1 files changed, 2 insertions, 173 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index d84e45764e..0ba66cc89f 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -142,9 +142,6 @@
 #include <stdio.h>
 #include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
 #define SSL_COMP_ZLIB_IDX       1
 #define SSL_COMP_NUM_IDX        2
-static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #define SSL_MD_MD5_IDX  0
 #define SSL_MD_SHA1_IDX 1
 #define SSL_MD_GOST94_IDX 2
@@ -645,81 +640,14 @@ ssl_load_ciphers(void)
        ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
 }
-#ifndef OPENSSL_NO_COMP
-static int
-sk_comp_cmp(const SSL_COMP * const *a,
-    const SSL_COMP * const *b)
-{
-        return ((*a)->id - (*b)->id);
-}
-static void
-load_builtin_compressions(void)
-{
-        int got_write_lock = 0;
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL);
-        if (ssl_comp_methods == NULL) {
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-                got_write_lock = 1;
-                if (ssl_comp_methods == NULL) {
-                        SSL_COMP *comp = NULL;
-                        ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-                        if (ssl_comp_methods != NULL) {
-                                comp = malloc(sizeof(SSL_COMP));
-                                if (comp != NULL) {
-                                        comp->method = COMP_zlib();
-                                        if (comp->method &&
-                                            comp->method->type == NID_undef)
-                                                free(comp);
-                                        else {
-                                                comp->id = SSL_COMP_ZLIB_IDX;
-                                                comp->name = comp->method->name;
-                                                sk_SSL_COMP_push(ssl_comp_methods, comp);
-                                        }
-                                }
-                                sk_SSL_COMP_sort(ssl_comp_methods);
-                        }
-                }
-        }
-        if (got_write_lock)
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-        else
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-}
-#endif
 /* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
 * session and returns 1. On error it returns 0. */
 int
 ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp)
 {
-        SSL_COMP ctmp;
-        int i;
-#ifndef OPENSSL_NO_COMP
-        load_builtin_compressions();
-#endif
        *comp = NULL;
-        if (s->compress_meth == 0)
+        return 1;
-                return 1;
-        if (ssl_comp_methods == NULL)
-                return 0;
-        ctmp.id = s->compress_meth;
-        i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
-        if (i >= 0) {
-                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
-                return 1;
-        }
-        return 0;
 }
 int
@@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c)
 {
        return c->id;
 }
-SSL_COMP *
-ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-{
-        SSL_COMP *ctmp;
-        int i, nn;
-        if ((n == 0) || (sk == NULL))
-                return (NULL);
-        nn = sk_SSL_COMP_num(sk);
-        for (i = 0; i < nn; i++) {
-                ctmp = sk_SSL_COMP_value(sk, i);
-                if (ctmp->id == n)
-                        return (ctmp);
-        }
-        return (NULL);
-}
-#ifdef OPENSSL_NO_COMP
-void *
-SSL_COMP_get_compression_methods(void)
-{
-        return NULL;
-}
-int
-SSL_COMP_add_compression_method(int id, void *cm)
-{
-        return 1;
-}
-const char *
-SSL_COMP_get_name(const void *comp)
-{
-        return NULL;
-}
-#else
-STACK_OF(SSL_COMP) *
-SSL_COMP_get_compression_methods(void)
-{
-        load_builtin_compressions();
-        return (ssl_comp_methods);
-}
-int
-SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
-{
-        SSL_COMP *comp;
-        if (cm == NULL || cm->type == NID_undef)
-                return 1;
-        /* According to draft-ietf-tls-compression-04.txt, the
-           compression number ranges should be the following:
-           0 to 63:    methods defined by the IETF
-           64 to 192:  external party methods assigned by IANA
-           193 to 255: reserved for private use */
-        if (id < 193 || id > 255) {
-                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-                    SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
-                return 1;
-        }
-        comp = malloc(sizeof(SSL_COMP));
-        if (comp == NULL) {
-                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-                    ERR_R_MALLOC_FAILURE);
-                return (1);
-        }
-        comp->id = id;
-        comp->method = cm;
-        load_builtin_compressions();
-        if (ssl_comp_methods &&
-            sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
-                free(comp);
-                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-                    SSL_R_DUPLICATE_COMPRESSION_ID);
-                return (1);
-        } else if ((ssl_comp_methods == NULL) ||
-            !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
-                free(comp);
-                SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-                    ERR_R_MALLOC_FAILURE);
-                return (1);
-        } else {
-                return (0);
-        }
-}
-const char *
-SSL_COMP_get_name(const COMP_METHOD *comp)
-{
-        if (comp)
-                return comp->name;
-        return NULL;
-}
-#endif

