Update from HEAD.

This commit is contained in:
Dr. Stephen Henson 2005-09-30 23:38:20 +00:00
parent b0d90958fc
commit 54f51116b2
13 changed files with 118 additions and 3 deletions

View file

@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
SSL_CIPHER *c;
X509_NAME *xn;
int j,i;
#ifndef OPENSSL_NO_COMP
const COMP_METHOD *comp, *expansion;
#endif
if (full)
{
@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
#ifndef OPENSSL_NO_COMP
comp=SSL_get_current_compression(s);
expansion=SSL_get_current_expansion(s);
BIO_printf(bio,"Compression: %s\n",
comp ? SSL_COMP_get_name(comp) : "NONE");
BIO_printf(bio,"Expansion: %s\n",
expansion ? SSL_COMP_get_name(expansion) : "NONE");
#endif
SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n");
if (peer != NULL)

View file

@ -371,11 +371,15 @@ int dtls1_connect(SSL *s)
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
#ifdef OPENSSL_NO_COMP
s->session->compress_meth=0;
#else
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
#endif
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;

View file

@ -705,10 +705,14 @@ int dtls1_send_server_hello(SSL *s)
p+=i;
/* put the compression method */
#ifdef OPENSSL_NO_COMP
*(p++)=0;
#else
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
#endif
/* do the header */
l=(p-d);

View file

@ -369,11 +369,15 @@ int ssl3_connect(SSL *s)
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
#ifdef OPENSSL_NO_COMP
s->session->compress_meth=0;
#else
if (s->s3->tmp.new_compression == NULL)
s->session->compress_meth=0;
else
s->session->compress_meth=
s->s3->tmp.new_compression->id;
#endif
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
@ -517,9 +521,12 @@ int ssl3_client_hello(SSL *s)
{
unsigned char *buf;
unsigned char *p,*d;
int i,j;
int i;
unsigned long Time,l;
#ifndef OPENSSL_NO_COMP
int j;
SSL_COMP *comp;
#endif
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@ -578,6 +585,9 @@ int ssl3_client_hello(SSL *s)
p+=i;
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
*(p++)=1;
#else
if (s->ctx->comp_methods == NULL)
j=0;
else
@ -588,6 +598,7 @@ int ssl3_client_hello(SSL *s)
comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
*(p++)=comp->id;
}
#endif
*(p++)=0; /* Add the NULL method */
l=(p-d);
@ -615,7 +626,9 @@ int ssl3_get_server_hello(SSL *s)
int i,al,ok;
unsigned int j;
long n;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp;
#endif
n=s->method->ssl_get_message(s,
SSL3_ST_CR_SRVR_HELLO_A,
@ -746,6 +759,14 @@ int ssl3_get_server_hello(SSL *s)
/* lets get the compression algorithm */
/* COMPRESSION */
#ifdef OPENSSL_NO_COMP
if (*(p++) != 0)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
#else
j= *(p++);
if (j == 0)
comp=NULL;
@ -762,6 +783,7 @@ int ssl3_get_server_hello(SSL *s)
{
s->s3->tmp.new_compression=comp;
}
#endif
if (p != (d+n))
{

View file

@ -196,7 +196,9 @@ int ssl3_change_cipher_state(SSL *s, int which)
unsigned char *ms,*key,*iv,*er1,*er2;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
EVP_MD_CTX md;
int is_exp,n,i,j,k,cl;
@ -205,10 +207,12 @@ int ssl3_change_cipher_state(SSL *s, int which)
is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp=NULL;
else
comp=s->s3->tmp.new_compression->method;
#endif
key_block=s->s3->tmp.key_block;
if (which & SSL3_CC_READ)
@ -219,6 +223,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->expand != NULL)
{
@ -239,6 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
if (s->s3->rrec.comp == NULL)
goto err;
}
#endif
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
}
@ -250,6 +256,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err;
dd= s->enc_write_ctx;
s->write_hash=m;
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
if (s->compress != NULL)
{
@ -265,6 +272,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err2;
}
}
#endif
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
}
@ -350,7 +358,9 @@ int ssl3_setup_key_block(SSL *s)
const EVP_MD *hash;
int num;
int ret = 0;
#ifdef OPENSSL_NO_COMP
SSL_COMP *comp;
#endif
if (s->s3->tmp.key_block_length != 0)
return(1);
@ -363,7 +373,11 @@ int ssl3_setup_key_block(SSL *s)
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
#ifdef OPENSSL_NO_COMP
s->s3->tmp.new_compression=NULL;
#else
s->s3->tmp.new_compression=comp;
#endif
num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
num*=2;

