Update from HEAD.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 30 Sep 2005 23:38:20 +0000 (23:38 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 30 Sep 2005 23:38:20 +0000 (23:38 +0000)
13 files changed:
apps/s_client.c
ssl/d1_clnt.c
ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_pkt.c
ssl/s3_srvr.c
ssl/ssl3.h
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_txt.c
ssl/ssltest.c
ssl/t1_enc.c

index b22f319..cfee531 100644 (file)
@@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
        SSL_CIPHER *c;
        X509_NAME *xn;
        int j,i;
+#ifndef OPENSSL_NO_COMP
        const COMP_METHOD *comp, *expansion;
+#endif
 
        if (full)
                {
@@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                                                         EVP_PKEY_bits(pktmp));
                EVP_PKEY_free(pktmp);
        }
+#ifndef OPENSSL_NO_COMP
        comp=SSL_get_current_compression(s);
        expansion=SSL_get_current_expansion(s);
        BIO_printf(bio,"Compression: %s\n",
                comp ? SSL_COMP_get_name(comp) : "NONE");
        BIO_printf(bio,"Expansion: %s\n",
                expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)
index 0ba0628..f10b34b 100644 (file)
@@ -371,11 +371,15 @@ int dtls1_connect(SSL *s)
                        s->init_num=0;
 
                        s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                       s->session->compress_meth=0;
+#else
                        if (s->s3->tmp.new_compression == NULL)
                                s->session->compress_meth=0;
                        else
                                s->session->compress_meth=
                                        s->s3->tmp.new_compression->id;
+#endif
                        if (!s->method->ssl3_enc->setup_key_block(s))
                                {
                                ret= -1;
index 76c5169..180fc6e 100644 (file)
@@ -705,10 +705,14 @@ int dtls1_send_server_hello(SSL *s)
                p+=i;
 
                /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+               *(p++)=0;
+#else
                if (s->s3->tmp.new_compression == NULL)
                        *(p++)=0;
                else
                        *(p++)=s->s3->tmp.new_compression->id;
+#endif
 
                /* do the header */
                l=(p-d);
index 51d4c48..eb7e87f 100644 (file)
@@ -369,11 +369,15 @@ int ssl3_connect(SSL *s)
                        s->init_num=0;
 
                        s->session->cipher=s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+                       s->session->compress_meth=0;
+#else
                        if (s->s3->tmp.new_compression == NULL)
                                s->session->compress_meth=0;
                        else
                                s->session->compress_meth=
                                        s->s3->tmp.new_compression->id;
+#endif
                        if (!s->method->ssl3_enc->setup_key_block(s))
                                {
                                ret= -1;
@@ -517,9 +521,12 @@ int ssl3_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
-       int i,j;
+       int i;
        unsigned long Time,l;
+#ifndef OPENSSL_NO_COMP
+       int j;
        SSL_COMP *comp;
+#endif
 
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -578,6 +585,9 @@ int ssl3_client_hello(SSL *s)
                p+=i;
 
                /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+               *(p++)=1;
+#else
                if (s->ctx->comp_methods == NULL)
                        j=0;
                else
@@ -588,6 +598,7 @@ int ssl3_client_hello(SSL *s)
                        comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
                        *(p++)=comp->id;
                        }
+#endif
                *(p++)=0; /* Add the NULL method */
                
                l=(p-d);
@@ -615,7 +626,9 @@ int ssl3_get_server_hello(SSL *s)
        int i,al,ok;
        unsigned int j;
        long n;
+#ifndef OPENSSL_NO_COMP
        SSL_COMP *comp;
+#endif
 
        n=s->method->ssl_get_message(s,
                SSL3_ST_CR_SRVR_HELLO_A,
@@ -746,6 +759,14 @@ int ssl3_get_server_hello(SSL *s)
 
        /* lets get the compression algorithm */
        /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+       if (*(p++) != 0)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               goto f_err;
+               }
+#else
        j= *(p++);
        if (j == 0)
                comp=NULL;
@@ -762,6 +783,7 @@ int ssl3_get_server_hello(SSL *s)
                {
                s->s3->tmp.new_compression=comp;
                }
+#endif
 
        if (p != (d+n))
                {
index 6d92050..d83d42e 100644 (file)
@@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
        unsigned char *ms,*key,*iv,*er1,*er2;
        EVP_CIPHER_CTX *dd;
        const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
        COMP_METHOD *comp;
+#endif
        const EVP_MD *m;
        EVP_MD_CTX md;
        int is_exp,n,i,j,k,cl;
@@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
        is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
        if (s->s3->tmp.new_compression == NULL)
                comp=NULL;
        else
                comp=s->s3->tmp.new_compression->method;
+#endif
        key_block=s->s3->tmp.key_block;
 