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index d84e45764e..0ba66cc89f 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.58 2014/07/09 14:20:55 jsing Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.59 2014/07/10 08:51:15 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -142,9 +142,6 @@
142		142
143	#include <stdio.h>	143	#include <stdio.h>
144	#include <openssl/objects.h>	144	#include <openssl/objects.h>
145	#ifndef OPENSSL_NO_COMP
146	#include <openssl/comp.h>
147	#endif
148	#ifndef OPENSSL_NO_ENGINE	145	#ifndef OPENSSL_NO_ENGINE
149	#include <openssl/engine.h>	146	#include <openssl/engine.h>
150	#endif	147	#endif
@@ -175,8 +172,6 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
175	#define SSL_COMP_ZLIB_IDX 1	172	#define SSL_COMP_ZLIB_IDX 1
176	#define SSL_COMP_NUM_IDX 2	173	#define SSL_COMP_NUM_IDX 2
177		174
178	static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
179
180	#define SSL_MD_MD5_IDX 0	175	#define SSL_MD_MD5_IDX 0
181	#define SSL_MD_SHA1_IDX 1	176	#define SSL_MD_SHA1_IDX 1
182	#define SSL_MD_GOST94_IDX 2	177	#define SSL_MD_GOST94_IDX 2
@@ -645,81 +640,14 @@ ssl_load_ciphers(void)
645	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=	640	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
646	EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);	641	EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
647	}	642	}
648	#ifndef OPENSSL_NO_COMP
649
650	static int
651	sk_comp_cmp(const SSL_COMP * const *a,
652	const SSL_COMP * const *b)
653	{
654	return ((a)->id - (b)->id);
655	}
656
657	static void
658	load_builtin_compressions(void)
659	{
660	int got_write_lock = 0;
661
662	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
663	if (ssl_comp_methods == NULL) {
664	CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
665	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
666	got_write_lock = 1;
667
668	if (ssl_comp_methods == NULL) {
669	SSL_COMP *comp = NULL;
670
671	ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
672	if (ssl_comp_methods != NULL) {
673	comp = malloc(sizeof(SSL_COMP));
674	if (comp != NULL) {
675	comp->method = COMP_zlib();
676	if (comp->method &&
677	comp->method->type == NID_undef)
678	free(comp);
679	else {
680	comp->id = SSL_COMP_ZLIB_IDX;
681	comp->name = comp->method->name;
682	sk_SSL_COMP_push(ssl_comp_methods, comp);
683	}
684	}
685	sk_SSL_COMP_sort(ssl_comp_methods);
686	}
687	}
688	}
689
690	if (got_write_lock)
691	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
692	else
693	CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
694	}
695	#endif
696		643
697	/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given	644	/* ssl_cipher_get_comp sets comp to the correct SSL_COMP for the given
698	* session and returns 1. On error it returns 0. */	645	* session and returns 1. On error it returns 0. */
699	int	646	int
700	ssl_cipher_get_comp(const SSL_SESSION s, SSL_COMP *comp)	647	ssl_cipher_get_comp(const SSL_SESSION s, SSL_COMP *comp)
701	{	648	{
702	SSL_COMP ctmp;
703	int i;
704
705	#ifndef OPENSSL_NO_COMP
706	load_builtin_compressions();
707	#endif
708
709	*comp = NULL;	649	*comp = NULL;
710	if (s->compress_meth == 0)	650	return 1;
711	return 1;
712	if (ssl_comp_methods == NULL)
713	return 0;
714
715	ctmp.id = s->compress_meth;
716	i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
717	if (i >= 0) {
718	*comp = sk_SSL_COMP_value(ssl_comp_methods, i);
719	return 1;
720	}
721
722	return 0;
723	}	651	}
724		652
725	int	653	int
@@ -1919,102 +1847,3 @@ SSL_CIPHER_get_id(const SSL_CIPHER *c)
1919	{	1847	{
1920	return c->id;	1848	return c->id;
1921	}	1849	}
1922
1923	SSL_COMP *
1924	ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1925	{
1926	SSL_COMP *ctmp;
1927	int i, nn;
1928
1929	if ((n == 0) \|\| (sk == NULL))
1930	return (NULL);
1931	nn = sk_SSL_COMP_num(sk);
1932	for (i = 0; i < nn; i++) {
1933	ctmp = sk_SSL_COMP_value(sk, i);
1934	if (ctmp->id == n)
1935	return (ctmp);
1936	}
1937	return (NULL);
1938	}
1939
1940	#ifdef OPENSSL_NO_COMP
1941	void *
1942	SSL_COMP_get_compression_methods(void)
1943	{
1944	return NULL;
1945	}
1946
1947	int
1948	SSL_COMP_add_compression_method(int id, void *cm)
1949	{
1950	return 1;
1951	}
1952
1953	const char *
1954	SSL_COMP_get_name(const void *comp)
1955	{
1956	return NULL;
1957	}
1958	#else
1959	STACK_OF(SSL_COMP) *
1960	SSL_COMP_get_compression_methods(void)
1961	{
1962	load_builtin_compressions();
1963	return (ssl_comp_methods);
1964	}
1965
1966	int
1967	SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1968	{
1969	SSL_COMP *comp;
1970
1971	if (cm == NULL \|\| cm->type == NID_undef)
1972	return 1;
1973
1974	/* According to draft-ietf-tls-compression-04.txt, the
1975	compression number ranges should be the following:
1976
1977	0 to 63: methods defined by the IETF
1978	64 to 192: external party methods assigned by IANA
1979	193 to 255: reserved for private use */
1980	if (id < 193 \|\| id > 255) {
1981	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1982	SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1983	return 1;
1984	}
1985
1986	comp = malloc(sizeof(SSL_COMP));
1987	if (comp == NULL) {
1988	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1989	ERR_R_MALLOC_FAILURE);
1990	return (1);
1991	}
1992	comp->id = id;
1993	comp->method = cm;
1994	load_builtin_compressions();
1995	if (ssl_comp_methods &&
1996	sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
1997	free(comp);
1998	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
1999	SSL_R_DUPLICATE_COMPRESSION_ID);
2000	return (1);
2001	} else if ((ssl_comp_methods == NULL) \|\|
2002	!sk_SSL_COMP_push(ssl_comp_methods, comp)) {
2003	free(comp);
2004	SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
2005	ERR_R_MALLOC_FAILURE);
2006	return (1);
2007	} else {
2008	return (0);
2009	}
2010	}
2011
2012	const char *
2013	SSL_COMP_get_name(const COMP_METHOD *comp)
2014	{
2015	if (comp)
2016	return comp->name;
2017	return NULL;
2018	}
2019
2020	#endif