summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortedu <>2014-07-10 08:51:15 +0000
committertedu <>2014-07-10 08:51:15 +0000
commit7fa0fcaa4570540c46d2430a269ae2e95aaa258e (patch)
tree10d3c4ab8299021b37a17232dc3493cb7fc5dd87
parent4edb6fce921fd3bc18b713f5802551bacc02cf8a (diff)
downloadopenbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.gz
openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.bz2
openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.zip
decompress libssl. ok beck jsing
Diffstat
-rw-r--r--src/lib/libssl/d1_both.c7
-rw-r--r--src/lib/libssl/d1_clnt.c26
-rw-r--r--src/lib/libssl/d1_enc.c5
-rw-r--r--src/lib/libssl/d1_pkt.c28
-rw-r--r--src/lib/libssl/d1_srvr.c9
-rw-r--r--src/lib/libssl/dtls1.h7
-rw-r--r--src/lib/libssl/s23_clnt.c21
-rw-r--r--src/lib/libssl/s23_srvr.c4
-rw-r--r--src/lib/libssl/s3_both.c11
-rw-r--r--src/lib/libssl/s3_cbc.c5
-rw-r--r--src/lib/libssl/s3_clnt.c72
-rw-r--r--src/lib/libssl/s3_lib.c6
-rw-r--r--src/lib/libssl/s3_pkt.c69
-rw-r--r--src/lib/libssl/s3_srvr.c97
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c7
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c26
-rw-r--r--src/lib/libssl/src/ssl/d1_enc.c5
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c28
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/dtls1.h7
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c21
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c11
-rw-r--r--src/lib/libssl/src/ssl/s3_cbc.c5
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c72
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c48
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c69
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c97
-rw-r--r--src/lib/libssl/src/ssl/ssl.h37
-rw-r--r--src/lib/libssl/src/ssl/ssl3.h16
-rw-r--r--src/lib/libssl/src/ssl/ssl_algs.c8
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c32
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c175
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h16
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c5
-rw-r--r--src/lib/libssl/src/ssl/ssl_txt.c18
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c45
-rw-r--r--src/lib/libssl/ssl.h37
-rw-r--r--src/lib/libssl/ssl3.h16
-rw-r--r--src/lib/libssl/ssl_algs.c8
-rw-r--r--src/lib/libssl/ssl_asn1.c32
-rw-r--r--src/lib/libssl/ssl_ciph.c175
-rw-r--r--src/lib/libssl/ssl_lib.c30
-rw-r--r--src/lib/libssl/ssl_locl.h16
-rw-r--r--src/lib/libssl/ssl_sess.c5
-rw-r--r--src/lib/libssl/ssl_txt.c18
-rw-r--r--src/lib/libssl/t1_enc.c45
49 files changed, 77 insertions, 1469 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index f27588fcff..e25f69dbb6 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -944,7 +944,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
944 * ssl->s3->read_sequence zero 944 * ssl->s3->read_sequence zero
945 * ssl->s3->read_mac_secret re-init 945 * ssl->s3->read_mac_secret re-init
946 * ssl->session->read_sym_enc assign 946 * ssl->session->read_sym_enc assign
947 * ssl->session->read_compression assign
948 * ssl->session->read_hash assign 947 * ssl->session->read_hash assign
949 */ 948 */
950int 949int
@@ -1160,7 +1159,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1160 /* save current state*/ 1159 /* save current state*/
1161 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; 1160 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1162 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; 1161 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1163 frag->msg_header.saved_retransmit_state.compress = s->compress;
1164 frag->msg_header.saved_retransmit_state.session = s->session; 1162 frag->msg_header.saved_retransmit_state.session = s->session;
1165 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1163 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1166 1164
@@ -1229,7 +1227,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1229 /* save current state */ 1227 /* save current state */
1230 saved_state.enc_write_ctx = s->enc_write_ctx; 1228 saved_state.enc_write_ctx = s->enc_write_ctx;
1231 saved_state.write_hash = s->write_hash; 1229 saved_state.write_hash = s->write_hash;
1232 saved_state.compress = s->compress;
1233 saved_state.session = s->session; 1230 saved_state.session = s->session;
1234 saved_state.epoch = s->d1->w_epoch; 1231 saved_state.epoch = s->d1->w_epoch;
1235 1232
@@ -1238,7 +1235,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1238 /* restore state in which the message was originally sent */ 1235 /* restore state in which the message was originally sent */
1239 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1236 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1240 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1237 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1241 s->compress = frag->msg_header.saved_retransmit_state.compress;
1242 s->session = frag->msg_header.saved_retransmit_state.session; 1238 s->session = frag->msg_header.saved_retransmit_state.session;
1243 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1239 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1244 1240
@@ -1256,7 +1252,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1256 /* restore current state */ 1252 /* restore current state */
1257 s->enc_write_ctx = saved_state.enc_write_ctx; 1253 s->enc_write_ctx = saved_state.enc_write_ctx;
1258 s->write_hash = saved_state.write_hash; 1254 s->write_hash = saved_state.write_hash;
1259 s->compress = saved_state.compress;
1260 s->session = saved_state.session; 1255 s->session = saved_state.session;
1261 s->d1->w_epoch = saved_state.epoch; 1256 s->d1->w_epoch = saved_state.epoch;
1262 1257
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 65b59f7987..04ae11d7bc 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -544,15 +544,6 @@ dtls1_connect(SSL *s)
544 s->init_num = 0; 544 s->init_num = 0;
545 545
546 s->session->cipher = s->s3->tmp.new_cipher; 546 s->session->cipher = s->s3->tmp.new_cipher;
547#ifdef OPENSSL_NO_COMP
548 s->session->compress_meth = 0;
549#else
550 if (s->s3->tmp.new_compression == NULL)
551 s->session->compress_meth = 0;
552 else
553 s->session->compress_meth =
554 s->s3->tmp.new_compression->id;
555#endif
556 if (!s->method->ssl3_enc->setup_key_block(s)) { 547 if (!s->method->ssl3_enc->setup_key_block(s)) {
557 ret = -1; 548 ret = -1;
558 goto end; 549 goto end;
@@ -768,9 +759,8 @@ dtls1_client_hello(SSL *s)
768{ 759{
769 unsigned char *buf; 760 unsigned char *buf;
770 unsigned char *p, *d; 761 unsigned char *p, *d;
771 unsigned int i, j; 762 unsigned int i;
772 unsigned long l; 763 unsigned long l;
773 SSL_COMP *comp;
774 764
775 buf = (unsigned char *)s->init_buf->data; 765 buf = (unsigned char *)s->init_buf->data;
776 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 766 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -839,16 +829,8 @@ dtls1_client_hello(SSL *s)
839 s2n(i, p); 829 s2n(i, p);
840 p += i; 830 p += i;
841 831
842 /* COMPRESSION */ 832 /* add in (no) COMPRESSION */
843 if (s->ctx->comp_methods == NULL) 833 *(p++) = 1;
844 j = 0;
845 else
846 j = sk_SSL_COMP_num(s->ctx->comp_methods);
847 *(p++) = 1 + j;
848 for (i = 0; i < j; i++) {
849 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
850 *(p++) = comp->id;
851 }
852 *(p++) = 0; /* Add the NULL method */ 834 *(p++) = 0; /* Add the NULL method */
853 835
854 if ((p = ssl_add_clienthello_tlsext(s, p, 836 if ((p = ssl_add_clienthello_tlsext(s, p,
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index 104f233937..fe8df15a94 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_enc.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_enc.c,v 1.6 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -115,9 +115,6 @@
115 115
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h" 117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h> 118#include <openssl/evp.h>
122#include <openssl/hmac.h> 119#include <openssl/hmac.h>
123#include <openssl/md5.h> 120#include <openssl/md5.h>
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 56e6939aed..c9ffab1f3c 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.31 2014/07/09 16:06:14 miod Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -427,20 +427,6 @@ dtls1_process_record(SSL *s)
427 goto err; 427 goto err;
428 } 428 }
429 429
430 /* r->length is now just compressed */
431 if (s->expand != NULL) {
432 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
433 al = SSL_AD_RECORD_OVERFLOW;
434 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
435 goto f_err;
436 }
437 if (!ssl3_do_uncompress(s)) {
438 al = SSL_AD_DECOMPRESSION_FAILURE;
439 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
440 goto f_err;
441 }
442 }
443
444 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { 430 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
445 al = SSL_AD_RECORD_OVERFLOW; 431 al = SSL_AD_RECORD_OVERFLOW;
446 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); 432 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1373,16 +1359,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1373 /* we now 'read' from wr->input, wr->length bytes into 1359 /* we now 'read' from wr->input, wr->length bytes into
1374 * wr->data */ 1360 * wr->data */
1375 1361
1376 /* first we compress */ 1362 memcpy(wr->data, wr->input, wr->length);
1377 if (s->compress != NULL) { 1363 wr->input = wr->data;
1378 if (!ssl3_do_compress(s)) {
1379 SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
1380 goto err;
1381 }
1382 } else {
1383 memcpy(wr->data, wr->input, wr->length);
1384 wr->input = wr->data;
1385 }
1386 1364
1387 /* we should still have the output to wr->data and the input 1365 /* we should still have the output to wr->data and the input
1388 * from wr->input. Length should be wr->length. 1366 * from wr->input. Length should be wr->length.
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index c01dc77254..9fdb6c290b 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.29 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,14 +946,7 @@ dtls1_send_server_hello(SSL *s)
946 p += i; 946 p += i;
947 947
948 /* put the compression method */ 948 /* put the compression method */
949#ifdef OPENSSL_NO_COMP
950 *(p++) = 0; 949 *(p++) = 0;
951#else
952 if (s->s3->tmp.new_compression == NULL)
953 *(p++) = 0;
954 else
955 *(p++) = s->s3->tmp.new_compression->id;
956#endif
957 950
958 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 951 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
959 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 952 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index c6e302faf4..e7229fb56b 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtls1.h,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: dtls1.h,v 1.14 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -108,11 +108,6 @@ typedef struct dtls1_bitmap_st {
108struct dtls1_retransmit_state { 108struct dtls1_retransmit_state {
109 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 109 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
110 EVP_MD_CTX *write_hash; /* used for mac generation */ 110 EVP_MD_CTX *write_hash; /* used for mac generation */
111#ifndef OPENSSL_NO_COMP
112 COMP_CTX *compress; /* compression */
113#else
114 char *compress;
115#endif
116 SSL_SESSION *session; 111 SSL_SESSION *session;
117 unsigned short epoch; 112 unsigned short epoch;
118}; 113};
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 510e729d55..e2f1544486 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.29 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -293,10 +293,6 @@ ssl23_client_hello(SSL *s)
293 int i; 293 int i;
294 unsigned long l; 294 unsigned long l;
295 int version = 0, version_major, version_minor; 295 int version = 0, version_major, version_minor;
296#ifndef OPENSSL_NO_COMP
297 int j;
298 SSL_COMP *comp;
299#endif
300 int ret; 296 int ret;
301 unsigned long mask, options = s->options; 297 unsigned long mask, options = s->options;
302 298
@@ -384,21 +380,8 @@ ssl23_client_hello(SSL *s)
384 s2n(i, p); 380 s2n(i, p);
385 p += i; 381 p += i;
386 382
387 /* COMPRESSION */ 383 /* add in (no) COMPRESSION */
388#ifdef OPENSSL_NO_COMP
389 *(p++) = 1; 384 *(p++) = 1;
390#else
391 if ((s->options & SSL_OP_NO_COMPRESSION) ||
392 !s->ctx->comp_methods)
393 j = 0;
394 else
395 j = sk_SSL_COMP_num(s->ctx->comp_methods);
396 *(p++) = 1 + j;
397 for (i = 0; i < j; i++) {
398 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
399 *(p++) = comp->id;
400 }
401#endif
402 /* Add the NULL method */ 385 /* Add the NULL method */
403 *(p++) = 0; 386 *(p++) = 0;
404 387
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index cd1a5174a7..caeb34b78e 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.29 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -487,7 +487,7 @@ ssl23_get_client_hello(SSL *s)
487 } 487 }
488 s2n(j, dd); 488 s2n(j, dd);
489 489
490 /* COMPRESSION */ 490 /* add in (no) COMPRESSION */
491 *(d++) = 1; 491 *(d++) = 1;
492 *(d++) = 0; 492 *(d++) = 0;
493 493
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 2da6b527e1..500387e372 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -287,7 +287,6 @@ f_err:
287 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
288 * ssl->s3->read_mac_secret re-init 288 * ssl->s3->read_mac_secret re-init
289 * ssl->session->read_sym_enc assign 289 * ssl->session->read_sym_enc assign
290 * ssl->session->read_compression assign
291 * ssl->session->read_hash assign 290 * ssl->session->read_hash assign
292 */ 291 */
293int 292int
@@ -640,10 +639,6 @@ ssl3_setup_read_buffer(SSL *s)
640 s->s3->init_extra = 1; 639 s->s3->init_extra = 1;
641 len += SSL3_RT_MAX_EXTRA; 640 len += SSL3_RT_MAX_EXTRA;
642 } 641 }
643#ifndef OPENSSL_NO_COMP
644 if (!(s->options & SSL_OP_NO_COMPRESSION))
645 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
646#endif
647 if ((p = malloc(len)) == NULL) 642 if ((p = malloc(len)) == NULL)
648 goto err; 643 goto err;
649 s->s3->rbuf.buf = p; 644 s->s3->rbuf.buf = p;
@@ -676,10 +671,6 @@ ssl3_setup_write_buffer(SSL *s)
676 if (s->s3->wbuf.buf == NULL) { 671 if (s->s3->wbuf.buf == NULL) {
677 len = s->max_send_fragment + 672 len = s->max_send_fragment +
678 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 673 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
679#ifndef OPENSSL_NO_COMP
680 if (!(s->options & SSL_OP_NO_COMPRESSION))
681 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
682#endif
683 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 674 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
684 len += headerlen + align + 675 len += headerlen + align +
685 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 676 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
index 24f0a22d07..74bd4b47c8 100644
--- a/src/lib/libssl/s3_cbc.c
+++ b/src/lib/libssl/s3_cbc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_cbc.c,v 1.7 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -169,8 +169,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
169 * even length so the padding bug check cannot be performed. This bug 169 * even length so the padding bug check cannot be performed. This bug
170 * workaround has been around since SSLeay so hopefully it is either 170 * workaround has been around since SSLeay so hopefully it is either
171 * fixed now or no buggy implementation supports compression [steve] 171 * fixed now or no buggy implementation supports compression [steve]
172 * (We don't support compression either, so it's not in operation.)