        if (which & SSL3_CC_READ)
@@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_read_ctx;
                s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->expand != NULL)
                        {
@@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        if (s->s3->rrec.comp == NULL)
                                goto err;
                        }
+#endif
                memset(&(s->s3->read_sequence[0]),0,8);
                mac_secret= &(s->s3->read_mac_secret[0]);
                }
@@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_write_ctx;
                s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
                /* COMPRESS */
                if (s->compress != NULL)
                        {
@@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
                                goto err2;
                                }
                        }
+#endif
                memset(&(s->s3->write_sequence[0]),0,8);
                mac_secret= &(s->s3->write_mac_secret[0]);
                }
@@ -350,7 +358,9 @@ int ssl3_setup_key_block(SSL *s)
        const EVP_MD *hash;
        int num;
        int ret = 0;
+#ifdef OPENSSL_NO_COMP
        SSL_COMP *comp;
+#endif
 
        if (s->s3->tmp.key_block_length != 0)
                return(1);
@@ -363,7 +373,11 @@ int ssl3_setup_key_block(SSL *s)
 
        s->s3->tmp.new_sym_enc=c;
        s->s3->tmp.new_hash=hash;
+#ifdef OPENSSL_NO_COMP
+       s->s3->tmp.new_compression=NULL;
+#else
        s->s3->tmp.new_compression=comp;
+#endif
 
        num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
        num*=2;
index f90bb77..d0f54e2 100644 (file)
@@ -476,6 +476,7 @@ err:
 
 int ssl3_do_uncompress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *rr;
 
@@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl)
        else
                rr->length=i;
        rr->data=rr->comp;
-
+#endif
        return(1);
        }
 
 int ssl3_do_compress(SSL *ssl)
        {
+#ifndef OPENSSL_NO_COMP
        int i;
        SSL3_RECORD *wr;
 
@@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl)
                wr->length=i;
 
        wr->input=wr->data;
+#endif
        return(1);
        }
 
index 3aa42d7..f762480 100644 (file)
@@ -666,7 +666,9 @@ int ssl3_get_client_hello(SSL *s)
        unsigned long id;
        unsigned char *p,*d,*q;
        SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
        SSL_COMP *comp=NULL;
+#endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
        /* We do this so that we will respond with our native type.
@@ -897,6 +899,7 @@ int ssl3_get_client_hello(SSL *s)
         * options, we will now look for them.  We have i-1 compression
         * algorithms from the client, starting at q. */
        s->s3->tmp.new_compression=NULL;
+#ifndef OPENSSL_NO_COMP
        if (s->ctx->comp_methods != NULL)
                { /* See if we have a match */
                int m,nn,o,v,done=0;
@@ -921,6 +924,7 @@ int ssl3_get_client_hello(SSL *s)
                else
                        comp=NULL;
                }
+#endif
 
        /* TLS does not mind if there is extra stuff */
 #if 0   /* SSL 3.0 does not mind either, so we should disable this test
@@ -944,7 +948,11 @@ int ssl3_get_client_hello(SSL *s)
 
        if (!s->hit)
                {
+#ifdef OPENSSL_NO_COMP
+               s->session->compress_meth=0;
+#else
                s->session->compress_meth=(comp == NULL)?0:comp->id;
+#endif
                if (s->session->ciphers != NULL)
                        sk_SSL_CIPHER_free(s->session->ciphers);
                s->session->ciphers=ciphers;
@@ -1070,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s)
                p+=i;
 
                /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+                       *(p++)=0;
+#else
                if (s->s3->tmp.new_compression == NULL)
                        *(p++)=0;
                else
                        *(p++)=s->s3->tmp.new_compression->id;
+#endif
 
                /* do the header */
                l=(p-d);
index 1e762f2..bacaff1 100644 (file)
@@ -254,7 +254,11 @@ extern "C" {
 #endif
 
 #define SSL3_RT_MAX_PLAIN_LENGTH               16384
+#ifdef OPENSSL_NO_COMP
+#define SSL3_RT_MAX_COMPRESSED_LENGTH  SSL3_RT_MAX_PLAIN_LENGTH
+#else
 #define SSL3_RT_MAX_COMPRESSED_LENGTH  (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#endif
 #define SSL3_RT_MAX_ENCRYPTED_LENGTH   (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
 #define SSL3_RT_MAX_PACKET_SIZE                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE                  (1024*1024)
index 8c2e1c3..cdd7a9a 100644 (file)
@@ -192,6 +192,9 @@ void ssl_load_ciphers(void)
                EVP_get_digestbyname(SN_sha1);
        }
 
