From 8242354952ead170335b98b33254ca9a0e836926 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 6 Oct 2003 11:00:15 +0000 Subject: [PATCH] Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods(). --- crypto/comp/Makefile.ssl | 12 ++++++------ crypto/des/Makefile.ssl | 13 +++++++------ ssl/ssl.h | 3 +++ ssl/ssl_ciph.c | 10 +++++++++- ssl/ssl_err.c | 3 ++- ssl/ssltest.c | 20 +++++++++++++++++--- util/ssleay.num | 1 + 7 files changed, 45 insertions(+), 17 deletions(-) diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl index f60c7a1afc..5db2412f98 100644 --- a/crypto/comp/Makefile.ssl +++ b/crypto/comp/Makefile.ssl @@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_zlib.o: c_zlib.c +c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h +c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl index 34ca7acba5..73ffab9c85 100644 --- a/crypto/des/Makefile.ssl +++ b/crypto/des/Makefile.ssl @@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h +cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb_enc.o: cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/ssl/ssl.h b/ssl/ssl.h index 7cd7ece4cd..2d4035090f 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, #endif #ifndef OPENSSL_NO_COMP +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else +void *SSL_COMP_get_compression_method(void); int SSL_COMP_add_compression_method(int id,char *cm); #endif @@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DUPLICATE_COMPRESSION_ID 1121 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index cfce88846f..44b50feff7 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) comp->id=id; comp->method=cm; load_builtin_compressions(); - if ((ssl_comp_methods == NULL) + if (ssl_comp_methods + && !sk_SSL_COMP_find(ssl_comp_methods,comp)) + { + OPENSSL_free(comp); + MemCheck_on(); + SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); + return(1); + } + else if ((ssl_comp_methods == NULL) || !sk_SSL_COMP_push(ssl_comp_methods,comp)) { OPENSSL_free(comp); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b9a50b8e63..359ea45b94 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, +{SSL_R_DUPLICATE_COMPRESSION_ID ,"duplicate compression id"}, {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER ,"ecgroup too large for cipher"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, {SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0c684604c7..6391cf207b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -164,8 +164,8 @@ /* There is really no standard for this, so let's assign some tentative numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 1 -#define COMP_ZLIB 2 +#define COMP_RLE 255 +#define COMP_ZLIB 1 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA @@ -373,7 +373,7 @@ int main(int argc, char *argv[]) SSL_METHOD *meth=NULL; SSL *c_ssl,*s_ssl; int number=1,reuse=0; - long bytes=1L; + long bytes=256L; #ifndef OPENSSL_NO_DH DH *dh; int dhe1024 = 0, dhe1024dsa = 0; @@ -387,6 +387,7 @@ int main(int argc, char *argv[]) clock_t s_time = 0, c_time = 0; int comp = 0; COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; verbose = 0; debug = 0; @@ -612,6 +613,19 @@ bad: ERR_print_errors_fp(stderr); } } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + fprintf(stderr, "Available compression methods:\n"); + { + int i, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (i = 0; i < n; i++) + { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i); + fprintf(stderr, " %d: %s\n", c->id, c->name); + } + } #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) if (ssl2) diff --git a/util/ssleay.num b/util/ssleay.num index 865005ac64..6836484aad 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -218,3 +218,4 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH SSL_SESSION_get_id 270 EXIST::FUNCTION: +SSL_COMP_get_compression_method 271 EXIST::FUNCTION:COMP -- 2.34.1