diff options
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 72 |
1 files changed, 2 insertions, 70 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 61de494244..079544da84 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.73 2014/07/09 11:25:42 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.74 2014/07/10 08:51:14 tedu Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -472,15 +472,6 @@ ssl3_connect(SSL *s) | |||
| 472 | s->init_num = 0; | 472 | s->init_num = 0; |
| 473 | 473 | ||
| 474 | s->session->cipher = s->s3->tmp.new_cipher; | 474 | s->session->cipher = s->s3->tmp.new_cipher; |
| 475 | #ifdef OPENSSL_NO_COMP | ||
| 476 | s->session->compress_meth = 0; | ||
| 477 | #else | ||
| 478 | if (s->s3->tmp.new_compression == NULL) | ||
| 479 | s->session->compress_meth = 0; | ||
| 480 | else | ||
| 481 | s->session->compress_meth = | ||
| 482 | s->s3->tmp.new_compression->id; | ||
| 483 | #endif | ||
| 484 | if (!s->method->ssl3_enc->setup_key_block(s)) { | 475 | if (!s->method->ssl3_enc->setup_key_block(s)) { |
| 485 | ret = -1; | 476 | ret = -1; |
| 486 | goto end; | 477 | goto end; |
| @@ -656,10 +647,6 @@ ssl3_client_hello(SSL *s) | |||
| 656 | unsigned char *p, *d; | 647 | unsigned char *p, *d; |
| 657 | int i; | 648 | int i; |
| 658 | unsigned long l; | 649 | unsigned long l; |
| 659 | #ifndef OPENSSL_NO_COMP | ||
| 660 | int j; | ||
| 661 | SSL_COMP *comp; | ||
| 662 | #endif | ||
| 663 | 650 | ||
| 664 | buf = (unsigned char *)s->init_buf->data; | 651 | buf = (unsigned char *)s->init_buf->data; |
| 665 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { | 652 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { |
| @@ -752,22 +739,8 @@ ssl3_client_hello(SSL *s) | |||
| 752 | s2n(i, p); | 739 | s2n(i, p); |
| 753 | p += i; | 740 | p += i; |
| 754 | 741 | ||
| 755 | /* COMPRESSION */ | 742 | /* add in (no) COMPRESSION */ |
| 756 | #ifdef OPENSSL_NO_COMP | ||
| 757 | *(p++) = 1; | 743 | *(p++) = 1; |
| 758 | #else | ||
| 759 | |||
| 760 | if ((s->options & SSL_OP_NO_COMPRESSION) || | ||
| 761 | !s->ctx->comp_methods) | ||
| 762 | j = 0; | ||
| 763 | else | ||
| 764 | j = sk_SSL_COMP_num(s->ctx->comp_methods); | ||
| 765 | *(p++) = 1 + j; | ||
| 766 | for (i = 0; i < j; i++) { | ||
| 767 | comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); | ||
| 768 | *(p++) = comp->id; | ||
| 769 | } | ||
| 770 | #endif | ||
| 771 | *(p++) = 0; /* Add the NULL method */ | 744 | *(p++) = 0; /* Add the NULL method */ |
| 772 | 745 | ||
| 773 | /* TLS extensions*/ | 746 | /* TLS extensions*/ |
| @@ -809,9 +782,6 @@ ssl3_get_server_hello(SSL *s) | |||
| 809 | int i, al, ok; | 782 | int i, al, ok; |
| 810 | unsigned int j; | 783 | unsigned int j; |
| 811 | long n; | 784 | long n; |
| 812 | #ifndef OPENSSL_NO_COMP | ||
| 813 | SSL_COMP *comp; | ||
| 814 | #endif | ||
| 815 | 785 | ||
| 816 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, | 786 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, |
| 817 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); | 787 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); |
| @@ -963,50 +933,12 @@ ssl3_get_server_hello(SSL *s) | |||
| 963 | } | 933 | } |
| 964 | /* lets get the compression algorithm */ | 934 | /* lets get the compression algorithm */ |
| 965 | /* COMPRESSION */ | 935 | /* COMPRESSION */ |
| 966 | #ifdef OPENSSL_NO_COMP | ||
| 967 | if (*(p++) != 0) { | 936 | if (*(p++) != 0) { |
| 968 | al = SSL_AD_ILLEGAL_PARAMETER; | 937 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 969 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | 938 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, |
| 970 | SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | 939 | SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); |
| 971 | goto f_err; | 940 | goto f_err; |
| 972 | } | 941 | } |
| 973 | /* | ||
| 974 | * If compression is disabled we'd better not try to resume a session | ||
| 975 | * using compression. | ||
| 976 | */ | ||
| 977 | if (s->session->compress_meth != 0) { | ||
| 978 | al = SSL_AD_INTERNAL_ERROR; | ||
| 979 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 980 | SSL_R_INCONSISTENT_COMPRESSION); | ||
| 981 | goto f_err; | ||
| 982 | } | ||
| 983 | #else | ||
| 984 | j= *(p++); | ||
| 985 | if (s->hit && j != s->session->compress_meth) { | ||
| 986 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 987 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 988 | SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED); | ||
| 989 | goto f_err; | ||
| 990 | } | ||
| 991 | if (j == 0) | ||
| 992 | comp = NULL; | ||
| 993 | else if (s->options & SSL_OP_NO_COMPRESSION) { | ||
| 994 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 995 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 996 | SSL_R_COMPRESSION_DISABLED); | ||
| 997 | goto f_err; | ||
| 998 | } else | ||
| 999 | comp = ssl3_comp_find(s->ctx->comp_methods, j); | ||
| 1000 | |||
| 1001 | if ((j != 0) && (comp == NULL)) { | ||
| 1002 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1003 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 1004 | SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
| 1005 | goto f_err; | ||
| 1006 | } else { | ||
| 1007 | s->s3->tmp.new_compression = comp; | ||
| 1008 | } | ||
| 1009 | #endif | ||
| 1010 | 942 | ||
| 1011 | /* TLS extensions*/ | 943 | /* TLS extensions*/ |
| 1012 | if (s->version >= SSL3_VERSION) { | 944 | if (s->version >= SSL3_VERSION) { |