172 */ 173 */
173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { 174 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) {
174 /* First packet is even in size, so check */ 175 /* First packet is even in size, so check */
175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 176 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
176 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { 177 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 61de494244..079544da84 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -472,15 +472,6 @@ ssl3_connect(SSL *s)
472 s->init_num = 0; 472 s->init_num = 0;
473 473
474 s->session->cipher = s->s3->tmp.new_cipher; 474 s->session->cipher = s->s3->tmp.new_cipher;
475#ifdef OPENSSL_NO_COMP
476 s->session->compress_meth = 0;
477#else
478 if (s->s3->tmp.new_compression == NULL)
479 s->session->compress_meth = 0;
480 else
481 s->session->compress_meth =
482 s->s3->tmp.new_compression->id;
483#endif
484 if (!s->method->ssl3_enc->setup_key_block(s)) { 475 if (!s->method->ssl3_enc->setup_key_block(s)) {
485 ret = -1; 476 ret = -1;
486 goto end; 477 goto end;
@@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s)
656 unsigned char *p, *d; 647 unsigned char *p, *d;
657 int i; 648 int i;
658 unsigned long l; 649 unsigned long l;
659#ifndef OPENSSL_NO_COMP
660 int j;
661 SSL_COMP *comp;
662#endif
663 650
664 buf = (unsigned char *)s->init_buf->data; 651 buf = (unsigned char *)s->init_buf->data;
665 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 652 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s)
752 s2n(i, p); 739 s2n(i, p);
753 p += i; 740 p += i;
754 741
755 /* COMPRESSION */ 742 /* add in (no) COMPRESSION */
756#ifdef OPENSSL_NO_COMP
757 *(p++) = 1; 743 *(p++) = 1;
758#else
759
760 if ((s->options & SSL_OP_NO_COMPRESSION) ||
761 !s->ctx->comp_methods)
762 j = 0;
763 else
764 j = sk_SSL_COMP_num(s->ctx->comp_methods);
765 *(p++) = 1 + j;
766 for (i = 0; i < j; i++) {
767 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
768 *(p++) = comp->id;
769 }
770#endif
771 *(p++) = 0; /* Add the NULL method */ 744 *(p++) = 0; /* Add the NULL method */
772 745
773 /* TLS extensions*/ 746 /* TLS extensions*/
@@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s)
809 int i, al, ok; 782 int i, al, ok;
810 unsigned int j; 783 unsigned int j;
811 long n; 784 long n;
812#ifndef OPENSSL_NO_COMP
813 SSL_COMP *comp;
814#endif
815 785
816 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 786 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
817 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); 787 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s)
963 } 933 }
964 /* lets get the compression algorithm */ 934 /* lets get the compression algorithm */
965 /* COMPRESSION */ 935 /* COMPRESSION */
966#ifdef OPENSSL_NO_COMP
967 if (*(p++) != 0) { 936 if (*(p++) != 0) {
968 al = SSL_AD_ILLEGAL_PARAMETER; 937 al = SSL_AD_ILLEGAL_PARAMETER;
969 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 938 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
970 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 939 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
971 goto f_err; 940 goto f_err;
972 } 941 }
973 /*
974 * If compression is disabled we'd better not try to resume a session
975 * using compression.
976 */
977 if (s->session->compress_meth != 0) {
978 al = SSL_AD_INTERNAL_ERROR;
979 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
980 SSL_R_INCONSISTENT_COMPRESSION);
981 goto f_err;
982 }
983#else
984 j= *(p++);
985 if (s->hit && j != s->session->compress_meth) {
986 al = SSL_AD_ILLEGAL_PARAMETER;
987 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
988 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
989 goto f_err;
990 }
991 if (j == 0)
992 comp = NULL;
993 else if (s->options & SSL_OP_NO_COMPRESSION) {
994 al = SSL_AD_ILLEGAL_PARAMETER;
995 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
996 SSL_R_COMPRESSION_DISABLED);
997 goto f_err;
998 } else
999 comp = ssl3_comp_find(s->ctx->comp_methods, j);
1000
1001 if ((j != 0) && (comp == NULL)) {
1002 al = SSL_AD_ILLEGAL_PARAMETER;
1003 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1004 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1005 goto f_err;
1006 } else {
1007 s->s3->tmp.new_compression = comp;
1008 }
1009#endif
1010 942
1011 /* TLS extensions*/ 943 /* TLS extensions*/
1012 if (s->version >= SSL3_VERSION) { 944 if (s->version >= SSL3_VERSION) {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 5c4e530d34..400c1b87e0 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2420,7 +2420,6 @@ ssl3_free(SSL *s)
2420 ssl3_release_read_buffer(s); 2420 ssl3_release_read_buffer(s);
2421 ssl3_release_write_buffer(s); 2421 ssl3_release_write_buffer(s);
2422 2422
2423 free(s->s3->rrec.comp);
2424 DH_free(s->s3->tmp.dh); 2423 DH_free(s->s3->tmp.dh);
2425 EC_KEY_free(s->s3->tmp.ecdh); 2424 EC_KEY_free(s->s3->tmp.ecdh);
2426 2425
@@ -2444,9 +2443,6 @@ ssl3_clear(SSL *s)
2444 if (s->s3->tmp.ca_names != NULL) 2443 if (s->s3->tmp.ca_names != NULL)
2445 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2444 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2446 2445
2447 free(s->s3->rrec.comp);
2448 s->s3->rrec.comp = NULL;
2449
2450 DH_free(s->s3->tmp.dh); 2446 DH_free(s->s3->tmp.dh);
2451 s->s3->tmp.dh = NULL; 2447 s->s3->tmp.dh = NULL;
2452 EC_KEY_free(s->s3->tmp.ecdh); 2448 EC_KEY_free(s->s3->tmp.ecdh);
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index a508d5ee49..237d90c581 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.49 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -469,21 +469,6 @@ again:
469 goto f_err; 469 goto f_err;
470 } 470 }
471 471
472 /* r->length is now just compressed */
473 if (s->expand != NULL) {
474 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
475 al = SSL_AD_RECORD_OVERFLOW;
476 SSLerr(SSL_F_SSL3_GET_RECORD,
477 SSL_R_COMPRESSED_LENGTH_TOO_LONG);
478 goto f_err;
479 }
480 if (!ssl3_do_uncompress(s)) {
481 al = SSL_AD_DECOMPRESSION_FAILURE;
482 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
483 goto f_err;
484 }
485 }
486
487 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { 472 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
488 al = SSL_AD_RECORD_OVERFLOW; 473 al = SSL_AD_RECORD_OVERFLOW;
489 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); 474 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -516,46 +501,6 @@ err:
516 return (ret); 501 return (ret);
517} 502}
518 503
519int
520ssl3_do_uncompress(SSL *ssl)
521{
522#ifndef OPENSSL_NO_COMP
523 int i;
524 SSL3_RECORD *rr;
525
526 rr = &(ssl->s3->rrec);
527 i = COMP_expand_block(ssl->expand, rr->comp,
528 SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
529 if (i < 0)
530 return (0);
531 else
532 rr->length = i;
533 rr->data = rr->comp;
534#endif
535 return (1);
536}
537
538int
539ssl3_do_compress(SSL *ssl)
540{
541#ifndef OPENSSL_NO_COMP
542 int i;
543 SSL3_RECORD *wr;
544
545 wr = &(ssl->s3->wrec);
546 i = COMP_compress_block(ssl->compress, wr->data,
547 SSL3_RT_MAX_COMPRESSED_LENGTH,
548 wr->input, (int)wr->length);
549 if (i < 0)
550 return (0);
551 else
552 wr->length = i;
553
554 wr->input = wr->data;
555#endif
556 return (1);
557}
558
559/* Call this to write data in records of type 'type' 504/* Call this to write data in records of type 'type'
560 * It will return <= 0 if not all data has been sent or non-blocking IO. 505 * It will return <= 0 if not all data has been sent or non-blocking IO.
561 */ 506 */
@@ -766,16 +711,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
766 711
767 /* we now 'read' from wr->input, wr->length bytes into wr->data */ 712 /* we now 'read' from wr->input, wr->length bytes into wr->data */
768 713
769 /* first we compress */ 714 memcpy(wr->data, wr->input, wr->length);
770 if (s->compress != NULL) { 715 wr->input = wr->data;
771 if (!ssl3_do_compress(s)) {
772 SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
773 goto err;
774 }
775 } else {
776 memcpy(wr->data, wr->input, wr->length);
777 wr->input = wr->data;
778 }
779 716
780 /* we should still have the output to wr->data and the input 717 /* we should still have the output to wr->data and the input
781 * from wr->input. Length should be wr->length. 718 * from wr->input. Length should be wr->length.
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index a3e62ea323..200b3b6bf2 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
884 unsigned long id; 884 unsigned long id;
885 unsigned char *p, *d, *q; 885 unsigned char *p, *d, *q;
886 SSL_CIPHER *c; 886 SSL_CIPHER *c;
887#ifndef OPENSSL_NO_COMP
888 SSL_COMP *comp = NULL;
889#endif
890 STACK_OF(SSL_CIPHER) *ciphers = NULL; 887 STACK_OF(SSL_CIPHER) *ciphers = NULL;
891 888
892 /* 889 /*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
1173 } 1170 }
1174 1171
1175 /* 1172 /*
1176 * Worst case, we will use the NULL compression, but if we have other
1177 * options, we will now look for them. We have i-1 compression
1178 * algorithms from the client, starting at q.
1179 */
1180 s->s3->tmp.new_compression = NULL;
1181#ifndef OPENSSL_NO_COMP
1182 /* This only happens if we have a cache hit */
1183 if (s->session->compress_meth != 0) {
1184 int m, comp_id = s->session->compress_meth;
1185 /* Perform sanity checks on resumed compression algorithm */
1186 /* Can't disable compression */
1187 if (s->options & SSL_OP_NO_COMPRESSION) {
1188 al = SSL_AD_INTERNAL_ERROR;
1189 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1190 SSL_R_INCONSISTENT_COMPRESSION);
1191 goto f_err;
1192 }
1193 /* Look for resumed compression method */
1194 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
1195 comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1196 if (comp_id == comp->id) {
1197 s->s3->tmp.new_compression = comp;
1198 break;
1199 }
1200 }
1201 if (s->s3->tmp.new_compression == NULL) {
1202 al = SSL_AD_INTERNAL_ERROR;
1203 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1204 SSL_R_INVALID_COMPRESSION_ALGORITHM);
1205 goto f_err;
1206 }
1207 /* Look for resumed method in compression list */
1208 for (m = 0; m < i; m++) {
1209 if (q[m] == comp_id)
1210 break;
1211 }
1212 if (m >= i) {
1213 al = SSL_AD_ILLEGAL_PARAMETER;
1214 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1215 SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1216 goto f_err;
1217 }
1218 } else if (s->hit)
1219 comp = NULL;
1220 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1221 { /* See if we have a match */
1222 int m, nn, o, v, done = 0;
1223
1224 nn = sk_SSL_COMP_num(s->ctx->comp_methods);
1225 for (m = 0; m < nn; m++) {
1226 comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1227 v = comp->id;
1228 for (o = 0; o < i; o++) {
1229 if (v == q[o]) {
1230 done = 1;
1231 break;
1232 }
1233 }
1234 if (done)
1235 break;
1236 }
1237 if (done)
1238 s->s3->tmp.new_compression = comp;
1239 else
1240 comp = NULL;
1241 }
1242#else
1243 /*
1244 * If compression is disabled we'd better not try to resume a session
1245 * using compression.
