decompress libssl. ok beck jsing

author: tedu <> 2014-07-10 08:51:15 +0000
committer: tedu <> 2014-07-10 08:51:15 +0000
commit: 78de0a2c32aaba2455b28e3cb034f296c59c3179 (patch)
tree: 10d3c4ab8299021b37a17232dc3493cb7fc5dd87 /src/lib/libssl/s3_srvr.c
parent: 026ac0f99b4505d6ca98aff637a396038bd916d3 (diff)
download: openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.tar.gz
openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.tar.bz2
openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.zip
1 files changed, 1 insertions, 96 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index a3e62ea323..200b3b6bf2 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
        unsigned long id;
        unsigned char *p, *d, *q;
        SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-        SSL_COMP *comp = NULL;
-#endif
        STACK_OF(SSL_CIPHER) *ciphers = NULL;
        /*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
        }
        /*
-         * Worst case, we will use the NULL compression, but if we have other
-         * options, we will now look for them.  We have i-1 compression
-         * algorithms from the client, starting at q.
-         */
-        s->s3->tmp.new_compression = NULL;
-#ifndef OPENSSL_NO_COMP
-        /* This only happens if we have a cache hit */
-        if (s->session->compress_meth != 0) {
-                int m, comp_id = s->session->compress_meth;
-                /* Perform sanity checks on resumed compression algorithm */
-                /* Can't disable compression */
-                if (s->options & SSL_OP_NO_COMPRESSION) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                            SSL_R_INCONSISTENT_COMPRESSION);
-                        goto f_err;
-                }
-                /* Look for resumed compression method */
-                for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
-                        comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-                        if (comp_id == comp->id) {
-                                s->s3->tmp.new_compression = comp;
-                                break;
-                        }
-                }
-                if (s->s3->tmp.new_compression == NULL) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                            SSL_R_INVALID_COMPRESSION_ALGORITHM);
-                        goto f_err;
-                }
-                /* Look for resumed method in compression list */
-                for (m = 0; m < i; m++) {
-                        if (q[m] == comp_id)
-                                break;
-                }
-                if (m >= i) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                            SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
-                        goto f_err;
-                }
-        } else if (s->hit)
-                comp = NULL;
-        else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
-        { /* See if we have a match */
-                int m, nn, o, v, done = 0;
-                nn = sk_SSL_COMP_num(s->ctx->comp_methods);
-                for (m = 0; m < nn; m++) {
-                        comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-                        v = comp->id;
-                        for (o = 0; o < i; o++) {
-                                if (v == q[o]) {
-                                        done = 1;
-                                        break;
-                                }
-                        }
-                        if (done)
-                                break;
-                }
-                if (done)
-                        s->s3->tmp.new_compression = comp;
-                else
-                        comp = NULL;
-        }
-#else
-        /*
-         * If compression is disabled we'd better not try to resume a session
-         * using compression.
-         */
-        if (s->session->compress_meth != 0) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                    SSL_R_INCONSISTENT_COMPRESSION);
-                goto f_err;
-        }
-#endif
-        /*
         * Given s->session->ciphers and SSL_get_ciphers, we must
         * pick a cipher
         */
        if (!s->hit) {
-#ifdef OPENSSL_NO_COMP
-                s->session->compress_meth = 0;
-#else
-                s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
-#endif
                if (s->session->ciphers != NULL)
                        sk_SSL_CIPHER_free(s->session->ciphers);
                s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
                p += i;
                /* put the compression method */
-#ifdef OPENSSL_NO_COMP
                *(p++) = 0;
-#else
-                if (s->s3->tmp.new_compression == NULL)
-                        *(p++) = 0;
-                else
-                        *(p++) = s->s3->tmp.new_compression->id;
-#endif
                if (ssl_prepare_serverhello_tlsext(s) <= 0) {
                        SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
                            SSL_R_SERVERHELLO_TLSEXT);
author	tedu <>	2014-07-10 08:51:15 +0000
committer	tedu <>	2014-07-10 08:51:15 +0000
commit	78de0a2c32aaba2455b28e3cb034f296c59c3179 (patch)
tree	10d3c4ab8299021b37a17232dc3493cb7fc5dd87 /src/lib/libssl/s3_srvr.c
parent	026ac0f99b4505d6ca98aff637a396038bd916d3 (diff)
download	openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.tar.gz openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.tar.bz2 openbsd-78de0a2c32aaba2455b28e3cb034f296c59c3179.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index a3e62ea323..200b3b6bf2 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.70 2014/07/10 08:51:14 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -884,9 +884,6 @@ ssl3_get_client_hello(SSL *s)
884	unsigned long id;	884	unsigned long id;
885	unsigned char p, d, *q;	885	unsigned char p, d, *q;
886	SSL_CIPHER *c;	886	SSL_CIPHER *c;
887	#ifndef OPENSSL_NO_COMP
888	SSL_COMP *comp = NULL;
889	#endif
890	STACK_OF(SSL_CIPHER) *ciphers = NULL;	887	STACK_OF(SSL_CIPHER) *ciphers = NULL;
891		888
892	/*	889	/*
@@ -1173,96 +1170,11 @@ ssl3_get_client_hello(SSL *s)
1173	}	1170	}
1174		1171
1175	/*	1172	/*
1176	* Worst case, we will use the NULL compression, but if we have other
1177	* options, we will now look for them. We have i-1 compression
1178	* algorithms from the client, starting at q.
