From 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 8 May 2015 12:05:36 -0400 Subject: [PATCH] Make COMP_CTX and COMP_METHOD opaque Since COMP_METHOD is now defined in comp_lcl.h, it is no longer possible to create new TLS compression methods without using the OpenSSL source. Only ZLIB is supported by default. Also, since the types are opaque, #ifdef guards to use "char *" instead of the real type aren't necessary. The changes are actually minor. Adding missing copyright to some files makes the diff misleadingly big. Reviewed-by: Matt Caswell --- crypto/comp/Makefile | 4 +- crypto/comp/c_zlib.c | 57 +++++++++++++++++++++++- crypto/comp/comp_lcl.h | 74 ++++++++++++++++++++++++++++++++ crypto/comp/comp_lib.c | 81 ++++++++++++++++++++++++++++++++--- include/openssl/comp.h | 88 ++++++++++++++++++++++++++------------ include/openssl/ossl_typ.h | 5 ++- include/openssl/ssl.h | 15 +------ ssl/ssl_ciph.c | 46 +++++++++++--------- ssl/ssl_lib.c | 29 +++++-------- ssl/ssl_locl.h | 19 +------- ssl/ssl_txt.c | 5 +-- test/ssltest.c | 5 +-- util/libeay.num | 4 ++ util/ssleay.num | 20 ++++----- 14 files changed, 327 insertions(+), 125 deletions(-) create mode 100644 crypto/comp/comp_lcl.h diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index 1a180f49df..7884f99547 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -68,7 +68,7 @@ c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_lcl.h comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -82,4 +82,4 @@ comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c +comp_lib.o: ../../include/openssl/symhacks.h comp_lcl.h comp_lib.c diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 2d5b54f42e..83773a1106 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -1,9 +1,64 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #include #include #include #include #include #include +#include "comp_lcl.h" COMP_METHOD *COMP_zlib(void); @@ -14,8 +69,6 @@ static COMP_METHOD zlib_method_nozlib = { NULL, NULL, NULL, - NULL, - NULL, }; #ifndef ZLIB diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_lcl.h new file mode 100644 index 0000000000..f1ec8d5481 --- /dev/null +++ b/crypto/comp/comp_lcl.h @@ -0,0 +1,74 @@ +/* ==================================================================== + * Copyright (c) 2017 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + */ + + +struct comp_method_st { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init) (COMP_CTX *ctx); + void (*finish) (COMP_CTX *ctx); + int (*compress) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); +}; + +struct comp_ctx_st { + struct comp_method_st *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; +}; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 42d99364a9..aa82376cdd 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -1,17 +1,70 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #include #include #include #include #include +#include "comp_lcl.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - /* ZZZZZZZZZZZZZZZZ */ + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); - } memset(ret, 0, sizeof(*ret)); ret->meth = meth; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { @@ -21,6 +74,21 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) return (ret); } +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) +{ + return ctx->meth; +} + +int COMP_get_type(const COMP_METHOD *meth) +{ + return meth->type; +} + +const char *COMP_get_name(const COMP_METHOD *meth) +{ + return meth->name; +} + void COMP_CTX_free(COMP_CTX *ctx) { if (ctx == NULL) @@ -37,7 +105,6 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, { int ret; if (ctx->meth->compress == NULL) { - /* ZZZZZZZZZZZZZZZZZ */ return (-1); } ret = ctx->meth->compress(ctx, out, olen, in, ilen); @@ -54,7 +121,6 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, int ret; if (ctx->meth->expand == NULL) { - /* ZZZZZZZZZZZZZZZZZ */ return (-1); } ret = ctx->meth->expand(ctx, out, olen, in, ilen); @@ -64,3 +130,8 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, } return (ret); } + +int COMP_CTX_get_type(const COMP_CTX* comp) +{ + return comp->meth ? comp->meth->type : NID_undef; +} diff --git a/include/openssl/comp.h b/include/openssl/comp.h index 6799b0f472..c7d903fc24 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -1,3 +1,57 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + #ifndef HEADER_COMP_H # define HEADER_COMP_H @@ -8,41 +62,19 @@ extern "C" { #endif -typedef struct comp_ctx_st COMP_CTX; - -typedef struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - /* - * The following two do NOTHING, but are kept for backward compatibility - */ - long (*ctrl) (void); - long (*callback_ctrl) (void); -} COMP_METHOD; - -struct comp_ctx_st { - COMP_METHOD *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - CRYPTO_EX_DATA ex_data; -}; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); + COMP_METHOD *COMP_zlib(void); void COMP_zlib_cleanup(void); diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index b32ce66843..e4e3270502 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -176,6 +176,9 @@ typedef struct engine_st ENGINE; typedef struct ssl_st SSL; typedef struct ssl_ctx_st SSL_CTX; +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 43c68012f7..e8c2e6cc1f 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -145,9 +145,7 @@ # include -# ifndef OPENSSL_NO_COMP -# include -# endif +# include # include # ifdef OPENSSL_USE_DEPRECATED # include @@ -703,9 +701,6 @@ __owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, unsigned int *id_len); -typedef struct ssl_comp_st SSL_COMP; - - # define SSL_SESS_CACHE_OFF 0x0000 # define SSL_SESS_CACHE_CLIENT 0x0001 # define SSL_SESS_CACHE_SERVER 0x0002 @@ -1774,7 +1769,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, int keylength)); # endif -# ifndef OPENSSL_NO_COMP __owur const COMP_METHOD *SSL_get_current_compression(SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); @@ -1783,13 +1777,6 @@ __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); void SSL_COMP_free_compression_methods(void); __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -# else -__owur const void *SSL_get_current_compression(SSL *s); -__owur const void *SSL_get_current_expansion(SSL *s); -__owur const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -__owur int SSL_COMP_add_compression_method(int id, void *cm); -# endif const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ed274e01a7..ddedf5cef9 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -495,22 +495,20 @@ static void load_builtin_compressions(void) if (ssl_comp_methods == NULL) { SSL_COMP *comp = NULL; + COMP_METHOD *method = COMP_zlib(); MemCheck_off(); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) { + if (COMP_get_type(method) != NID_undef + && ssl_comp_methods != NULL) { comp = OPENSSL_malloc(sizeof(*comp)); if (comp != NULL) { - comp->method = COMP_zlib(); - if (comp->method && comp->method->type == NID_undef) - OPENSSL_free(comp); - else { - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods, comp); - } + comp->method = method; + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = COMP_get_name(method); + sk_SSL_COMP_push(ssl_comp_methods, comp); + sk_SSL_COMP_sort(ssl_comp_methods); } - sk_SSL_COMP_sort(ssl_comp_methods); } MemCheck_on(); } @@ -1870,20 +1868,23 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) } #ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { return NULL; } - -int SSL_COMP_add_compression_method(int id, void *cm) +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths) { - return 1; + return meths; } - -const char *SSL_COMP_get_name(const void *comp) +void SSL_COMP_free_compression_methods(void) { - return NULL; } +int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) +{ + return 1; +} + #else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { @@ -1915,7 +1916,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { SSL_COMP *comp; - if (cm == NULL || cm->type == NID_undef) + if (cm == NULL || COMP_get_type(cm) == NID_undef) return 1; /*- @@ -1960,14 +1961,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return (0); } } +#endif const char *SSL_COMP_get_name(const COMP_METHOD *comp) { - if (comp) - return comp->name; +#ifndef OPENSSL_NO_COMP + return comp ? COMP_get_name(comp) : NULL; +#else return NULL; -} #endif +} + /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8f74ef10b4..441c6fab18 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2882,32 +2882,23 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) return (NULL); } -#ifdef OPENSSL_NO_COMP -const void *SSL_get_current_compression(SSL *s) -{ - return NULL; -} - -const void *SSL_get_current_expansion(SSL *s) -{ - return NULL; -} -#else - const COMP_METHOD *SSL_get_current_compression(SSL *s) { - if (s->compress != NULL) - return (s->compress->meth); - return (NULL); +#ifndef OPENSSL_NO_COMP + return s->compress ? COMP_CTX_get_method(s->compress) : NULL; +#else + return NULL; +#endif } const COMP_METHOD *SSL_get_current_expansion(SSL *s) { - if (s->expand != NULL) - return (s->expand->meth); - return (NULL); -} +#ifndef OPENSSL_NO_COMP + return s->expand ? COMP_CTX_get_method(s->expand) : NULL; +#else + return NULL; #endif +} int ssl_init_wbio_buffer(SSL *s, int push) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9ae1a0711b..64feb840a2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -705,15 +705,12 @@ typedef struct srp_ctx_st { # endif +typedef struct ssl_comp_st SSL_COMP; struct