diff options
Diffstat (limited to 'src/lib/libssl/ssl_ciph.c')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 175 | 
1 files changed, 2 insertions, 173 deletions
| diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index d84e45764e..0ba66cc89f 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -142,9 +142,6 @@ | |||
| 142 | 142 | ||
| 143 | #include <stdio.h> | 143 | #include <stdio.h> | 
| 144 | #include <openssl/objects.h> | 144 | #include <openssl/objects.h> | 
| 145 | #ifndef OPENSSL_NO_COMP | ||
| 146 | #include <openssl/comp.h> | ||
| 147 | #endif | ||
| 148 | #ifndef OPENSSL_NO_ENGINE | 145 | #ifndef OPENSSL_NO_ENGINE | 
| 149 | #include <openssl/engine.h> | 146 | #include <openssl/engine.h> | 
| 150 | #endif | 147 | #endif | 
| @@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | |||
| 175 | #define SSL_COMP_ZLIB_IDX 1 | 172 | #define SSL_COMP_ZLIB_IDX 1 | 
| 176 | #define SSL_COMP_NUM_IDX 2 | 173 | #define SSL_COMP_NUM_IDX 2 | 
| 177 | 174 | ||
| 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | ||
| 179 | |||
| 180 | #define SSL_MD_MD5_IDX 0 | 175 | #define SSL_MD_MD5_IDX 0 | 
| 181 | #define SSL_MD_SHA1_IDX 1 | 176 | #define SSL_MD_SHA1_IDX 1 | 
| 182 | #define SSL_MD_GOST94_IDX 2 | 177 | #define SSL_MD_GOST94_IDX 2 | 
| @@ -645,81 +640,14 @@ ssl_load_ciphers(void) | |||
| 645 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 640 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 
| 646 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 641 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 
| 647 | } | 642 | } | 
| 648 | #ifndef OPENSSL_NO_COMP | ||
| 649 | |||
| 650 | static int | ||
| 651 | sk_comp_cmp(const SSL_COMP * const *a, | ||
| 652 | const SSL_COMP * const *b) | ||
| 653 | { | ||
| 654 | return ((*a)->id - (*b)->id); | ||
| 655 | } | ||
| 656 | |||
| 657 | static void | ||
| 658 | load_builtin_compressions(void) | ||
| 659 | { | ||
| 660 | int got_write_lock = 0; | ||
| 661 | |||
| 662 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | ||
| 663 | if (ssl_comp_methods == NULL) { | ||
| 664 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 665 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 666 | got_write_lock = 1; | ||
| 667 | |||
| 668 | if (ssl_comp_methods == NULL) { | ||
| 669 | SSL_COMP *comp = NULL; | ||
| 670 | |||
| 671 | ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); | ||
| 672 | if (ssl_comp_methods != NULL) { | ||
| 673 | comp = malloc(sizeof(SSL_COMP)); | ||
| 674 | if (comp != NULL) { | ||
| 675 | comp->method = COMP_zlib(); | ||
| 676 | if (comp->method && | ||
| 677 | comp->method->type == NID_undef) | ||
| 678 | free(comp); | ||
| 679 | else { | ||
| 680 | comp->id = SSL_COMP_ZLIB_IDX; | ||
| 681 | comp->name = comp->method->name; | ||
| 682 | sk_SSL_COMP_push(ssl_comp_methods, comp); | ||
| 683 | } | ||
| 684 | } | ||
| 685 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 686 | } | ||
| 687 | } | ||
| 688 | } | ||
| 689 | |||
| 690 | if (got_write_lock) | ||
| 691 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 692 | else | ||
| 693 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | ||
| 694 | } | ||
| 695 | #endif | ||
| 696 | 643 | ||
| 697 | /* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given | 644 | /* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given | 
| 698 | * session and returns 1. On error it returns 0. */ | 645 | * session and returns 1. On error it returns 0. */ | 
| 699 | int | 646 | int | 
| 700 | ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp) | 647 | ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp) | 
| 701 | { | 648 | { | 
| 702 | SSL_COMP ctmp; | ||
| 703 | int i; | ||
| 704 | |||
| 705 | #ifndef OPENSSL_NO_COMP | ||
| 706 | load_builtin_compressions(); | ||
| 707 | #endif | ||
| 708 | |||
| 709 | *comp = NULL; | 649 | *comp = NULL; | 