View file

@ -476,6 +476,7 @@ err:
int ssl3_do_uncompress(SSL *ssl)
{
#ifndef OPENSSL_NO_COMP
int i;
SSL3_RECORD *rr;
@ -487,12 +488,13 @@ int ssl3_do_uncompress(SSL *ssl)
else
rr->length=i;
rr->data=rr->comp;
#endif
return(1);
}
int ssl3_do_compress(SSL *ssl)
{
#ifndef OPENSSL_NO_COMP
int i;
SSL3_RECORD *wr;
@ -506,6 +508,7 @@ int ssl3_do_compress(SSL *ssl)
wr->length=i;
wr->input=wr->data;
#endif
return(1);
}

View file

@ -666,7 +666,9 @@ int ssl3_get_client_hello(SSL *s)
unsigned long id;
unsigned char *p,*d,*q;
SSL_CIPHER *c;
#ifndef OPENSSL_NO_COMP
SSL_COMP *comp=NULL;
#endif
STACK_OF(SSL_CIPHER) *ciphers=NULL;
/* We do this so that we will respond with our native type.
@ -897,6 +899,7 @@ int ssl3_get_client_hello(SSL *s)
* options, we will now look for them. We have i-1 compression
* algorithms from the client, starting at q. */
s->s3->tmp.new_compression=NULL;
#ifndef OPENSSL_NO_COMP
if (s->ctx->comp_methods != NULL)
{ /* See if we have a match */
int m,nn,o,v,done=0;
@ -921,6 +924,7 @@ int ssl3_get_client_hello(SSL *s)
else
comp=NULL;
}
#endif
/* TLS does not mind if there is extra stuff */
#if 0 /* SSL 3.0 does not mind either, so we should disable this test
@ -944,7 +948,11 @@ int ssl3_get_client_hello(SSL *s)
if (!s->hit)
{
#ifdef OPENSSL_NO_COMP
s->session->compress_meth=0;
#else
s->session->compress_meth=(comp == NULL)?0:comp->id;
#endif
if (s->session->ciphers != NULL)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers=ciphers;
@ -1070,10 +1078,14 @@ int ssl3_send_server_hello(SSL *s)
p+=i;
/* put the compression method */
#ifdef OPENSSL_NO_COMP
*(p++)=0;
#else
if (s->s3->tmp.new_compression == NULL)
*(p++)=0;
else
*(p++)=s->s3->tmp.new_compression->id;
#endif
/* do the header */
l=(p-d);

View file

@ -254,7 +254,11 @@ extern "C" {
#endif
#define SSL3_RT_MAX_PLAIN_LENGTH 16384
#ifdef OPENSSL_NO_COMP
#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
#else
#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
#endif
#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
#define SSL3_RT_MAX_DATA_SIZE (1024*1024)