+
+#ifndef OPENSSL_NO_COMP
+
 static int sk_comp_cmp(const SSL_COMP * const *a,
                        const SSL_COMP * const *b)
        {
@@ -231,6 +234,7 @@ static void load_builtin_compressions(void)
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
        }
+#endif
 
 int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
             const EVP_MD **md, SSL_COMP **comp)
@@ -243,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        if (comp != NULL)
                {
                SSL_COMP ctmp;
-
+#ifndef OPENSSL_NO_COMP
                load_builtin_compressions();
+#endif
 
                *comp=NULL;
                ctmp.id=s->compress_meth;
@@ -1131,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
        return(NULL);
        }
 
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
+       {
+       return NULL;
+       }
+int SSL_COMP_add_compression_method(int id, void *cm)
+       {
+       return 1;
+       }
+
+const char *SSL_COMP_get_name(const void *comp)
+       {
+       return NULL;
+       }
+#else
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
        {
        load_builtin_compressions();
@@ -1191,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
        return NULL;
        }
 
+#endif
index 3df0f02..dfc1bad 100644 (file)
@@ -2246,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                OPENSSL_free(s->enc_write_ctx);
                s->enc_write_ctx=NULL;
                }
+#ifndef OPENSSL_NO_COMP
        if (s->expand != NULL)
                {
                COMP_CTX_free(s->expand);
@@ -2256,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s)
                COMP_CTX_free(s->compress);
                s->compress=NULL;
                }
+#endif
        }
 
 /* Fix this function so that it takes an optional type parameter */
@@ -2282,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
                return(s->session->cipher);
        return(NULL);
        }
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+       {
+       return NULL;
+       }
+const void *SSL_get_current_expansion(SSL *s)
+       {
+       return NULL;
+       }
+#else
 
 const COMP_METHOD *SSL_get_current_compression(SSL *s)
        {
@@ -2296,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
                return(s->expand->meth);
        return(NULL);
        }
+#endif
 
 int ssl_init_wbio_buffer(SSL *s,int push)
        {
index 39cf55c..4eb0867 100644 (file)
@@ -151,6 +151,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                        if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
                        }
 #endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_COMP
        if (x->compress_meth != 0)
                {
                SSL_COMP *comp = NULL;
@@ -165,6 +166,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                        if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
                        }
                }       
+#endif
        if (x->time != 0L)
                {
                if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
index c77dc86..10a5293 100644 (file)
@@ -420,7 +420,9 @@ int main(int argc, char *argv[])
        int print_time = 0;
        clock_t s_time = 0, c_time = 0;
        int comp = 0;
+#ifndef OPENSSL_NO_COMP
        COMP_METHOD *cm = NULL;
+#endif
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
        int test_cipherlist = 0;
 
@@ -652,6 +654,7 @@ bad:
        SSL_library_init();
        SSL_load_error_strings();
 
+#ifndef OPENSSL_NO_COMP
        if (comp == COMP_ZLIB) cm = COMP_zlib();
        if (comp == COMP_RLE) cm = COMP_rle();
        if (cm != NULL)
@@ -675,6 +678,7 @@ bad:
                        ERR_print_errors_fp(stderr);
                        }
                }
+#endif
        ssl_comp_methods = SSL_COMP_get_compression_methods();
        fprintf(stderr, "Available compression methods:\n");
        {
index cfcfeda..c544c76 100644 (file)
@@ -231,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which)
        int client_write;
        EVP_CIPHER_CTX *dd;
        const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
        const SSL_COMP *comp;
+#endif
        const EVP_MD *m;
        int is_export,n,i,j,k,exp_label_len,cl;
        int reuse_dd = 0;
@@ -239,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which)
        is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
        c=s->s3->tmp.new_sym_enc;
        m=s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
        comp=s->s3->tmp.new_compression;
+#endif
        key_block=s->s3->tmp.key_block;
 
 #ifdef KSSL_DEBUG
@@ -265,6 +269,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_read_ctx;
                s->read_hash=m;
+#ifndef OPENSSL_NO_COMP
                if (s->expand != NULL)
                        {
                        COMP_CTX_free(s->expand);
@@ -284,6 +289,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        if (s->s3->rrec.comp == NULL)
                                goto err;
                        }
+#endif
                /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->read_sequence[0]),0,8);
@@ -301,6 +307,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                        goto err;
                dd= s->enc_write_ctx;
                s->write_hash=m;
+#ifndef OPENSSL_NO_COMP
                if (s->compress != NULL)
                        {
                        COMP_CTX_free(s->compress);
@@ -315,6 +322,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                                goto err2;
                                }
                        }
+#endif
                /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
                if (s->version != DTLS1_VERSION)
                        memset(&(s->s3->write_sequence[0]),0,8);