1246 */
1247 if (s->session->compress_meth != 0) {
1248 al = SSL_AD_INTERNAL_ERROR;
1249 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1250 SSL_R_INCONSISTENT_COMPRESSION);
1251 goto f_err;
1252 }
1253#endif
1254
1255 /*
1256 * Given s->session->ciphers and SSL_get_ciphers, we must 1173 * Given s->session->ciphers and SSL_get_ciphers, we must
1257 * pick a cipher 1174 * pick a cipher
1258 */ 1175 */
1259 1176
1260 if (!s->hit) { 1177 if (!s->hit) {
1261#ifdef OPENSSL_NO_COMP
1262 s->session->compress_meth = 0;
1263#else
1264 s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
1265#endif
1266 if (s->session->ciphers != NULL) 1178 if (s->session->ciphers != NULL)
1267 sk_SSL_CIPHER_free(s->session->ciphers); 1179 sk_SSL_CIPHER_free(s->session->ciphers);
1268 s->session->ciphers = ciphers; 1180 s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
1405 p += i; 1317 p += i;
1406 1318
1407 /* put the compression method */ 1319 /* put the compression method */
1408#ifdef OPENSSL_NO_COMP
1409 *(p++) = 0; 1320 *(p++) = 0;
1410#else
1411 if (s->s3->tmp.new_compression == NULL)
1412 *(p++) = 0;
1413 else
1414 *(p++) = s->s3->tmp.new_compression->id;
1415#endif
1416 if (ssl_prepare_serverhello_tlsext(s) <= 0) { 1321 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1417 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1322 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1418 SSL_R_SERVERHELLO_TLSEXT); 1323 SSL_R_SERVERHELLO_TLSEXT);
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index f27588fcff..e25f69dbb6 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */ 1/* $OpenBSD: d1_both.c,v 1.24 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -944,7 +944,6 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
944 * ssl->s3->read_sequence zero 944 * ssl->s3->read_sequence zero
945 * ssl->s3->read_mac_secret re-init 945 * ssl->s3->read_mac_secret re-init
946 * ssl->session->read_sym_enc assign 946 * ssl->session->read_sym_enc assign
947 * ssl->session->read_compression assign
948 * ssl->session->read_hash assign 947 * ssl->session->read_hash assign
949 */ 948 */
950int 949int
@@ -1160,7 +1159,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1160 /* save current state*/ 1159 /* save current state*/
1161 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; 1160 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1162 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; 1161 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1163 frag->msg_header.saved_retransmit_state.compress = s->compress;
1164 frag->msg_header.saved_retransmit_state.session = s->session; 1162 frag->msg_header.saved_retransmit_state.session = s->session;
1165 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; 1163 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1166 1164
@@ -1229,7 +1227,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1229 /* save current state */ 1227 /* save current state */
1230 saved_state.enc_write_ctx = s->enc_write_ctx; 1228 saved_state.enc_write_ctx = s->enc_write_ctx;
1231 saved_state.write_hash = s->write_hash; 1229 saved_state.write_hash = s->write_hash;
1232 saved_state.compress = s->compress;
1233 saved_state.session = s->session; 1230 saved_state.session = s->session;
1234 saved_state.epoch = s->d1->w_epoch; 1231 saved_state.epoch = s->d1->w_epoch;
1235 1232
@@ -1238,7 +1235,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1238 /* restore state in which the message was originally sent */ 1235 /* restore state in which the message was originally sent */
1239 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; 1236 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1240 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; 1237 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1241 s->compress = frag->msg_header.saved_retransmit_state.compress;
1242 s->session = frag->msg_header.saved_retransmit_state.session; 1238 s->session = frag->msg_header.saved_retransmit_state.session;
1243 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; 1239 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1244 1240
@@ -1256,7 +1252,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1256 /* restore current state */ 1252 /* restore current state */
1257 s->enc_write_ctx = saved_state.enc_write_ctx; 1253 s->enc_write_ctx = saved_state.enc_write_ctx;
1258 s->write_hash = saved_state.write_hash; 1254 s->write_hash = saved_state.write_hash;
1259 s->compress = saved_state.compress;
1260 s->session = saved_state.session; 1255 s->session = saved_state.session;
1261 s->d1->w_epoch = saved_state.epoch; 1256 s->d1->w_epoch = saved_state.epoch;
1262 1257
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 65b59f7987..04ae11d7bc 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.27 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -544,15 +544,6 @@ dtls1_connect(SSL *s)
544 s->init_num = 0; 544 s->init_num = 0;
545 545
546 s->session->cipher = s->s3->tmp.new_cipher; 546 s->session->cipher = s->s3->tmp.new_cipher;
547#ifdef OPENSSL_NO_COMP
548 s->session->compress_meth = 0;
549#else
550 if (s->s3->tmp.new_compression == NULL)
551 s->session->compress_meth = 0;
552 else
553 s->session->compress_meth =
554 s->s3->tmp.new_compression->id;
555#endif
556 if (!s->method->ssl3_enc->setup_key_block(s)) { 547 if (!s->method->ssl3_enc->setup_key_block(s)) {
557 ret = -1; 548 ret = -1;
558 goto end; 549 goto end;
@@ -768,9 +759,8 @@ dtls1_client_hello(SSL *s)
768{ 759{
769 unsigned char *buf; 760 unsigned char *buf;
770 unsigned char *p, *d; 761 unsigned char *p, *d;
771 unsigned int i, j; 762 unsigned int i;
772 unsigned long l; 763 unsigned long l;
773 SSL_COMP *comp;
774 764
775 buf = (unsigned char *)s->init_buf->data; 765 buf = (unsigned char *)s->init_buf->data;
776 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 766 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -839,16 +829,8 @@ dtls1_client_hello(SSL *s)
839 s2n(i, p); 829 s2n(i, p);
840 p += i; 830 p += i;
841 831
842 /* COMPRESSION */ 832 /* add in (no) COMPRESSION */
843 if (s->ctx->comp_methods == NULL) 833 *(p++) = 1;
844 j = 0;
845 else
846 j = sk_SSL_COMP_num(s->ctx->comp_methods);
847 *(p++) = 1 + j;
848 for (i = 0; i < j; i++) {
849 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
850 *(p++) = comp->id;
851 }
852 *(p++) = 0; /* Add the NULL method */ 834 *(p++) = 0; /* Add the NULL method */
853 835
854 if ((p = ssl_add_clienthello_tlsext(s, p, 836 if ((p = ssl_add_clienthello_tlsext(s, p,
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index 104f233937..fe8df15a94 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_enc.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: d1_enc.c,v 1.6 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -115,9 +115,6 @@
115 115
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h" 117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h> 118#include <openssl/evp.h>
122#include <openssl/hmac.h> 119#include <openssl/hmac.h>
123#include <openssl/md5.h> 120#include <openssl/md5.h>
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 56e6939aed..c9ffab1f3c 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_pkt.c,v 1.31 2014/07/09 16:06:14 miod Exp $ */ 1/* $OpenBSD: d1_pkt.c,v 1.32 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -427,20 +427,6 @@ dtls1_process_record(SSL *s)
427 goto err; 427 goto err;
428 } 428 }
429 429
430 /* r->length is now just compressed */
431 if (s->expand != NULL) {
432 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
433 al = SSL_AD_RECORD_OVERFLOW;
434 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
435 goto f_err;
436 }
437 if (!ssl3_do_uncompress(s)) {
438 al = SSL_AD_DECOMPRESSION_FAILURE;
439 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
440 goto f_err;
441 }
442 }
443
444 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { 430 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
445 al = SSL_AD_RECORD_OVERFLOW; 431 al = SSL_AD_RECORD_OVERFLOW;
446 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); 432 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1373,16 +1359,8 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1373 /* we now 'read' from wr->input, wr->length bytes into 1359 /* we now 'read' from wr->input, wr->length bytes into
1374 * wr->data */ 1360 * wr->data */
1375 1361
1376 /* first we compress */ 1362 memcpy(wr->data, wr->input, wr->length);
1377 if (s->compress != NULL) { 1363 wr->input = wr->data;
1378 if (!ssl3_do_compress(s)) {
1379 SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
1380 goto err;
1381 }
1382 } else {
1383 memcpy(wr->data, wr->input, wr->length);
1384 wr->input = wr->data;
1385 }
1386 1364
1387 /* we should still have the output to wr->data and the input 1365 /* we should still have the output to wr->data and the input
1388 * from wr->input. Length should be wr->length. 1366 * from wr->input. Length should be wr->length.
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index c01dc77254..9fdb6c290b 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srvr.c,v 1.28 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: d1_srvr.c,v 1.29 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -946,14 +946,7 @@ dtls1_send_server_hello(SSL *s)
946 p += i; 946 p += i;
947 947
948 /* put the compression method */ 948 /* put the compression method */
949#ifdef OPENSSL_NO_COMP
950 *(p++) = 0; 949 *(p++) = 0;
951#else
952 if (s->s3->tmp.new_compression == NULL)
953 *(p++) = 0;
954 else
955 *(p++) = s->s3->tmp.new_compression->id;
956#endif
957 950
958 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { 951 if ((p = ssl_add_serverhello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
959 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); 952 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index c6e302faf4..e7229fb56b 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtls1.h,v 1.13 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: dtls1.h,v 1.14 2014/07/10 08:51:14 tedu Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -108,11 +108,6 @@ typedef struct dtls1_bitmap_st {
108struct dtls1_retransmit_state { 108struct dtls1_retransmit_state {
109 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 109 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
110 EVP_MD_CTX *write_hash; /* used for mac generation */ 110 EVP_MD_CTX *write_hash; /* used for mac generation */
111#ifndef OPENSSL_NO_COMP
112 COMP_CTX *compress; /* compression */
113#else
114 char *compress;
115#endif
116 SSL_SESSION *session; 111 SSL_SESSION *session;
117 unsigned short epoch; 112 unsigned short epoch;
118}; 113};
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 510e729d55..e2f1544486 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_clnt.c,v 1.29 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s23_clnt.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -293,10 +293,6 @@ ssl23_client_hello(SSL *s)
293 int i; 293 int i;
294 unsigned long l; 294 unsigned long l;
295 int version = 0, version_major, version_minor; 295 int version = 0, version_major, version_minor;
296#ifndef OPENSSL_NO_COMP
297 int j;
298 SSL_COMP *comp;
299#endif
300 int ret; 296 int ret;
301 unsigned long mask, options = s->options; 297 unsigned long mask, options = s->options;
302 298
@@ -384,21 +380,8 @@ ssl23_client_hello(SSL *s)
384 s2n(i, p); 380 s2n(i, p);
385 p += i; 381 p += i;
386 382
387 /* COMPRESSION */ 383 /* add in (no) COMPRESSION */
388#ifdef OPENSSL_NO_COMP
389 *(p++) = 1; 384 *(p++) = 1;
390#else
391 if ((s->options & SSL_OP_NO_COMPRESSION) ||
392 !s->ctx->comp_methods)
393 j = 0;
394 else
395 j = sk_SSL_COMP_num(s->ctx->comp_methods);
396 *(p++) = 1 + j;
397 for (i = 0; i < j; i++) {
398 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
399 *(p++) = comp->id;
400 }
401#endif
402 /* Add the NULL method */ 385 /* Add the NULL method */
403 *(p++) = 0; 386 *(p++) = 0;
404 387
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index cd1a5174a7..caeb34b78e 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s23_srvr.c,v 1.29 2014/06/30 14:13:27 tedu Exp $ */ 1/* $OpenBSD: s23_srvr.c,v 1.30 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -487,7 +487,7 @@ ssl23_get_client_hello(SSL *s)
487 } 487 }
488 s2n(j, dd); 488 s2n(j, dd);
489 489
490 /* COMPRESSION */ 490 /* add in (no) COMPRESSION */
491 *(d++) = 1; 491 *(d++) = 1;
492 *(d++) = 0; 492 *(d++) = 0;
493 493
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 2da6b527e1..500387e372 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.26 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -287,7 +287,6 @@ f_err:
287 * ssl->s3->read_sequence zero 287 * ssl->s3->read_sequence zero
288 * ssl->s3->read_mac_secret re-init 288 * ssl->s3->read_mac_secret re-init
289 * ssl->session->read_sym_enc assign 289 * ssl->session->read_sym_enc assign
290 * ssl->session->read_compression assign
291 * ssl->session->read_hash assign 290 * ssl->session->read_hash assign
292 */ 291 */
293int 292int
@@ -640,10 +639,6 @@ ssl3_setup_read_buffer(SSL *s)
640 s->s3->init_extra = 1; 639 s->s3->init_extra = 1;
641 len += SSL3_RT_MAX_EXTRA; 640 len += SSL3_RT_MAX_EXTRA;
642 } 641 }
643#ifndef OPENSSL_NO_COMP
644 if (!(s->options & SSL_OP_NO_COMPRESSION))
645 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
646#endif
647 if ((p = malloc(len)) == NULL) 642 if ((p = malloc(len)) == NULL)
648 goto err; 643 goto err;
649 s->s3->rbuf.buf = p; 644 s->s3->rbuf.buf = p;
@@ -676,10 +671,6 @@ ssl3_setup_write_buffer(SSL *s)
676 if (s->s3->wbuf.buf == NULL) { 671 if (s->s3->wbuf.buf == NULL) {
677 len = s->max_send_fragment + 672 len = s->max_send_fragment +
678 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; 673 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
679#ifndef OPENSSL_NO_COMP
680 if (!(s->options & SSL_OP_NO_COMPRESSION))
681 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
682#endif
683 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) 674 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
684 len += headerlen + align + 675 len += headerlen + align +
685 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; 676 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
diff --git a/src/lib/libssl/src/ssl/s3_cbc.c b/src/lib/libssl/src/ssl/s3_cbc.c
index 24f0a22d07..74bd4b47c8 100644
--- a/src/lib/libssl/src/ssl/s3_cbc.c
+++ b/src/lib/libssl/src/ssl/s3_cbc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_cbc.c,v 1.7 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: s3_cbc.c,v 1.8 2014/07/10 08:51:14 tedu Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -169,8 +169,9 @@ tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
169 * even length so the padding bug check cannot be performed. This bug 169 * even length so the padding bug check cannot be performed. This bug
170 * workaround has been around since SSLeay so hopefully it is either 170 * workaround has been around since SSLeay so hopefully it is either
171 * fixed now or no buggy implementation supports compression [steve] 171 * fixed now or no buggy implementation supports compression [steve]
172 * (We don't support compression either, so it's not in operation.)