View file

@ -192,6 +192,9 @@ void ssl_load_ciphers(void)
EVP_get_digestbyname(SN_sha1);
}
#ifndef OPENSSL_NO_COMP
static int sk_comp_cmp(const SSL_COMP * const *a,
const SSL_COMP * const *b)
{
@ -231,6 +234,7 @@ static void load_builtin_compressions(void)
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
#endif
int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, SSL_COMP **comp)
@ -243,8 +247,9 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
if (comp != NULL)
{
SSL_COMP ctmp;
#ifndef OPENSSL_NO_COMP
load_builtin_compressions();
#endif
*comp=NULL;
ctmp.id=s->compress_meth;
@ -1131,6 +1136,21 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
return(NULL);
}
#ifdef OPENSSL_NO_COMP
void *SSL_COMP_get_compression_methods(void)
{
return NULL;
}
int SSL_COMP_add_compression_method(int id, void *cm)
{
return 1;
}
const char *SSL_COMP_get_name(const void *comp)
{
return NULL;
}
#else
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
load_builtin_compressions();
@ -1191,3 +1211,4 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
return NULL;
}
#endif

View file

@ -2246,6 +2246,7 @@ void ssl_clear_cipher_ctx(SSL *s)
OPENSSL_free(s->enc_write_ctx);
s->enc_write_ctx=NULL;
}
#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
@ -2256,6 +2257,7 @@ void ssl_clear_cipher_ctx(SSL *s)
COMP_CTX_free(s->compress);
s->compress=NULL;
}
#endif
}
/* Fix this function so that it takes an optional type parameter */
@ -2282,6 +2284,16 @@ SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
return(s->session->cipher);
return(NULL);
}
#ifdef OPENSSL_NO_COMP
const void *SSL_get_current_compression(SSL *s)
{
return NULL;
}
const void *SSL_get_current_expansion(SSL *s)
{
return NULL;
}
#else
const COMP_METHOD *SSL_get_current_compression(SSL *s)
{
@ -2296,6 +2308,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s)
return(s->expand->meth);
return(NULL);
}
#endif
int ssl_init_wbio_buffer(SSL *s,int push)
{

View file

@ -151,6 +151,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
}
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_COMP
if (x->compress_meth != 0)
{
SSL_COMP *comp = NULL;
@ -165,6 +166,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
}
}
#endif
if (x->time != 0L)
{
if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;

View file

@ -420,7 +420,9 @@ int main(int argc, char *argv[])
int print_time = 0;
clock_t s_time = 0, c_time = 0;
int comp = 0;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *cm = NULL;
#endif
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
int test_cipherlist = 0;
@ -652,6 +654,7 @@ bad:
SSL_library_init();
SSL_load_error_strings();
#ifndef OPENSSL_NO_COMP
if (comp == COMP_ZLIB) cm = COMP_zlib();
if (comp == COMP_RLE) cm = COMP_rle();
if (cm != NULL)
@ -675,6 +678,7 @@ bad:
ERR_print_errors_fp(stderr);
}
}
#endif
ssl_comp_methods = SSL_COMP_get_compression_methods();
fprintf(stderr, "Available compression methods:\n");
{

View file

@ -231,7 +231,9 @@ int tls1_change_cipher_state(SSL *s, int which)
int client_write;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
const SSL_COMP *comp;
#endif
const EVP_MD *m;
int is_export,n,i,j,k,exp_label_len,cl;
int reuse_dd = 0;
@ -239,7 +241,9 @@ int tls1_change_cipher_state(SSL *s, int which)
is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
c=s->s3->tmp.new_sym_enc;
m=s->s3->tmp.new_hash;
#ifndef OPENSSL_NO_COMP
comp=s->s3->tmp.new_compression;
#endif
key_block=s->s3->tmp.key_block;
#ifdef KSSL_DEBUG
@ -265,6 +269,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto err;
dd= s->enc_read_ctx;
s->read_hash=m;
#ifndef OPENSSL_NO_COMP
if (s->expand != NULL)
{
COMP_CTX_free(s->expand);
@ -284,6 +289,7 @@ int tls1_change_cipher_state(SSL *s, int which)
if (s->s3->rrec.comp == NULL)
goto err;
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->read_sequence[0]),0,8);
@ -301,6 +307,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto err;
dd= s->enc_write_ctx;
s->write_hash=m;
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
@ -315,6 +322,7 @@ int tls1_change_cipher_state(SSL *s, int which)
goto err2;
}
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->write_sequence[0]),0,8);