decompress libssl. ok beck jsing

author: tedu <> 2014-07-10 08:51:15 +0000
committer: tedu <> 2014-07-10 08:51:15 +0000
commit: 7fa0fcaa4570540c46d2430a269ae2e95aaa258e (patch)
tree: 10d3c4ab8299021b37a17232dc3493cb7fc5dd87 /src/lib/libssl/s3_clnt.c
parent: 4edb6fce921fd3bc18b713f5802551bacc02cf8a (diff)
download: openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.gz
openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.bz2
openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.zip
1 files changed, 2 insertions, 70 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 61de494244..079544da84 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -472,15 +472,6 @@ ssl3_connect(SSL *s)
                        s->init_num = 0;
                        s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-                        s->session->compress_meth = 0;
-#else
-                        if (s->s3->tmp.new_compression == NULL)
-                                s->session->compress_meth = 0;
-                        else
-                                s->session->compress_meth =
-                                    s->s3->tmp.new_compression->id;
-#endif
                        if (!s->method->ssl3_enc->setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s)
        unsigned char   *p, *d;
        int              i;
        unsigned long    l;
-#ifndef OPENSSL_NO_COMP
-        int              j;
-        SSL_COMP         *comp;
-#endif
        buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s)
                s2n(i, p);
                p += i;
-                /* COMPRESSION */
+                /* add in (no) COMPRESSION */
-#ifdef OPENSSL_NO_COMP
                *(p++) = 1;
-#else
-                if ((s->options & SSL_OP_NO_COMPRESSION) ||
-                    !s->ctx->comp_methods)
-                        j = 0;
-                else
-                        j = sk_SSL_COMP_num(s->ctx->comp_methods);
-                *(p++) = 1 + j;
-                for (i = 0; i < j; i++) {
-                        comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-                        *(p++) = comp->id;
-                }
-#endif
                *(p++) = 0; /* Add the NULL method */
                /* TLS extensions*/
@@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s)
        int                      i, al, ok;
        unsigned int             j;
        long                     n;
-#ifndef OPENSSL_NO_COMP
-        SSL_COMP                *comp;
-#endif
        n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s)
        }
        /* lets get the compression algorithm */
        /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
        if (*(p++) != 0) {
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
                    SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
                goto f_err;
        }
-        /*
-         * If compression is disabled we'd better not try to resume a session
-         * using compression.
-         */
-        if (s->session->compress_meth != 0) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                    SSL_R_INCONSISTENT_COMPRESSION);
-                goto f_err;
-        }
-#else
-        j= *(p++);
-        if (s->hit && j != s->session->compress_meth) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                    SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
-                goto f_err;
-        }
-        if (j == 0)
-                comp = NULL;
-        else if (s->options & SSL_OP_NO_COMPRESSION) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                    SSL_R_COMPRESSION_DISABLED);
-                goto f_err;
-        } else
-                comp = ssl3_comp_find(s->ctx->comp_methods, j);
-        if ((j != 0) && (comp == NULL)) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                    SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-                goto f_err;
-        } else {
-                s->s3->tmp.new_compression = comp;
-        }
-#endif
        /* TLS extensions*/
        if (s->version >= SSL3_VERSION) {
author	tedu <>	2014-07-10 08:51:15 +0000
committer	tedu <>	2014-07-10 08:51:15 +0000
commit	7fa0fcaa4570540c46d2430a269ae2e95aaa258e (patch)
tree	10d3c4ab8299021b37a17232dc3493cb7fc5dd87 /src/lib/libssl/s3_clnt.c
parent	4edb6fce921fd3bc18b713f5802551bacc02cf8a (diff)