172 */ 173 */
173 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { 174 if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) {
174 /* First packet is even in size, so check */ 175 /* First packet is even in size, so check */
175 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 176 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",
176 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { 177 SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) {
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 61de494244..079544da84 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -472,15 +472,6 @@ ssl3_connect(SSL *s)
472 s->init_num = 0; 472 s->init_num = 0;
473 473
474 s->session->cipher = s->s3->tmp.new_cipher; 474 s->session->cipher = s->s3->tmp.new_cipher;
475#ifdef OPENSSL_NO_COMP
476 s->session->compress_meth = 0;
477#else
478 if (s->s3->tmp.new_compression == NULL)
479 s->session->compress_meth = 0;
480 else
481 s->session->compress_meth =
482 s->s3->tmp.new_compression->id;
483#endif
484 if (!s->method->ssl3_enc->setup_key_block(s)) { 475 if (!s->method->ssl3_enc->setup_key_block(s)) {
485 ret = -1; 476 ret = -1;
486 goto end; 477 goto end;
@@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s)
656 unsigned char *p, *d; 647 unsigned char *p, *d;
657 int i; 648 int i;
658 unsigned long l; 649 unsigned long l;
659#ifndef OPENSSL_NO_COMP
660 int j;
661 SSL_COMP *comp;
662#endif
663 650
664 buf = (unsigned char *)s->init_buf->data; 651 buf = (unsigned char *)s->init_buf->data;
665 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { 652 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s)
752 s2n(i, p); 739 s2n(i, p);
753 p += i; 740 p += i;
754 741
755 /* COMPRESSION */ 742 /* add in (no) COMPRESSION */
756#ifdef OPENSSL_NO_COMP
757 *(p++) = 1; 743 *(p++) = 1;
758#else
759
760 if ((s->options & SSL_OP_NO_COMPRESSION) ||
761 !s->ctx->comp_methods)
762 j = 0;
763 else
764 j = sk_SSL_COMP_num(s->ctx->comp_methods);
765 *(p++) = 1 + j;
766 for (i = 0; i < j; i++) {
767 comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
768 *(p++) = comp->id;
769 }
770#endif
771 *(p++) = 0; /* Add the NULL method */ 744 *(p++) = 0; /* Add the NULL method */
772 745
773 /* TLS extensions*/ 746 /* TLS extensions*/
@@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s)
809 int i, al, ok; 782 int i, al, ok;
810 unsigned int j; 783 unsigned int j;
811 long n; 784 long n;
812#ifndef OPENSSL_NO_COMP
813 SSL_COMP *comp;
814#endif
815 785
816 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, 786 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
817 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); 787 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s)
963 } 933 }
964 /* lets get the compression algorithm */ 934 /* lets get the compression algorithm */
965 /* COMPRESSION */ 935 /* COMPRESSION */
966#ifdef OPENSSL_NO_COMP
967 if (*(p++) != 0) { 936 if (*(p++) != 0) {
968 al = SSL_AD_ILLEGAL_PARAMETER; 937 al = SSL_AD_ILLEGAL_PARAMETER;
969 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, 938 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
970 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 939 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
971 goto f_err; 940 goto f_err;
972 } 941 }
973 /*
974 * If compression is disabled we'd better not try to resume a session
975 * using compression.
976 */
977 if (s->session->compress_meth != 0) {
978 al = SSL_AD_INTERNAL_ERROR;
979 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
980 SSL_R_INCONSISTENT_COMPRESSION);
981 goto f_err;
982 }
983#else
984 j= *(p++);
985 if (s->hit && j != s->session->compress_meth) {
986 al = SSL_AD_ILLEGAL_PARAMETER;
987 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
988 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
989 goto f_err;
990 }
991 if (j == 0)
992 comp = NULL;
993 else if (s->options & SSL_OP_NO_COMPRESSION) {
994 al = SSL_AD_ILLEGAL_PARAMETER;
995 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
996 SSL_R_COMPRESSION_DISABLED);
997 goto f_err;
998 } else
999 comp = ssl3_comp_find(s->ctx->comp_methods, j);
1000
1001 if ((j != 0) && (comp == NULL)) {
1002 al = SSL_AD_ILLEGAL_PARAMETER;
1003 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1004 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1005 goto f_err;
1006 } else {
1007 s->s3->tmp.new_compression = comp;
1008 }
1009#endif
1010 942
1011 /* TLS extensions*/ 943 /* TLS extensions*/
1012 if (s->version >= SSL3_VERSION) { 944 if (s->version >= SSL3_VERSION) {
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 5111e0e4fa..d9fedfbb1a 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_enc.c,v 1.51 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: s3_enc.c,v 1.52 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -225,9 +225,6 @@ ssl3_change_cipher_state(SSL *s, int which)
225 const EVP_CIPHER *cipher; 225 const EVP_CIPHER *cipher;
226 const EVP_MD *mac; 226 const EVP_MD *mac;
227 227
228#ifndef OPENSSL_NO_COMP
229 const SSL_COMP *comp;
230#endif
231 228
232 cipher = s->s3->tmp.new_sym_enc; 229 cipher = s->s3->tmp.new_sym_enc;
233 mac = s->s3->tmp.new_hash; 230 mac = s->s3->tmp.new_hash;
@@ -250,41 +247,6 @@ ssl3_change_cipher_state(SSL *s, int which)
250 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 247 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
251 (which == SSL3_CHANGE_CIPHER_SERVER_READ)); 248 (which == SSL3_CHANGE_CIPHER_SERVER_READ));
252 249
253#ifndef OPENSSL_NO_COMP
254 comp = s->s3->tmp.new_compression;
255 if (is_read) {
256 if (s->expand != NULL) {
257 COMP_CTX_free(s->expand);
258 s->expand = NULL;
259 }
260 if (comp != NULL) {
261 s->expand = COMP_CTX_new(comp->method);
262 if (s->expand == NULL) {
263 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
264 SSL_R_COMPRESSION_LIBRARY_ERROR);
265 goto err2;
266 }
267 if (s->s3->rrec.comp == NULL)
268 s->s3->rrec.comp =
269 malloc(SSL3_RT_MAX_PLAIN_LENGTH);
270 if (s->s3->rrec.comp == NULL)
271 goto err;
272 }
273 } else {
274 if (s->compress != NULL) {
275 COMP_CTX_free(s->compress);
276 s->compress = NULL;
277 }
278 if (comp != NULL) {
279 s->compress = COMP_CTX_new(comp->method);
280 if (s->compress == NULL) {
281 SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
282 SSL_R_COMPRESSION_LIBRARY_ERROR);
283 goto err2;
284 }
285 }
286 }
287#endif
288 250
289 if (is_read) { 251 if (is_read) {
290 EVP_CIPHER_CTX_free(s->enc_read_ctx); 252 EVP_CIPHER_CTX_free(s->enc_read_ctx);
@@ -365,17 +327,10 @@ ssl3_setup_key_block(SSL *s)
365 const EVP_CIPHER *cipher; 327 const EVP_CIPHER *cipher;
366 const EVP_MD *mac; 328 const EVP_MD *mac;
367 int ret = 0; 329 int ret = 0;
368 SSL_COMP *comp;
369 330
370 if (s->s3->tmp.key_block_length != 0) 331 if (s->s3->tmp.key_block_length != 0)
371 return (1); 332 return (1);
372 333
373 if (!ssl_cipher_get_comp(s->session, &comp)) {
374 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,
375 SSL_R_CIPHER_COMPRESSION_UNAVAILABLE);
376 return (0);
377 }
378
379 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, NULL, NULL)) { 334 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, NULL, NULL)) {
380 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, 335 SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,
381 SSL_R_CIPHER_OR_HASH_UNAVAILABLE); 336 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
@@ -384,7 +339,6 @@ ssl3_setup_key_block(SSL *s)
384 339
385 s->s3->tmp.new_sym_enc = cipher; 340 s->s3->tmp.new_sym_enc = cipher;
386 s->s3->tmp.new_hash = mac; 341 s->s3->tmp.new_hash = mac;
387 s->s3->tmp.new_compression = comp;
388 342
389 mac_len = EVP_MD_size(mac); 343 mac_len = EVP_MD_size(mac);
390 key_len = EVP_CIPHER_key_length(cipher); 344 key_len = EVP_CIPHER_key_length(cipher);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 5c4e530d34..400c1b87e0 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.67 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.68 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2420,7 +2420,6 @@ ssl3_free(SSL *s)
2420 ssl3_release_read_buffer(s); 2420 ssl3_release_read_buffer(s);
2421 ssl3_release_write_buffer(s); 2421 ssl3_release_write_buffer(s);
2422 2422
2423 free(s->s3->rrec.comp);
2424 DH_free(s->s3->tmp.dh); 2423 DH_free(s->s3->tmp.dh);
2425 EC_KEY_free(s->s3->tmp.ecdh); 2424 EC_KEY_free(s->s3->tmp.ecdh);
2426 2425
@@ -2444,9 +2443,6 @@ ssl3_clear(SSL *s)
2444 if (s->s3->tmp.ca_names != NULL) 2443 if (s->s3->tmp.ca_names != NULL)
2445 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); 2444 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2446 2445
2447 free(s->s3->rrec.comp);
2448 s->s3->rrec.comp = NULL;
2449
2450 DH_free(s->s3->tmp.dh); 2446 DH_free(s->s3->tmp.dh);
2451 s->s3->tmp.dh = NULL; 2447 s->s3->tmp.dh = NULL;
2452 EC_KEY_free(s->s3->tmp.ecdh); 2448 EC_KEY_free(s->s3->tmp.ecdh);
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index a508d5ee49..237d90c581 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */ 1/* $OpenBSD: s3_pkt.c,v 1.49 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -469,21 +469,6 @@ again:
469 goto f_err; 469 goto f_err;
470 } 470 }
471 471
472 /* r->length is now just compressed */
473 if (s->expand != NULL) {
474 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
475 al = SSL_AD_RECORD_OVERFLOW;
476 SSLerr(SSL_F_SSL3_GET_RECORD,
477 SSL_R_COMPRESSED_LENGTH_TOO_LONG);
478 goto f_err;
479 }
480 if (!ssl3_do_uncompress(s)) {
481 al = SSL_AD_DECOMPRESSION_FAILURE;
482 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
483 goto f_err;
484 }
485 }
486
487 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { 472 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
488 al = SSL_AD_RECORD_OVERFLOW; 473 al = SSL_AD_RECORD_OVERFLOW;
489 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); 474 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
@@ -516,46 +501,6 @@ err:
516 return (ret); 501 return (ret);
517} 502}
518 503
519int
520ssl3_do_uncompress(SSL *ssl)
521{
522#ifndef OPENSSL_NO_COMP
523 int i;
524 SSL3_RECORD *rr;
525
526 rr = &(ssl->s3->rrec);
527 i = COMP_expand_block(ssl->expand, rr->comp,
528 SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
529 if (i < 0)
530 return (0);
531 else
532 rr->length = i;
533 rr->data = rr->comp;
534#endif
535 return (1);
536}
537
538int
539ssl3_do_compress(SSL *ssl)
540{
541#ifndef OPENSSL_NO_COMP
542 int i;
543 SSL3_RECORD *wr;
544
545 wr = &(ssl->s3->wrec);
546 i = COMP_compress_block(ssl->compress, wr->data,
547 SSL3_RT_MAX_COMPRESSED_LENGTH,
548 wr->input, (int)wr->length);
549 if (i < 0)
550 return (0);
551 else
552 wr->length = i;
553
554 wr->input = wr->data;
555#endif
556 return (1);
557}
558
559/* Call this to write data in records of type 'type' 504/* Call this to write data in records of type 'type'
560 * It will return <= 0 if not all data has been sent or non-blocking IO. 505 * It will return <= 0 if not all data has been sent or non-blocking IO.
561 */ 506 */
@@ -766,16 +711,8 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf,
766 711
767 /* we now 'read' from wr->input, wr->length bytes into wr->data */ 712 /* we now 'read' from wr->input, wr->length bytes into wr->data */
768 713
769 /* first we compress */ 714 memcpy(wr->data, wr->input, wr->length);
770 if (s->compress != NULL) { 715 wr->input = wr->data;
771 if (!ssl3_do_compress(s)) {
772 SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
773 goto err;
774 }
775 } else {
776 memcpy(wr->data, wr->input, wr->length);
777 wr->input = wr->data;
778 }
779 716
780 /* we should still have the output to wr->data and the input 717 /* we should still have the output to wr->data and the input
781 * from wr->input. Length should be wr->length. 718 * from wr->input. Length should be wr->length.
