free_compression_methods_int()\n"); - ssl_comp_free_compression_methods_int(); -#endif - } -} - /* * If this function is called with a non NULL settings value then it must be * called prior to any threads making calls to any OpenSSL functions, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 2d827d8bb9..9083ec2f3b 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -37,6 +37,7 @@ # include "internal/ktls.h" # include "internal/time.h" # include "internal/ssl.h" +# include "internal/cryptlib.h" # include "record/record.h" # ifdef OPENSSL_BUILD_SHLIBSSL @@ -637,11 +638,6 @@ typedef enum { #define MAX_COMPRESSIONS_SIZE 255 -struct ssl_comp_st { - int id; - const char *name; - COMP_METHOD *method; -}; typedef struct raw_extension_st { /* Raw packet data for the extension */ diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 9e9c2e10ec..2a0f503255 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -12,6 +12,8 @@ #include <openssl/buffer.h> #include "ssl_local.h" +#include "internal/comp.h" + #ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6f73d5f698..162442ea2d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -27,6 +27,7 @@ #include <openssl/core_names.h> #include <openssl/param_build.h> #include "internal/cryptlib.h" +#include "internal/comp.h" static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, PACKET *pkt); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5ff479a2ec..08544ed0bf 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -27,6 +27,7 @@ #include <openssl/core_names.h> #include <openssl/asn1t.h> #include <openssl/comp.h> +#include "internal/comp.h" #define TICKET_NONCE_SIZE 8 |