| 710 | if (s->compress_meth == 0) | 650 | return 1; | 
| 711 | return 1; | ||
| 712 | if (ssl_comp_methods == NULL) | ||
| 713 | return 0; | ||
| 714 | |||
| 715 | ctmp.id = s->compress_meth; | ||
| 716 | i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); | ||
| 717 | if (i >= 0) { | ||
| 718 | *comp = sk_SSL_COMP_value(ssl_comp_methods, i); | ||
| 719 | return 1; | ||
| 720 | } | ||
| 721 | |||
| 722 | return 0; | ||
| 723 | } | 651 | } | 
| 724 | 652 | ||
| 725 | int | 653 | int | 
| @@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c) | |||
| 1919 | { | 1847 | { | 
| 1920 | return c->id; | 1848 | return c->id; | 
| 1921 | } | 1849 | } | 
| 1922 | |||
| 1923 | SSL_COMP * | ||
| 1924 | ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | ||
| 1925 | { | ||
| 1926 | SSL_COMP *ctmp; | ||
| 1927 | int i, nn; | ||
| 1928 | |||
| 1929 | if ((n == 0) || (sk == NULL)) | ||
| 1930 | return (NULL); | ||
| 1931 | nn = sk_SSL_COMP_num(sk); | ||
| 1932 | for (i = 0; i < nn; i++) { | ||
| 1933 | ctmp = sk_SSL_COMP_value(sk, i); | ||
| 1934 | if (ctmp->id == n) | ||
| 1935 | return (ctmp); | ||
| 1936 | } | ||
| 1937 | return (NULL); | ||
| 1938 | } | ||
| 1939 | |||
| 1940 | #ifdef OPENSSL_NO_COMP | ||
| 1941 | void * | ||
| 1942 | SSL_COMP_get_compression_methods(void) | ||
| 1943 | { | ||
| 1944 | return NULL; | ||
| 1945 | } | ||
| 1946 | |||
| 1947 | int | ||
| 1948 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1949 | { | ||
| 1950 | return 1; | ||
| 1951 | } | ||
| 1952 | |||
| 1953 | const char * | ||
| 1954 | SSL_COMP_get_name(const void *comp) | ||
| 1955 | { | ||
| 1956 | return NULL; | ||
| 1957 | } | ||
| 1958 | #else | ||
| 1959 | STACK_OF(SSL_COMP) * | ||
| 1960 | SSL_COMP_get_compression_methods(void) | ||
| 1961 | { | ||
| 1962 | load_builtin_compressions(); | ||
| 1963 | return (ssl_comp_methods); | ||
| 1964 | } | ||
| 1965 | |||
| 1966 | int | ||
| 1967 | SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | ||
| 1968 | { | ||
| 1969 | SSL_COMP *comp; | ||
| 1970 | |||
| 1971 | if (cm == NULL || cm->type == NID_undef) | ||
| 1972 | return 1; | ||
| 1973 | |||
| 1974 | /* According to draft-ietf-tls-compression-04.txt, the | ||
| 1975 | compression number ranges should be the following: | ||
| 1976 | |||
| 1977 | 0 to 63: methods defined by the IETF | ||
| 1978 | 64 to 192: external party methods assigned by IANA | ||
| 1979 | 193 to 255: reserved for private use */ | ||
| 1980 | if (id < 193 || id > 255) { | ||
| 1981 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, | ||
| 1982 | SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1983 | return 1; | ||
| 1984 | } | ||
| 1985 | |||
| 1986 | comp = malloc(sizeof(SSL_COMP)); | ||
| 1987 | if (comp == NULL) { | ||
| 1988 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, | ||
| 1989 | ERR_R_MALLOC_FAILURE); | ||
| 1990 | return (1); | ||
| 1991 | } | ||
| 1992 | comp->id = id; | ||
| 1993 | comp->method = cm; | ||
| 1994 | load_builtin_compressions(); | ||
| 1995 | if (ssl_comp_methods && | ||
| 1996 | sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { | ||
| 1997 | free(comp); | ||
| 1998 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, | ||
| 1999 | SSL_R_DUPLICATE_COMPRESSION_ID); | ||
| 2000 | return (1); | ||
| 2001 | } else if ((ssl_comp_methods == NULL) || | ||
| 2002 | !sk_SSL_COMP_push(ssl_comp_methods, comp)) { | ||
| 2003 | free(comp); | ||
| 2004 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, | ||
| 2005 | ERR_R_MALLOC_FAILURE); | ||
| 2006 | return (1); | ||
| 2007 | } else { | ||
| 2008 | return (0); | ||
| 2009 | } | ||
| 2010 | } | ||
| 2011 | |||
| 2012 | const char * | ||
| 2013 | SSL_COMP_get_name(const COMP_METHOD *comp) | ||
| 2014 | { | ||
| 2015 | if (comp) | ||
| 2016 | return comp->name; | ||
| 2017 | return NULL; | ||
| 2018 | } | ||
| 2019 | |||
| 2020 | #endif | ||