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index a3e62ea323..200b3b6bf2 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
884 unsigned long id; 884 unsigned long id;
885 unsigned char *p, *d, *q; 885 unsigned char *p, *d, *q;
886 SSL_CIPHER *c; 886 SSL_CIPHER *c;
887#ifndef OPENSSL_NO_COMP
888 SSL_COMP *comp = NULL;
889#endif
890 STACK_OF(SSL_CIPHER) *ciphers = NULL; 887 STACK_OF(SSL_CIPHER) *ciphers = NULL;
891 888
892 /* 889 /*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
1173 } 1170 }
1174 1171
1175 /* 1172 /*
1176 * Worst case, we will use the NULL compression, but if we have other
1177 * options, we will now look for them. We have i-1 compression
1178 * algorithms from the client, starting at q.
1179 */
1180 s->s3->tmp.new_compression = NULL;
1181#ifndef OPENSSL_NO_COMP
1182 /* This only happens if we have a cache hit */
1183 if (s->session->compress_meth != 0) {
1184 int m, comp_id = s->session->compress_meth;
1185 /* Perform sanity checks on resumed compression algorithm */
1186 /* Can't disable compression */
1187 if (s->options & SSL_OP_NO_COMPRESSION) {
1188 al = SSL_AD_INTERNAL_ERROR;
1189 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1190 SSL_R_INCONSISTENT_COMPRESSION);
1191 goto f_err;
1192 }
1193 /* Look for resumed compression method */
1194 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
1195 comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1196 if (comp_id == comp->id) {
1197 s->s3->tmp.new_compression = comp;
1198 break;
1199 }
1200 }
1201 if (s->s3->tmp.new_compression == NULL) {
1202 al = SSL_AD_INTERNAL_ERROR;
1203 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1204 SSL_R_INVALID_COMPRESSION_ALGORITHM);
1205 goto f_err;
1206 }
1207 /* Look for resumed method in compression list */
1208 for (m = 0; m < i; m++) {
1209 if (q[m] == comp_id)
1210 break;
1211 }
1212 if (m >= i) {
1213 al = SSL_AD_ILLEGAL_PARAMETER;
1214 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1215 SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1216 goto f_err;
1217 }
1218 } else if (s->hit)
1219 comp = NULL;
1220 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1221 { /* See if we have a match */
1222 int m, nn, o, v, done = 0;
1223
1224 nn = sk_SSL_COMP_num(s->ctx->comp_methods);
1225 for (m = 0; m < nn; m++) {
1226 comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1227 v = comp->id;
1228 for (o = 0; o < i; o++) {
1229 if (v == q[o]) {
1230 done = 1;
1231 break;
1232 }
1233 }
1234 if (done)
1235 break;
1236 }
1237 if (done)
1238 s->s3->tmp.new_compression = comp;
1239 else
1240 comp = NULL;
1241 }
1242#else
1243 /*
1244 * If compression is disabled we'd better not try to resume a session
1245 * using compression.
1246 */
1247 if (s->session->compress_meth != 0) {
1248 al = SSL_AD_INTERNAL_ERROR;
1249 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1250 SSL_R_INCONSISTENT_COMPRESSION);
1251 goto f_err;
1252 }
1253#endif
1254
1255 /*
1256 * Given s->session->ciphers and SSL_get_ciphers, we must 1173 * Given s->session->ciphers and SSL_get_ciphers, we must
1257 * pick a cipher 1174 * pick a cipher
1258 */ 1175 */
1259 1176
1260 if (!s->hit) { 1177 if (!s->hit) {
1261#ifdef OPENSSL_NO_COMP
1262 s->session->compress_meth = 0;
1263#else
1264 s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
1265#endif
1266 if (s->session->ciphers != NULL) 1178 if (s->session->ciphers != NULL)
1267 sk_SSL_CIPHER_free(s->session->ciphers); 1179 sk_SSL_CIPHER_free(s->session->ciphers);
1268 s->session->ciphers = ciphers; 1180 s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
1405 p += i; 1317 p += i;
1406 1318
1407 /* put the compression method */ 1319 /* put the compression method */
1408#ifdef OPENSSL_NO_COMP
1409 *(p++) = 0; 1320 *(p++) = 0;
1410#else
1411 if (s->s3->tmp.new_compression == NULL)
1412 *(p++) = 0;
1413 else
1414 *(p++) = s->s3->tmp.new_compression->id;
1415#endif
1416 if (ssl_prepare_serverhello_tlsext(s) <= 0) { 1321 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1417 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, 1322 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1418 SSL_R_SERVERHELLO_TLSEXT); 1323 SSL_R_SERVERHELLO_TLSEXT);
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index b1eeb85c64..18218f4c61 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.58 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -145,9 +145,6 @@
145 145
146#include <openssl/opensslconf.h> 146#include <openssl/opensslconf.h>
147 147
148#ifndef OPENSSL_NO_COMP
149#include <openssl/comp.h>
150#endif
151#ifndef OPENSSL_NO_BIO 148#ifndef OPENSSL_NO_BIO
152#include <openssl/bio.h> 149#include <openssl/bio.h>
153#endif 150#endif
@@ -488,8 +485,6 @@ struct ssl_session_st {
488 time_t time; 485 time_t time;
489 int references; 486 int references;
490 487
491 unsigned int compress_meth; /* Need to lookup the method */
492
493 const SSL_CIPHER *cipher; 488 const SSL_CIPHER *cipher;
494 unsigned long cipher_id; /* when ASN.1 loaded, this 489 unsigned long cipher_id; /* when ASN.1 loaded, this
495 * needs to be used to load 490 * needs to be used to load
@@ -682,11 +677,6 @@ typedef struct ssl_comp_st SSL_COMP;
682struct ssl_comp_st { 677struct ssl_comp_st {
683 int id; 678 int id;
684 const char *name; 679 const char *name;
685#ifndef OPENSSL_NO_COMP
686 COMP_METHOD *method;
687#else
688 char *method;
689#endif
690}; 680};
691 681
692DECLARE_STACK_OF(SSL_COMP) 682DECLARE_STACK_OF(SSL_COMP)
@@ -1099,11 +1089,6 @@ struct ssl_st {
1099 1089
1100 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1090 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1101 EVP_MD_CTX *read_hash; /* used for mac generation */ 1091 EVP_MD_CTX *read_hash; /* used for mac generation */
1102#ifndef OPENSSL_NO_COMP
1103 COMP_CTX *expand; /* uncompress */
1104#else
1105 char *expand;
1106#endif
1107 1092
1108 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then 1093 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
1109 enc_write_ctx and write_hash are 1094 enc_write_ctx and write_hash are
@@ -1111,12 +1096,6 @@ struct ssl_st {
1111 1096
1112 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1097 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1113 EVP_MD_CTX *write_hash; /* used for mac generation */ 1098 EVP_MD_CTX *write_hash; /* used for mac generation */
1114#ifndef OPENSSL_NO_COMP
1115 COMP_CTX *compress; /* compression */
1116#else
1117 char *compress;
1118
1119#endif
1120 1099
1121 /* session info */ 1100 /* session info */
1122 1101
@@ -1836,20 +1815,6 @@ void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1836void SSL_set_tmp_ecdh_callback(SSL *ssl, 1815void SSL_set_tmp_ecdh_callback(SSL *ssl,
1837 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); 1816 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1838 1817
1839#ifndef OPENSSL_NO_COMP
1840const COMP_METHOD *SSL_get_current_compression(SSL *s);
1841const COMP_METHOD *SSL_get_current_expansion(SSL *s);
1842const char *SSL_COMP_get_name(const COMP_METHOD *comp);
1843STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
1844int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
1845#else
1846const void *SSL_get_current_compression(SSL *s);
1847const void *SSL_get_current_expansion(SSL *s);
1848const char *SSL_COMP_get_name(const void *comp);
1849void *SSL_COMP_get_compression_methods(void);
1850int SSL_COMP_add_compression_method(int id, void *cm);
1851#endif
1852
1853/* TLS extensions functions */ 1818/* TLS extensions functions */
1854int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 1819int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1855 1820
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 235c359af2..f956c50987 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.23 2014/06/13 11:52:03 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.24 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -117,9 +117,6 @@
117#ifndef HEADER_SSL3_H 117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H 118#define HEADER_SSL3_H
119 119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h> 120#include <openssl/buffer.h>
124#include <openssl/evp.h> 121#include <openssl/evp.h>
125#include <openssl/ssl.h> 122#include <openssl/ssl.h>
@@ -285,12 +282,7 @@ extern "C" {
285 282
286/* If compression isn't used don't include the compression overhead */ 283/* If compression isn't used don't include the compression overhead */
287 284
288#ifdef OPENSSL_NO_COMP
289#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 285#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
290#else
291#define SSL3_RT_MAX_COMPRESSED_LENGTH \
292 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
293#endif
294#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ 286#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
295 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) 287 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
296#define SSL3_RT_MAX_PACKET_SIZE \ 288#define SSL3_RT_MAX_PACKET_SIZE \
@@ -336,7 +328,6 @@ typedef struct ssl3_record_st {
336/*r */ unsigned int off; /* read/write offset into 'buf' */ 328/*r */ unsigned int off; /* read/write offset into 'buf' */
337/*rw*/ unsigned char *data; /* pointer to the record data */ 329/*rw*/ unsigned char *data; /* pointer to the record data */
338/*rw*/ unsigned char *input; /* where the decode bytes are */ 330/*rw*/ unsigned char *input; /* where the decode bytes are */
339/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
340/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ 331/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
341/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ 332/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
342} SSL3_RECORD; 333} SSL3_RECORD;
@@ -492,11 +483,6 @@ typedef struct ssl3_state_st {
492 const EVP_MD *new_hash; 483 const EVP_MD *new_hash;
493 int new_mac_pkey_type; 484 int new_mac_pkey_type;
494 int new_mac_secret_size; 485 int new_mac_secret_size;
495#ifndef OPENSSL_NO_COMP
496 const SSL_COMP *new_compression;
497#else
498 char *new_compression;
499#endif
500 int cert_request; 486 int cert_request;
501 } tmp; 487 } tmp;
502 488
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c
index 0518876ab4..ce051252f6 100644
--- a/src/lib/libssl/src/ssl/ssl_algs.c
+++ b/src/lib/libssl/src/ssl/ssl_algs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_algs.c,v 1.18 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_algs.c,v 1.19 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -112,12 +112,6 @@ SSL_library_init(void)
112 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); 112 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
113 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); 113 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
114 EVP_add_digest(EVP_ecdsa()); 114 EVP_add_digest(EVP_ecdsa());
115#ifndef OPENSSL_NO_COMP
116 /* This will initialise the built-in compression algorithms.