ssl_comp_st { int id; const char *name; -# ifndef OPENSSL_NO_COMP COMP_METHOD *method; -# else - char *method; -# endif }; DECLARE_STACK_OF(SSL_COMP) @@ -1045,18 +1042,10 @@ struct ssl_st { int mac_flags; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ EVP_MD_CTX *read_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ COMP_CTX *expand; /* uncompress */ -# else - char *expand; -# endif EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -1357,11 +1346,7 @@ typedef struct ssl3_state_st { struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif SSL_SESSION *session; unsigned short epoch; }; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 9277d2ca58..918e75ea0b 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -221,9 +221,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) 0) goto err; } else { - if (BIO_printf - (bp, "\n Compression: %d (%s)", comp->id, - comp->method->name) <= 0) + if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, + comp->name) <= 0) goto err; } } diff --git a/test/ssltest.c b/test/ssltest.c index 39f1d80509..e531b32f65 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -995,7 +995,7 @@ int main(int argc, char *argv[]) int print_time = 0; clock_t s_time = 0, c_time = 0; #ifndef OPENSSL_NO_COMP - int comp = 0; + int n, comp = 0; COMP_METHOD *cm = NULL; STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #endif @@ -1004,7 +1004,6 @@ int main(int argc, char *argv[]) int fips_mode = 0; #endif int no_protocol = 0; - int n; SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL; @@ -1373,7 +1372,7 @@ int main(int argc, char *argv[]) if (comp == COMP_ZLIB) cm = COMP_zlib(); if (cm != NULL) { - if (cm->type != NID_undef) { + if (COMP_get_type(cm) != NID_undef) { if (SSL_COMP_add_compression_method(comp, cm) != 0) { fprintf(stderr, "Failed to add compression method\n"); ERR_print_errors_fp(stderr); diff --git a/util/libeay.num b/util/libeay.num index d1b03030eb..b3dcd5d978 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4557,3 +4557,7 @@ ASN1_TYPE_pack_sequence 4915 EXIST::FUNCTION: ASN1_TYPE_unpack_sequence 4916 EXIST::FUNCTION: CRYPTO_clean_free 4917 NOEXIST::FUNCTION: CRYPTO_clear_free 4918 EXIST::FUNCTION: +COMP_CTX_get_method 4919 EXIST::FUNCTION: +COMP_CTX_get_type 4920 EXIST::FUNCTION: +COMP_get_name 4921 EXIST::FUNCTION: +COMP_get_type 4922 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index ee82ef23cf..ab89e91849 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -164,7 +164,7 @@ SSL_CTX_get_cert_store 180 EXIST::FUNCTION: SSL_CTX_set_cert_store 181 EXIST::FUNCTION: SSL_want 182 EXIST::FUNCTION: SSL_library_init 183 EXIST::FUNCTION: -SSL_COMP_add_compression_method 184 EXIST::FUNCTION:COMP +SSL_COMP_add_compression_method 184 EXIST::FUNCTION: SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA @@ -219,13 +219,13 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: DTLSv1_client_method 268 EXIST::FUNCTION: SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:EC SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:EC -SSL_COMP_get_name 271 EXIST::FUNCTION:COMP -SSL_get_current_compression 272 EXIST::FUNCTION:COMP +SSL_COMP_get_name 271 EXIST::FUNCTION: +SSL_get_current_compression 272 EXIST::FUNCTION: DTLSv1_method 273 EXIST::FUNCTION: -SSL_get_current_expansion 274 EXIST::FUNCTION:COMP +SSL_get_current_expansion 274 EXIST::FUNCTION: DTLSv1_server_method 275 EXIST::FUNCTION: -SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP +SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION: +SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION: SSL_SESSION_get_id 277 EXIST::FUNCTION: SSL_CTX_sess_set_new_cb 278 EXIST::FUNCTION: SSL_CTX_sess_get_get_cb 279 EXIST::FUNCTION: @@ -333,8 +333,8 @@ SSL_CTX_set_srv_supp_data 371 NOEXIST::FUNCTION: SSL_CONF_cmd_argv 372 EXIST::FUNCTION: DTLSv1_2_server_method 373 EXIST::FUNCTION: SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION: -SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION:COMP +SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION: +SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION: SSL_CTX_set_cert_cb 375 EXIST::FUNCTION: SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT SSL_is_server 377 EXIST::FUNCTION: @@ -367,8 +367,8 @@ DTLSv1_2_method 404 EXIST::FUNCTION: DTLS_server_method 405 EXIST::FUNCTION: SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION: -SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION:COMP +SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION: +SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION: SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT SSL_CTX_get_security_callback 410 EXIST::FUNCTION: SSL_SESSION_print_keylog 411 EXIST::FUNCTION: -- 2.34.1