download	openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.gz openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.tar.bz2 openbsd-7fa0fcaa4570540c46d2430a269ae2e95aaa258e.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 61de494244..079544da84 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -472,15 +472,6 @@ ssl3_connect(SSL *s)
472	s->init_num = 0;	472	s->init_num = 0;
473		473
474	s->session->cipher = s->s3->tmp.new_cipher;	474	s->session->cipher = s->s3->tmp.new_cipher;
475	#ifdef OPENSSL_NO_COMP
476	s->session->compress_meth = 0;
477	#else
478	if (s->s3->tmp.new_compression == NULL)
479	s->session->compress_meth = 0;
480	else
481	s->session->compress_meth =
482	s->s3->tmp.new_compression->id;
483	#endif
484	if (!s->method->ssl3_enc->setup_key_block(s)) {	475	if (!s->method->ssl3_enc->setup_key_block(s)) {
485	ret = -1;	476	ret = -1;
486	goto end;	477	goto end;
@@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s)
656	unsigned char p, d;	647	unsigned char p, d;
657	int i;	648	int i;
658	unsigned long l;	649	unsigned long l;
659	#ifndef OPENSSL_NO_COMP
660	int j;
661	SSL_COMP *comp;
662	#endif
663		650
664	buf = (unsigned char *)s->init_buf->data;	651	buf = (unsigned char *)s->init_buf->data;
665	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {	652	if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
@@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s)
752	s2n(i, p);	739	s2n(i, p);
753	p += i;	740	p += i;
754		741
755	/* COMPRESSION */	742	/* add in (no) COMPRESSION */
756	#ifdef OPENSSL_NO_COMP
757	*(p++) = 1;	743	*(p++) = 1;
758	#else
759
760	if ((s->options & SSL_OP_NO_COMPRESSION) \|\|
761	!s->ctx->comp_methods)
762	j = 0;
763	else
764	j = sk_SSL_COMP_num(s->ctx->comp_methods);
765	*(p++) = 1 + j;
766	for (i = 0; i < j; i++) {
767	comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
768	*(p++) = comp->id;
769	}
770	#endif
771	(p++) = 0; / Add the NULL method */	744	(p++) = 0; / Add the NULL method */
772		745
773	/* TLS extensions*/	746	/* TLS extensions*/
@@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s)
809	int i, al, ok;	782	int i, al, ok;
810	unsigned int j;	783	unsigned int j;
811	long n;	784	long n;
812	#ifndef OPENSSL_NO_COMP
813	SSL_COMP *comp;
814	#endif
815		785
816	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,	786	n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
817	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);	787	SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
@@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s)
963	}	933	}
964	/* lets get the compression algorithm */	934	/* lets get the compression algorithm */
965	/* COMPRESSION */	935	/* COMPRESSION */
966	#ifdef OPENSSL_NO_COMP
967	if (*(p++) != 0) {	936	if (*(p++) != 0) {
968	al = SSL_AD_ILLEGAL_PARAMETER;	937	al = SSL_AD_ILLEGAL_PARAMETER;
969	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,	938	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
970	SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);	939	SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
971	goto f_err;	940	goto f_err;
972	}	941	}
973	/*
974	* If compression is disabled we'd better not try to resume a session
975	* using compression.
976	*/
977	if (s->session->compress_meth != 0) {
978	al = SSL_AD_INTERNAL_ERROR;
979	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
980	SSL_R_INCONSISTENT_COMPRESSION);
981	goto f_err;
982	}
983	#else
984	j= *(p++);
985	if (s->hit && j != s->session->compress_meth) {
986	al = SSL_AD_ILLEGAL_PARAMETER;
987	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
988	SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
989	goto f_err;
990	}
991	if (j == 0)
992	comp = NULL;
993	else if (s->options & SSL_OP_NO_COMPRESSION) {
994	al = SSL_AD_ILLEGAL_PARAMETER;
995	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
996	SSL_R_COMPRESSION_DISABLED);
997	goto f_err;
998	} else
999	comp = ssl3_comp_find(s->ctx->comp_methods, j);
1000
1001	if ((j != 0) && (comp == NULL)) {
1002	al = SSL_AD_ILLEGAL_PARAMETER;
1003	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
1004	SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1005	goto f_err;
1006	} else {
1007	s->s3->tmp.new_compression = comp;
1008	}
1009	#endif
1010		942
1011	/* TLS extensions*/	943	/* TLS extensions*/
1012	if (s->version >= SSL3_VERSION) {	944	if (s->version >= SSL3_VERSION) {