1179	*/
1180	s->s3->tmp.new_compression = NULL;
1181	#ifndef OPENSSL_NO_COMP
1182	/* This only happens if we have a cache hit */
1183	if (s->session->compress_meth != 0) {
1184	int m, comp_id = s->session->compress_meth;
1185	/* Perform sanity checks on resumed compression algorithm */
1186	/* Can't disable compression */
1187	if (s->options & SSL_OP_NO_COMPRESSION) {
1188	al = SSL_AD_INTERNAL_ERROR;
1189	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1190	SSL_R_INCONSISTENT_COMPRESSION);
1191	goto f_err;
1192	}
1193	/* Look for resumed compression method */
1194	for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
1195	comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1196	if (comp_id == comp->id) {
1197	s->s3->tmp.new_compression = comp;
1198	break;
1199	}
1200	}
1201	if (s->s3->tmp.new_compression == NULL) {
1202	al = SSL_AD_INTERNAL_ERROR;
1203	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1204	SSL_R_INVALID_COMPRESSION_ALGORITHM);
1205	goto f_err;
1206	}
1207	/* Look for resumed method in compression list */
1208	for (m = 0; m < i; m++) {
1209	if (q[m] == comp_id)
1210	break;
1211	}
1212	if (m >= i) {
1213	al = SSL_AD_ILLEGAL_PARAMETER;
1214	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1215	SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1216	goto f_err;
1217	}
1218	} else if (s->hit)
1219	comp = NULL;
1220	else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1221	{ /* See if we have a match */
1222	int m, nn, o, v, done = 0;
1223
1224	nn = sk_SSL_COMP_num(s->ctx->comp_methods);
1225	for (m = 0; m < nn; m++) {
1226	comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
1227	v = comp->id;
1228	for (o = 0; o < i; o++) {
1229	if (v == q[o]) {
1230	done = 1;
1231	break;
1232	}
1233	}
1234	if (done)
1235	break;
1236	}
1237	if (done)
1238	s->s3->tmp.new_compression = comp;
1239	else
1240	comp = NULL;
1241	}
1242	#else
1243	/*
1244	* If compression is disabled we'd better not try to resume a session
1245	* using compression.
1246	*/
1247	if (s->session->compress_meth != 0) {
1248	al = SSL_AD_INTERNAL_ERROR;
1249	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1250	SSL_R_INCONSISTENT_COMPRESSION);
1251	goto f_err;
1252	}
1253	#endif
1254
1255	/*
1256	* Given s->session->ciphers and SSL_get_ciphers, we must	1173	* Given s->session->ciphers and SSL_get_ciphers, we must
1257	* pick a cipher	1174	* pick a cipher
1258	*/	1175	*/
1259		1176
1260	if (!s->hit) {	1177	if (!s->hit) {
1261	#ifdef OPENSSL_NO_COMP
1262	s->session->compress_meth = 0;
1263	#else
1264	s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
1265	#endif
1266	if (s->session->ciphers != NULL)	1178	if (s->session->ciphers != NULL)
1267	sk_SSL_CIPHER_free(s->session->ciphers);	1179	sk_SSL_CIPHER_free(s->session->ciphers);
1268	s->session->ciphers = ciphers;	1180	s->session->ciphers = ciphers;
@@ -1405,14 +1317,7 @@ ssl3_send_server_hello(SSL *s)
1405	p += i;	1317	p += i;
1406		1318
1407	/* put the compression method */	1319	/* put the compression method */
1408	#ifdef OPENSSL_NO_COMP
1409	*(p++) = 0;	1320	*(p++) = 0;
1410	#else
1411	if (s->s3->tmp.new_compression == NULL)
1412	*(p++) = 0;
1413	else
1414	*(p++) = s->s3->tmp.new_compression->id;
1415	#endif
1416	if (ssl_prepare_serverhello_tlsext(s) <= 0) {	1321	if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1417	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,	1322	SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1418	SSL_R_SERVERHELLO_TLSEXT);	1323	SSL_R_SERVERHELLO_TLSEXT);