117 The value returned is a STACK_OF(SSL_COMP), but that can
118 be discarded safely */
119 (void)SSL_COMP_get_compression_methods();
120#endif
121 /* initialize cipher/digest methods table */ 115 /* initialize cipher/digest methods table */
122 ssl_load_ciphers(); 116 ssl_load_ciphers();
123 return (1); 117 return (1);
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 8594408898..43366b33b8 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_asn1.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_asn1.c,v 1.27 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -118,10 +118,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; 118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
119 int v6 = 0, v9 = 0, v10 = 0; 119 int v6 = 0, v9 = 0, v10 = 0;
120 unsigned char ibuf6[LSIZE2]; 120 unsigned char ibuf6[LSIZE2];
121#ifndef OPENSSL_NO_COMP
122 unsigned char cbuf;
123 int v11 = 0;
124#endif
125 long l; 121 long l;
126 SSL_SESSION_ASN1 a; 122 SSL_SESSION_ASN1 a;
127 M_ASN1_I2D_vars(in); 123 M_ASN1_I2D_vars(in);
@@ -155,14 +151,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
155 buf[0] = ((unsigned char)(l >> 8L))&0xff; 151 buf[0] = ((unsigned char)(l >> 8L))&0xff;
156 buf[1] = ((unsigned char)(l ))&0xff; 152 buf[1] = ((unsigned char)(l ))&0xff;
157 153
158#ifndef OPENSSL_NO_COMP
159 if (in->compress_meth) {
160 cbuf = (unsigned char)in->compress_meth;
161 a.comp_id.length = 1;
162 a.comp_id.type = V_ASN1_OCTET_STRING;
163 a.comp_id.data = &cbuf;
164 }
165#endif
166 154
167 a.master_key.length = in->master_key_length; 155 a.master_key.length = in->master_key_length;
168 a.master_key.type = V_ASN1_OCTET_STRING; 156 a.master_key.type = V_ASN1_OCTET_STRING;
@@ -248,10 +236,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
248 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 236 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
249 if (in->tlsext_hostname) 237 if (in->tlsext_hostname)
250 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); 238 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
251#ifndef OPENSSL_NO_COMP
252 if (in->compress_meth)
253 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
254#endif
255#ifndef OPENSSL_NO_PSK 239#ifndef OPENSSL_NO_PSK
256 if (in->psk_identity_hint) 240 if (in->psk_identity_hint)
257 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 241 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
@@ -288,10 +272,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
288 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 272 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
289 if (in->tlsext_tick) 273 if (in->tlsext_tick)
290 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 274 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
291#ifndef OPENSSL_NO_COMP
292 if (in->compress_meth)
293 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
294#endif
295 M_ASN1_I2D_finish(); 275 M_ASN1_I2D_finish();
296} 276}
297 277
@@ -480,16 +460,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
480 os.length = 0; 460 os.length = 0;
481 } else 461 } else
482 ret->tlsext_tick = NULL; 462 ret->tlsext_tick = NULL;
483#ifndef OPENSSL_NO_COMP
484 os.length = 0;
485 os.data = NULL;
486 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11);
487 if (os.data) {
488 ret->compress_meth = os.data[0];
489 free(os.data);
490 os.data = NULL;
491 }
492#endif
493 463
494 464
495 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); 465 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index d84e45764e..0ba66cc89f 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -142,9 +142,6 @@
142 142
143#include <stdio.h> 143#include <stdio.h>
144#include <openssl/objects.h> 144#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h>
147#endif
148#ifndef OPENSSL_NO_ENGINE 145#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h> 146#include <openssl/engine.h>
150#endif 147#endif
@@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
175#define SSL_COMP_ZLIB_IDX 1 172#define SSL_COMP_ZLIB_IDX 1
176#define SSL_COMP_NUM_IDX 2 173#define SSL_COMP_NUM_IDX 2
177 174
178static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
179
180#define SSL_MD_MD5_IDX 0 175#define SSL_MD_MD5_IDX 0
181#define SSL_MD_SHA1_IDX 1 176#define SSL_MD_SHA1_IDX 1
182#define SSL_MD_GOST94_IDX 2 177#define SSL_MD_GOST94_IDX 2
@@ -645,81 +640,14 @@ ssl_load_ciphers(void)
645 ssl_mac_secret_size[SSL_MD_SHA384_IDX]= 640 ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
646 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 641 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
647} 642}
648#ifndef OPENSSL_NO_COMP
649
650static int
651sk_comp_cmp(const SSL_COMP * const *a,
652 const SSL_COMP * const *b)
653{
654 return ((*a)->id - (*b)->id);
655}
656
657static void
658load_builtin_compressions(void)
659{
660 int got_write_lock = 0;
661
662 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
663 if (ssl_comp_methods == NULL) {
664 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
665 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
666 got_write_lock = 1;
667
668 if (ssl_comp_methods == NULL) {
669 SSL_COMP *comp = NULL;
670
671 ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
672 if (ssl_comp_methods != NULL) {
673 comp = malloc(sizeof(SSL_COMP));
674 if (comp != NULL) {
675 comp->method = COMP_zlib();
676 if (comp->method &&
677 comp->method->type == NID_undef)
678 free(comp);
679 else {
680 comp->id = SSL_COMP_ZLIB_IDX;
681 comp->name = comp->method->name;
682 sk_SSL_COMP_push(ssl_comp_methods, comp);
683 }
684 }
685 sk_SSL_COMP_sort(ssl_comp_methods);
686 }
687 }
688 }
689
690 if (got_write_lock)
691 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
692 else
693 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
694}
695#endif
696 643
697/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given 644/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
698 * session and returns 1. On error it returns 0. */ 645 * session and returns 1. On error it returns 0. */
699int 646int
700ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp) 647ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
701{ 648{
702 SSL_COMP ctmp;
703 int i;
704
705#ifndef OPENSSL_NO_COMP
706 load_builtin_compressions();
707#endif
708
709 *comp = NULL; 649 *comp = NULL;
710 if (s->compress_meth == 0) 650 return 1;
711 return 1;
712 if (ssl_comp_methods == NULL)
713 return 0;
714
715 ctmp.id = s->compress_meth;
716 i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
717 if (i >= 0) {
718 *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
719 return 1;
720 }
721
722 return 0;
723} 651}
724 652
725int 653int
@@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c)
1919{ 1847{
1920 return c->id; 1848 return c->id;
1921} 1849}
1922
1923SSL_COMP *
1924ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1925{
1926 SSL_COMP *ctmp;
1927 int i, nn;
1928
1929 if ((n == 0) || (sk == NULL))
1930 return (NULL);
1931 nn = sk_SSL_COMP_num(sk);
1932 for (i = 0; i < nn; i++) {
1933 ctmp = sk_SSL_COMP_value(sk, i);
1934 if (ctmp->id == n)
1935 return (ctmp);
1936 }
1937 return (NULL);
1938}
1939
1940#ifdef OPENSSL_NO_COMP
1941void *
1942SSL_COMP_get_compression_methods(void)
1943{
1944 return NULL;
1945}
1946
1947int
1948SSL_COMP_add_compression_method(int id, void *cm)
1949{
1950 return 1;
1951}
1952
1953const char *
1954SSL_COMP_get_name(const void *comp)
1955{
1956 return NULL;
1957}
1958#else
1959STACK_OF(SSL_COMP) *
1960SSL_COMP_get_compression_methods(void)
1961{
1962 load_builtin_compressions();
1963 return (ssl_comp_methods);
1964}
1965
1966int
1967SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1968{
1969 SSL_COMP *comp;
1970
1971 if (cm == NULL || cm->type == NID_undef)
1972 return 1;
1973
1974 /* According to draft-ietf-tls-compression-04.txt, the
1975 compression number ranges should be the following:
1976
1977 0 to 63: methods defined by the IETF
1978 64 to 192: external party methods assigned by IANA
1979 193 to 255: reserved for private use */
1980 if (id < 193 || id > 255) {
1981 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1982 SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1983 return 1;
1984 }
1985
1986 comp = malloc(sizeof(SSL_COMP));
1987 if (comp == NULL) {
1988 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1989 ERR_R_MALLOC_FAILURE);
1990 return (1);
1991 }
1992 comp->id = id;
1993 comp->method = cm;
1994 load_builtin_compressions();
1995 if (ssl_comp_methods &&
1996 sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
1997 free(comp);
1998 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1999 SSL_R_DUPLICATE_COMPRESSION_ID);
2000 return (1);
2001 } else if ((ssl_comp_methods == NULL) ||
2002 !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
2003 free(comp);
2004 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
2005 ERR_R_MALLOC_FAILURE);
2006 return (1);
2007 } else {
2008 return (0);
2009 }
2010}
2011
2012const char *
2013SSL_COMP_get_name(const COMP_METHOD *comp)
2014{
2015 if (comp)
2016 return comp->name;
2017 return NULL;
2018}
2019
2020#endif
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index a5f2f3f751..765012e861 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.71 2014/07/10 08:18:55 bcook Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.72 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1793,9 +1793,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1793 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1793 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1794 1794
1795 ret->extra_certs = NULL; 1795 ret->extra_certs = NULL;
1796 /* No compression for DTLS */
1797 if (meth->version != DTLS1_VERSION)
1798 ret->comp_methods = SSL_COMP_get_compression_methods();
1799 1796
1800 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1797 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1801 1798
@@ -2610,12 +2607,6 @@ ssl_clear_cipher_ctx(SSL *s)
2610 s->aead_write_ctx = NULL; 2607 s->aead_write_ctx = NULL;
2611 } 2608 }
2612 2609
2613#ifndef OPENSSL_NO_COMP
2614 COMP_CTX_free(s->expand);
2615 s->expand = NULL;
2616 COMP_CTX_free(s->compress);
2617 s->compress = NULL;
2618#endif
2619} 2610}
2620 2611
2621/* Fix this function so that it takes an optional type parameter */ 2612/* Fix this function so that it takes an optional type parameter */
@@ -2645,7 +2636,6 @@ SSL_get_current_cipher(const SSL *s)
2645 return (s->session->cipher); 2636 return (s->session->cipher);
2646 return (NULL); 2637 return (NULL);
2647} 2638}
2648#ifdef OPENSSL_NO_COMP
2649const void * 2639const void *
2650SSL_get_current_compression(SSL *s) 2640SSL_get_current_compression(SSL *s)
2651{ 2641{
@@ -2657,24 +2647,6 @@ SSL_get_current_expansion(SSL *s)
2657{ 2647{
2658 return (NULL); 2648 return (NULL);
2659} 2649}
2660#else
2661
2662const COMP_METHOD *
2663SSL_get_current_compression(SSL *s)
2664{
2665 if (s->compress != NULL)
2666 return (s->compress->meth);
2667 return (NULL);
2668}
2669
2670const COMP_METHOD *
2671SSL_get_current_expansion(SSL *s)
2672{
2673 if (s->expand != NULL)
2674 return (s->expand->meth);
2675 return (NULL);
2676}
2677#endif
2678 2650
2679int 2651int
2680ssl_init_wbio_buffer(SSL *s, int push) 2652ssl_init_wbio_buffer(SSL *s, int push)
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 2b3d1b8e44..b3bc4f4ae4 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.57 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -153,9 +153,6 @@
153 153
154#include <openssl/opensslconf.h> 154#include <openssl/opensslconf.h>
155#include <openssl/buffer.h> 155#include <openssl/buffer.h>
156#ifndef OPENSSL_NO_COMP
157#include <openssl/comp.h>
158#endif
159#include <openssl/bio.h> 156#include <openssl/bio.h>
160#include <openssl/stack.h> 157#include <openssl/stack.h>
161#include <openssl/rsa.h> 158#include <openssl/rsa.h>
@@ -547,15 +544,6 @@ struct ssl_aead_ctx_st {
547 char variable_nonce_in_record; 544 char variable_nonce_in_record;
548}; 545};
549 546
550#ifndef OPENSSL_NO_COMP
551/* Used for holding the relevant compression methods loaded into SSL_CTX */
552typedef struct ssl3_comp_st {
553 int comp_id; /* The identifier byte for this compression type */
554 char *name; /* Text name used for the compression type */
555 COMP_METHOD *method; /* The method :-) */
556} SSL3_COMP;
557#endif
558
559extern SSL3_ENC_METHOD ssl3_undef_enc_method; 547extern SSL3_ENC_METHOD ssl3_undef_enc_method;
560extern SSL_CIPHER ssl3_ciphers[]; 548extern SSL_CIPHER ssl3_ciphers[];
561 549
@@ -685,8 +673,6 @@ long tls1_default_timeout(void);
685int dtls1_do_write(SSL *s, int type); 673int dtls1_do_write(SSL *s, int type);
686int ssl3_read_n(SSL *s, int n, int max, int extend); 674int ssl3_read_n(SSL *s, int n, int max, int extend);
687int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 675int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
688int ssl3_do_compress(SSL *ssl);
689int ssl3_do_uncompress(SSL *ssl);
690int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 676int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
691 unsigned int len); 677 unsigned int len);
692unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, 678unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 7932f20151..b3dd3e6117 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.35 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -207,7 +207,6 @@ SSL_SESSION_new(void)
207 ss->time = time(NULL); 207 ss->time = time(NULL);
208 ss->prev = NULL; 208 ss->prev = NULL;
209 ss->next = NULL; 209 ss->next = NULL;
210 ss->compress_meth = 0;
211 ss->tlsext_hostname = NULL; 210 ss->tlsext_hostname = NULL;
212 211
213 ss->tlsext_ecpointformatlist_length = 0; 212 ss->tlsext_ecpointformatlist_length = 0;
@@ -233,7 +232,7 @@ SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
233unsigned int 232unsigned int
234SSL_SESSION_get_compress_id(const SSL_SESSION *s) 233SSL_SESSION_get_compress_id(const SSL_SESSION *s)
235{ 234{
236 return s->compress_meth; 235 return 0;
237} 236}
238 237
239/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 238/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c
index c06e2d23b7..25f2290290 100644
--- a/src/lib/libssl/src/ssl/ssl_txt.c
