Make sure int SSL_COMP_add_compression_method() checks if a certain
authorRichard Levitte <levitte@openssl.org>
Mon, 6 Oct 2003 11:00:15 +0000 (11:00 +0000)
committerRichard Levitte <levitte@openssl.org>
Mon, 6 Oct 2003 11:00:15 +0000 (11:00 +0000)
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().

crypto/comp/Makefile.ssl
crypto/des/Makefile.ssl
ssl/ssl.h
ssl/ssl_ciph.c
ssl/ssl_err.c
ssl/ssltest.c
util/ssleay.num

index f60c7a1..5db2412 100644 (file)
@@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_zlib.o: c_zlib.c
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
 comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
index 34ca7ac..73ffab9 100644 (file)
@@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
 des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
index 7cd7ece..2d40350 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
 #endif
 
 #ifndef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
+void *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,char *cm);
 #endif
 
@@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC       1109
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG           148
 #define SSL_R_DIGEST_CHECK_FAILED                       149
+#define SSL_R_DUPLICATE_COMPRESSION_ID                  1121
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER              1119
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                         150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY              1092
index cfce888..44b50fe 100644 (file)
@@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
        comp->id=id;
        comp->method=cm;
        load_builtin_compressions();
-       if ((ssl_comp_methods == NULL)
+       if (ssl_comp_methods
+               && !sk_SSL_COMP_find(ssl_comp_methods,comp))
+               {
+               OPENSSL_free(comp);
+               MemCheck_on();
+               SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
+               return(1);
+               }
+       else if ((ssl_comp_methods == NULL)
                || !sk_SSL_COMP_push(ssl_comp_methods,comp))
                {
                OPENSSL_free(comp);
index b9a50b8..359ea45 100644 (file)
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_DUPLICATE_COMPRESSION_ID          ,"duplicate compression id"},
 {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER      ,"ecgroup too large for cipher"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
 {SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
index 0c68460..6391cf2 100644 (file)
 
 /* There is really no standard for this, so let's assign some tentative
    numbers.  In any case, these numbers are only for this test */
-#define COMP_RLE       1
-#define COMP_ZLIB      2
+#define COMP_RLE       255
+#define COMP_ZLIB      1
 
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifndef OPENSSL_NO_RSA
@@ -373,7 +373,7 @@ int main(int argc, char *argv[])
        SSL_METHOD *meth=NULL;
        SSL *c_ssl,*s_ssl;
        int number=1,reuse=0;
-       long bytes=1L;
+       long bytes=256L;
 #ifndef OPENSSL_NO_DH
        DH *dh;
        int dhe1024 = 0, dhe1024dsa = 0;
@@ -387,6 +387,7 @@ int main(int argc, char *argv[])
        clock_t s_time = 0, c_time = 0;
        int comp = 0;
        COMP_METHOD *cm = NULL;
+       STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 
        verbose = 0;
        debug = 0;
@@ -612,6 +613,19 @@ bad:
                        ERR_print_errors_fp(stderr);
                        }
                }
+       ssl_comp_methods = SSL_COMP_get_compression_methods();
+       fprintf(stderr, "Available compression methods:\n");
+       {
+       int i, n = sk_SSL_COMP_num(ssl_comp_methods);
+       if (n == 0)
+               fprintf(stderr, "  NONE\n");
+       else
+               for (i = 0; i < n; i++)
+                       {
+                       SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i);
+                       fprintf(stderr, "  %d: %s\n", c->id, c->name);
+                       }
+       }
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        if (ssl2)
index 865005a..6836484 100755 (executable)
@@ -218,3 +218,4 @@ SSL_set_msg_callback                    267 EXIST::FUNCTION:
 SSL_set_tmp_ecdh_callback               268    EXIST::FUNCTION:ECDH
 SSL_CTX_set_tmp_ecdh_callback           269    EXIST::FUNCTION:ECDH
 SSL_SESSION_get_id                      270    EXIST::FUNCTION:
+SSL_COMP_get_compression_method         271    EXIST::FUNCTION:COMP