+++ b/src/lib/libssl/src/ssl/ssl_txt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_txt.c,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_txt.c,v 1.22 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -182,22 +182,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
182 goto err; 182 goto err;
183 } 183 }
184 184
185#ifndef OPENSSL_NO_COMP
186 if (x->compress_meth != 0) {
187 SSL_COMP *comp = NULL;
188
189 if (!ssl_cipher_get_comp(x, &comp))
190 goto err;
191
192 if (comp == NULL) {
193 if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0)
194 goto err;
195 } else {
196 if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0)
197 goto err;
198 }
199 }
200#endif
201 if (x->time != 0) { 185 if (x->time != 0) {
202 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) 186 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
203 goto err; 187 goto err;
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 26d98522d0..cccf17eab5 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.66 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -137,9 +137,6 @@
137 137
138#include <stdio.h> 138#include <stdio.h>
139#include "ssl_locl.h" 139#include "ssl_locl.h"
140#ifndef OPENSSL_NO_COMP
141#include <openssl/comp.h>
142#endif
143#include <openssl/evp.h> 140#include <openssl/evp.h>
144#include <openssl/hmac.h> 141#include <openssl/hmac.h>
145#include <openssl/md5.h> 142#include <openssl/md5.h>
@@ -470,9 +467,6 @@ tls1_change_cipher_state(SSL *s, int which)
470 const EVP_AEAD *aead; 467 const EVP_AEAD *aead;
471 char is_read, use_client_keys; 468 char is_read, use_client_keys;
472 469
473#ifndef OPENSSL_NO_COMP
474 const SSL_COMP *comp;
475#endif
476 470
477 cipher = s->s3->tmp.new_sym_enc; 471 cipher = s->s3->tmp.new_sym_enc;
478 aead = s->s3->tmp.new_aead; 472 aead = s->s3->tmp.new_aead;
@@ -492,41 +486,6 @@ tls1_change_cipher_state(SSL *s, int which)
492 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 486 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
493 (which == SSL3_CHANGE_CIPHER_SERVER_READ)); 487 (which == SSL3_CHANGE_CIPHER_SERVER_READ));
494 488
495#ifndef OPENSSL_NO_COMP
496 comp = s->s3->tmp.new_compression;
497 if (is_read) {
498 if (s->expand != NULL) {
499 COMP_CTX_free(s->expand);
500 s->expand = NULL;
501 }
502 if (comp != NULL) {
503 s->expand = COMP_CTX_new(comp->method);
504 if (s->expand == NULL) {
505 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
506 SSL_R_COMPRESSION_LIBRARY_ERROR);
507 goto err2;
508 }
509 if (s->s3->rrec.comp == NULL)
510 s->s3->rrec.comp =
511 malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
512 if (s->s3->rrec.comp == NULL)
513 goto err;
514 }
515 } else {
516 if (s->compress != NULL) {
517 COMP_CTX_free(s->compress);
518 s->compress = NULL;
519 }
520 if (comp != NULL) {
521 s->compress = COMP_CTX_new(comp->method);
522 if (s->compress == NULL) {
523 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
524 SSL_R_COMPRESSION_LIBRARY_ERROR);
525 goto err2;
526 }
527 }
528 }
529#endif
530 489
531 /* 490 /*
532 * Reset sequence number to zero - for DTLS this is handled in 491 * Reset sequence number to zero - for DTLS this is handled in
@@ -596,8 +555,6 @@ tls1_change_cipher_state(SSL *s, int which)
596 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys, 555 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
597 mac_secret, mac_secret_size, key, key_len, iv, iv_len); 556 mac_secret, mac_secret_size, key, key_len, iv, iv_len);
598 557
599err:
600 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
601err2: 558err2:
602 return (0); 559 return (0);
603} 560}
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index b1eeb85c64..18218f4c61 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl.h,v 1.57 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: ssl.h,v 1.58 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -145,9 +145,6 @@
145 145
146#include <openssl/opensslconf.h> 146#include <openssl/opensslconf.h>
147 147
148#ifndef OPENSSL_NO_COMP
149#include <openssl/comp.h>
150#endif
151#ifndef OPENSSL_NO_BIO 148#ifndef OPENSSL_NO_BIO
152#include <openssl/bio.h> 149#include <openssl/bio.h>
153#endif 150#endif
@@ -488,8 +485,6 @@ struct ssl_session_st {
488 time_t time; 485 time_t time;
489 int references; 486 int references;
490 487
491 unsigned int compress_meth; /* Need to lookup the method */
492
493 const SSL_CIPHER *cipher; 488 const SSL_CIPHER *cipher;
494 unsigned long cipher_id; /* when ASN.1 loaded, this 489 unsigned long cipher_id; /* when ASN.1 loaded, this
495 * needs to be used to load 490 * needs to be used to load
@@ -682,11 +677,6 @@ typedef struct ssl_comp_st SSL_COMP;
682struct ssl_comp_st { 677struct ssl_comp_st {
683 int id; 678 int id;
684 const char *name; 679 const char *name;
685#ifndef OPENSSL_NO_COMP
686 COMP_METHOD *method;
687#else
688 char *method;
689#endif
690}; 680};
691 681
692DECLARE_STACK_OF(SSL_COMP) 682DECLARE_STACK_OF(SSL_COMP)
@@ -1099,11 +1089,6 @@ struct ssl_st {
1099 1089
1100 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1090 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1101 EVP_MD_CTX *read_hash; /* used for mac generation */ 1091 EVP_MD_CTX *read_hash; /* used for mac generation */
1102#ifndef OPENSSL_NO_COMP
1103 COMP_CTX *expand; /* uncompress */
1104#else
1105 char *expand;
1106#endif
1107 1092
1108 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then 1093 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
1109 enc_write_ctx and write_hash are 1094 enc_write_ctx and write_hash are
@@ -1111,12 +1096,6 @@ struct ssl_st {
1111 1096
1112 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1097 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1113 EVP_MD_CTX *write_hash; /* used for mac generation */ 1098 EVP_MD_CTX *write_hash; /* used for mac generation */
1114#ifndef OPENSSL_NO_COMP
1115 COMP_CTX *compress; /* compression */
1116#else
1117 char *compress;
1118
1119#endif
1120 1099
1121 /* session info */ 1100 /* session info */
1122 1101
@@ -1836,20 +1815,6 @@ void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1836void SSL_set_tmp_ecdh_callback(SSL *ssl, 1815void SSL_set_tmp_ecdh_callback(SSL *ssl,
1837 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); 1816 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1838 1817
1839#ifndef OPENSSL_NO_COMP
1840const COMP_METHOD *SSL_get_current_compression(SSL *s);
1841const COMP_METHOD *SSL_get_current_expansion(SSL *s);
1842const char *SSL_COMP_get_name(const COMP_METHOD *comp);
1843STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
1844int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
1845#else
1846const void *SSL_get_current_compression(SSL *s);
1847const void *SSL_get_current_expansion(SSL *s);
1848const char *SSL_COMP_get_name(const void *comp);
1849void *SSL_COMP_get_compression_methods(void);
1850int SSL_COMP_add_compression_method(int id, void *cm);
1851#endif
1852
1853/* TLS extensions functions */ 1818/* TLS extensions functions */
1854int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 1819int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1855 1820
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 235c359af2..f956c50987 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl3.h,v 1.23 2014/06/13 11:52:03 jsing Exp $ */ 1/* $OpenBSD: ssl3.h,v 1.24 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -117,9 +117,6 @@
117#ifndef HEADER_SSL3_H 117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H 118#define HEADER_SSL3_H
119 119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h> 120#include <openssl/buffer.h>
124#include <openssl/evp.h> 121#include <openssl/evp.h>
125#include <openssl/ssl.h> 122#include <openssl/ssl.h>
@@ -285,12 +282,7 @@ extern "C" {
285 282
286/* If compression isn't used don't include the compression overhead */ 283/* If compression isn't used don't include the compression overhead */
287 284
288#ifdef OPENSSL_NO_COMP
289#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 285#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
290#else
291#define SSL3_RT_MAX_COMPRESSED_LENGTH \
292 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
293#endif
294#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ 286#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
295 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) 287 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
296#define SSL3_RT_MAX_PACKET_SIZE \ 288#define SSL3_RT_MAX_PACKET_SIZE \
@@ -336,7 +328,6 @@ typedef struct ssl3_record_st {
336/*r */ unsigned int off; /* read/write offset into 'buf' */ 328/*r */ unsigned int off; /* read/write offset into 'buf' */
337/*rw*/ unsigned char *data; /* pointer to the record data */ 329/*rw*/ unsigned char *data; /* pointer to the record data */
338/*rw*/ unsigned char *input; /* where the decode bytes are */ 330/*rw*/ unsigned char *input; /* where the decode bytes are */
339/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
340/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ 331/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
341/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ 332/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
342} SSL3_RECORD; 333} SSL3_RECORD;
@@ -492,11 +483,6 @@ typedef struct ssl3_state_st {
492 const EVP_MD *new_hash; 483 const EVP_MD *new_hash;
493 int new_mac_pkey_type; 484 int new_mac_pkey_type;
494 int new_mac_secret_size; 485 int new_mac_secret_size;
495#ifndef OPENSSL_NO_COMP
496 const SSL_COMP *new_compression;
497#else
498 char *new_compression;
499#endif
500 int cert_request; 486 int cert_request;
501 } tmp; 487 } tmp;
502 488
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index 0518876ab4..ce051252f6 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_algs.c,v 1.18 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_algs.c,v 1.19 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -112,12 +112,6 @@ SSL_library_init(void)
112 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); 112 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
113 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); 113 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
114 EVP_add_digest(EVP_ecdsa()); 114 EVP_add_digest(EVP_ecdsa());
115#ifndef OPENSSL_NO_COMP
116 /* This will initialise the built-in compression algorithms.
117 The value returned is a STACK_OF(SSL_COMP), but that can
118 be discarded safely */
119 (void)SSL_COMP_get_compression_methods();
120#endif
121 /* initialize cipher/digest methods table */ 115 /* initialize cipher/digest methods table */
122 ssl_load_ciphers(); 116 ssl_load_ciphers();
123 return (1); 117 return (1);
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 8594408898..43366b33b8 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_asn1.c,v 1.26 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_asn1.c,v 1.27 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -118,10 +118,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; 118 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
119 int v6 = 0, v9 = 0, v10 = 0; 119 int v6 = 0, v9 = 0, v10 = 0;
120 unsigned char ibuf6[LSIZE2]; 120 unsigned char ibuf6[LSIZE2];
121#ifndef OPENSSL_NO_COMP
122 unsigned char cbuf;
123 int v11 = 0;
124#endif
125 long l; 121 long l;
126 SSL_SESSION_ASN1 a; 122 SSL_SESSION_ASN1 a;
127 M_ASN1_I2D_vars(in); 123 M_ASN1_I2D_vars(in);
@@ -155,14 +151,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
155 buf[0] = ((unsigned char)(l >> 8L))&0xff; 151 buf[0] = ((unsigned char)(l >> 8L))&0xff;
156 buf[1] = ((unsigned char)(l ))&0xff; 152 buf[1] = ((unsigned char)(l ))&0xff;
157 153
158#ifndef OPENSSL_NO_COMP
159 if (in->compress_meth) {
160 cbuf = (unsigned char)in->compress_meth;
161 a.comp_id.length = 1;
162 a.comp_id.type = V_ASN1_OCTET_STRING;
163 a.comp_id.data = &cbuf;
164 }
165#endif
166 154
167 a.master_key.length = in->master_key_length; 155 a.master_key.length = in->master_key_length;
168 a.master_key.type = V_ASN1_OCTET_STRING; 156 a.master_key.type = V_ASN1_OCTET_STRING;
@@ -248,10 +236,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
248 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 236 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
249 if (in->tlsext_hostname) 237 if (in->tlsext_hostname)
250 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); 238 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
251#ifndef OPENSSL_NO_COMP
252 if (in->compress_meth)
253 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
254#endif
255#ifndef OPENSSL_NO_PSK 239#ifndef OPENSSL_NO_PSK
256 if (in->psk_identity_hint) 240 if (in->psk_identity_hint)
257 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); 241 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7);
@@ -288,10 +272,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
288 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); 272 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
289 if (in->tlsext_tick) 273 if (in->tlsext_tick)
290 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); 274 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
291#ifndef OPENSSL_NO_COMP
292 if (in->compress_meth)
293 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
294#endif
295 M_ASN1_I2D_finish(); 275 M_ASN1_I2D_finish();
296} 276}
297 277
@@ -480,16 +460,6 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
480 os.length = 0; 460 os.length = 0;
481 } else 461 } else
482 ret->tlsext_tick = NULL; 462 ret->tlsext_tick = NULL;
483#ifndef OPENSSL_NO_COMP
484 os.length = 0;
485 os.data = NULL;
486 M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11);
487 if (os.data) {
488 ret->compress_meth = os.data[0];
489 free(os.data);
490 os.data = NULL;
491 }
492#endif
493 463
494 464
495 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); 465 M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index d84e45764e..0ba66cc89f 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */ 1/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -142,9 +142,6 @@
142 142
143#include <stdio.h> 143#include <stdio.h>
144#include <openssl/objects.h> 144#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h>
147#endif
148#ifndef OPENSSL_NO_ENGINE 145#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h> 146#include <openssl/engine.h>
150#endif 147#endif
@@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
175#define SSL_COMP_ZLIB_IDX 1 172#define SSL_COMP_ZLIB_IDX 1
176#define SSL_COMP_NUM_IDX 2 173#define SSL_COMP_NUM_IDX 2
177 174
178static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
179
180#define SSL_MD_MD5_IDX 0 175#define SSL_MD_MD5_IDX 0
181#define SSL_MD_SHA1_IDX 1 176#define SSL_MD_SHA1_IDX 1
182#define SSL_MD_GOST94_IDX 2 177#define SSL_MD_GOST94_IDX 2
@@ -645,81 +640,14 @@ ssl_load_ciphers(void)
645 ssl_mac_secret_size[SSL_MD_SHA384_IDX]= 640 ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
646 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); 641 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
647} 642}
648#ifndef OPENSSL_NO_COMP
649
650static int
651sk_comp_cmp(const SSL_COMP * const *a,
652 const SSL_COMP * const *b)
653{
654 return ((*a)->id - (*b)->id);
655}
656
657static void
658load_builtin_compressions(void)
659{
660 int got_write_lock = 0;
661
662 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
663 if (ssl_comp_methods == NULL) {
664 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
665 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
666 got_write_lock = 1;
667
668 if (ssl_comp_methods == NULL) {
669 SSL_COMP *comp = NULL;
670
671 ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
672 if (ssl_comp_methods != NULL) {
673 comp = malloc(sizeof(SSL_COMP));
674 if (comp != NULL) {
675 comp->method = COMP_zlib();
676 if (comp->method &&
677 comp->method->type == NID_undef)
678 free(comp);
679 else {
680 comp->id = SSL_COMP_ZLIB_IDX;
681 comp->name = comp->method->name;
682 sk_SSL_COMP_push(ssl_comp_methods, comp);
683 }
684 }
685 sk_SSL_COMP_sort(ssl_comp_methods);
686 }
687 }
688 }
689
690 if (got_write_lock)
691 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
692 else
693 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
694}
695#endif
696 643
697/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given 644/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
698 * session and returns 1. On error it returns 0. */ 645 * session and returns 1. On error it returns 0. */
699int 646int
700ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp) 647ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
701{ 648{
702 SSL_COMP ctmp;
703 int i;
704
705#ifndef OPENSSL_NO_COMP
706 load_builtin_compressions();
707#endif
708
709 *comp = NULL; 649 *comp = NULL;
710 if (s->compress_meth == 0) 650 return 1;
711 return 1;
712 if (ssl_comp_methods == NULL)
713 return 0;
714
715 ctmp.id = s->compress_meth;
716 i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
717 if (i >= 0) {
718 *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
719 return 1;
720 }
721
722 return 0;
723} 651}
724 652
725int 653int
@@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c)
1919{ 1847{
1920 return c->id; 1848 return c->id;
1921} 1849}
1922
1923SSL_COMP *
1924ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1925{
1926 SSL_COMP *ctmp;
1927 int i, nn;
1928
1929 if ((n == 0) || (sk == NULL))
1930 return (NULL);
1931 nn = sk_SSL_COMP_num(sk);
1932 for (i = 0; i < nn; i++) {
1933 ctmp = sk_SSL_COMP_value(sk, i);
1934 if (ctmp->id == n)
1935 return (ctmp);
1936 }
1937 return (NULL);
1938}
1939
1940#ifdef OPENSSL_NO_COMP
1941void *
1942SSL_COMP_get_compression_methods(void)
1943{
1944 return NULL;
1945}
1946
1947int
1948SSL_COMP_add_compression_method(int id, void *cm)
1949{
1950 return 1;
1951}
1952
1953const char *
1954SSL_COMP_get_name(const void *comp)
1955{
1956 return NULL;
1957}
1958#else
1959STACK_OF(SSL_COMP) *
1960SSL_COMP_get_compression_methods(void)
1961{
1962 load_builtin_compressions();
1963 return (ssl_comp_methods);
1964}
1965
1966int
1967SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1968{
1969 SSL_COMP *comp;
1970
1971 if (cm == NULL || cm->type == NID_undef)
1972 return 1;
1973
1974 /* According to draft-ietf-tls-compression-04.txt, the
1975 compression number ranges should be the following:
1976
1977 0 to 63: methods defined by the IETF
1978 64 to 192: external party methods assigned by IANA
1979 193 to 255: reserved for private use */
1980 if (id < 193 || id > 255) {
1981 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1982 SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1983 return 1;
1984 }
1985
1986 comp = malloc(sizeof(SSL_COMP));
1987 if (comp == NULL) {
1988 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1989 ERR_R_MALLOC_FAILURE);
1990 return (1);
1991 }
1992 comp->id = id;
1993 comp->method = cm;
1994 load_builtin_compressions();
1995 if (ssl_comp_methods &&
1996 sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
1997 free(comp);
1998 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1999 SSL_R_DUPLICATE_COMPRESSION_ID);
2000 return (1);
2001 } else if ((ssl_comp_methods == NULL) ||
2002 !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
2003 free(comp);
2004 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
2005 ERR_R_MALLOC_FAILURE);
2006 return (1);
2007 } else {
2008 return (0);
2009 }
2010}
2011
2012const char *
2013SSL_COMP_get_name(const COMP_METHOD *comp)
2014{
2015 if (comp)
2016 return comp->name;
2017 return NULL;
2018}
2019
2020#endif
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index a5f2f3f751..765012e861 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.71 2014/07/10 08:18:55 bcook Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.72 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1793,9 +1793,6 @@ SSL_CTX_new(const SSL_METHOD *meth)
1793 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); 1793 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1794 1794
1795 ret->extra_certs = NULL; 1795 ret->extra_certs = NULL;
1796 /* No compression for DTLS */
1797 if (meth->version != DTLS1_VERSION)
1798 ret->comp_methods = SSL_COMP_get_compression_methods();
1799 1796
1800 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; 1797 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1801 1798
@@ -2610,12 +2607,6 @@ ssl_clear_cipher_ctx(SSL *s)
2610 s->aead_write_ctx = NULL; 2607 s->aead_write_ctx = NULL;
2611 } 2608 }
2612 2609
2613#ifndef OPENSSL_NO_COMP
2614 COMP_CTX_free(s->expand);
2615 s->expand = NULL;
2616 COMP_CTX_free(s->compress);
2617 s->compress = NULL;
2618#endif
2619} 2610}
2620 2611
2621/* Fix this function so that it takes an optional type parameter */ 2612/* Fix this function so that it takes an optional type parameter */
@@ -2645,7 +2636,6 @@ SSL_get_current_cipher(const SSL *s)
2645 return (s->session->cipher); 2636 return (s->session->cipher);
2646 return (NULL); 2637 return (NULL);
2647} 2638}
2648#ifdef OPENSSL_NO_COMP
2649const void * 2639const void *
2650SSL_get_current_compression(SSL *s) 2640SSL_get_current_compression(SSL *s)
2651{ 2641{
@@ -2657,24 +2647,6 @@ SSL_get_current_expansion(SSL *s)
2657{ 2647{
2658 return (NULL); 2648 return (NULL);
2659} 2649}
2660#else
2661
2662const COMP_METHOD *
2663SSL_get_current_compression(SSL *s)
2664{
2665 if (s->compress != NULL)
2666 return (s->compress->meth);
2667 return (NULL);
2668}
2669
2670const COMP_METHOD *
2671SSL_get_current_expansion(SSL *s)
2672{
2673 if (s->expand != NULL)
2674 return (s->expand->meth);
2675 return (NULL);
2676}
2677#endif
2678 2650
2679int 2651int
2680ssl_init_wbio_buffer(SSL *s, int push) 2652ssl_init_wbio_buffer(SSL *s, int push)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 2b3d1b8e44..b3bc4f4ae4 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.56 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.57 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -153,9 +153,6 @@
153 153
154#include <openssl/opensslconf.h> 154#include <openssl/opensslconf.h>
155#include <openssl/buffer.h> 155#include <openssl/buffer.h>
156#ifndef OPENSSL_NO_COMP
157#include <openssl/comp.h>
158#endif
159#include <openssl/bio.h> 156#include <openssl/bio.h>
160#include <openssl/stack.h> 157#include <openssl/stack.h>
161#include <openssl/rsa.h> 158#include <openssl/rsa.h>
@@ -547,15 +544,6 @@ struct ssl_aead_ctx_st {
547 char variable_nonce_in_record; 544 char variable_nonce_in_record;
548}; 545};
549 546
550#ifndef OPENSSL_NO_COMP
551/* Used for holding the relevant compression methods loaded into SSL_CTX */
552typedef struct ssl3_comp_st {
553 int comp_id; /* The identifier byte for this compression type */
554 char *name; /* Text name used for the compression type */
555 COMP_METHOD *method; /* The method :-) */
556} SSL3_COMP;
557#endif
558
559extern SSL3_ENC_METHOD ssl3_undef_enc_method; 547extern SSL3_ENC_METHOD ssl3_undef_enc_method;
560extern SSL_CIPHER ssl3_ciphers[]; 548extern SSL_CIPHER ssl3_ciphers[];
561 549
@@ -685,8 +673,6 @@ long tls1_default_timeout(void);
685int dtls1_do_write(SSL *s, int type); 673int dtls1_do_write(SSL *s, int type);
686int ssl3_read_n(SSL *s, int n, int max, int extend); 674int ssl3_read_n(SSL *s, int n, int max, int extend);
687int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 675int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
688int ssl3_do_compress(SSL *ssl);
689int ssl3_do_uncompress(SSL *ssl);
690int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 676int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
691 unsigned int len); 677 unsigned int len);
692unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, 678unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 7932f20151..b3dd3e6117 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.35 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -207,7 +207,6 @@ SSL_SESSION_new(void)
207 ss->time = time(NULL); 207 ss->time = time(NULL);
208 ss->prev = NULL; 208 ss->prev = NULL;
209 ss->next = NULL; 209 ss->next = NULL;
210 ss->compress_meth = 0;
211 ss->tlsext_hostname = NULL; 210 ss->tlsext_hostname = NULL;
212 211
213 ss->tlsext_ecpointformatlist_length = 0; 212 ss->tlsext_ecpointformatlist_length = 0;
@@ -233,7 +232,7 @@ SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
233unsigned int 232unsigned int
234SSL_SESSION_get_compress_id(const SSL_SESSION *s) 233SSL_SESSION_get_compress_id(const SSL_SESSION *s)
235{ 234{
236 return s->compress_meth; 235 return 0;
237} 236}
238 237
239/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 238/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index c06e2d23b7..25f2290290 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_txt.c,v 1.21 2014/06/12 15:49:31 deraadt Exp $ */ 1/* $OpenBSD: ssl_txt.c,v 1.22 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -182,22 +182,6 @@ SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
182 goto err; 182 goto err;
183 } 183 }
184 184
185#ifndef OPENSSL_NO_COMP
186 if (x->compress_meth != 0) {
187 SSL_COMP *comp = NULL;
188
189 if (!ssl_cipher_get_comp(x, &comp))
190 goto err;
191
192 if (comp == NULL) {
193 if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0)
194 goto err;
195 } else {
196 if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0)
197 goto err;
198 }
199 }
200#endif
201 if (x->time != 0) { 185 if (x->time != 0) {
202 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) 186 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
203 goto err; 187 goto err;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 26d98522d0..cccf17eab5 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: t1_enc.c,v 1.65 2014/07/09 11:25:42 jsing Exp $ */ 1/* $OpenBSD: t1_enc.c,v 1.66 2014/07/10 08:51:15 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -137,9 +137,6 @@
137 137
138#include <stdio.h> 138#include <stdio.h>
139#include "ssl_locl.h" 139#include "ssl_locl.h"
140#ifndef OPENSSL_NO_COMP
141#include <openssl/comp.h>
142#endif
143#include <openssl/evp.h> 140#include <openssl/evp.h>
144#include <openssl/hmac.h> 141#include <openssl/hmac.h>
145#include <openssl/md5.h> 142#include <openssl/md5.h>
@@ -470,9 +467,6 @@ tls1_change_cipher_state(SSL *s, int which)
470 const EVP_AEAD *aead; 467 const EVP_AEAD *aead;
471 char is_read, use_client_keys; 468 char is_read, use_client_keys;
472 469
473#ifndef OPENSSL_NO_COMP
474 const SSL_COMP *comp;
475#endif
476 470
477 cipher = s->s3->tmp.new_sym_enc; 471 cipher = s->s3->tmp.new_sym_enc;
478 aead = s->s3->tmp.new_aead; 472 aead = s->s3->tmp.new_aead;
@@ -492,41 +486,6 @@ tls1_change_cipher_state(SSL *s, int which)
492 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 486 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
493 (which == SSL3_CHANGE_CIPHER_SERVER_READ)); 487 (which == SSL3_CHANGE_CIPHER_SERVER_READ));
494 488
495#ifndef OPENSSL_NO_COMP
496 comp = s->s3->tmp.new_compression;
497 if (is_read) {
498 if (s->expand != NULL) {
499 COMP_CTX_free(s->expand);
500 s->expand = NULL;
501 }
502 if (comp != NULL) {
503 s->expand = COMP_CTX_new(comp->method);
504 if (s->expand == NULL) {
505 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
506 SSL_R_COMPRESSION_LIBRARY_ERROR);
507 goto err2;
508 }
509 if (s->s3->rrec.comp == NULL)
510 s->s3->rrec.comp =
511 malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
512 if (s->s3->rrec.comp == NULL)
513 goto err;
514 }
515 } else {
516 if (s->compress != NULL) {
517 COMP_CTX_free(s->compress);
518 s->compress = NULL;
519 }
520 if (comp != NULL) {
521 s->compress = COMP_CTX_new(comp->method);
522 if (s->compress == NULL) {
523 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
524 SSL_R_COMPRESSION_LIBRARY_ERROR);
525 goto err2;
526 }
527 }
528 }
529#endif
530 489
531 /* 490 /*
532 * Reset sequence number to zero - for DTLS this is handled in 491 * Reset sequence number to zero - for DTLS this is handled in
@@ -596,8 +555,6 @@ tls1_change_cipher_state(SSL *s, int which)
596 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys, 555 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
597 mac_secret, mac_secret_size, key, key_len, iv, iv_len); 556 mac_secret, mac_secret_size, key, key_len, iv, iv_len);
598 557
599err:
600 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
601err2: 558err2:
602 return (0); 559 return (0);
603} 560}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 21:08:05 +0000