Make sure int SSL_COMP_add_compression_method() checks if a certain

compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00 · 2003-10-06 11:00:15 +00:00 · 8242354952
commit 8242354952
parent c40b9bdefb
7 changed files with 45 additions and 17 deletions
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
-c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_zlib.o: c_zlib.c
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
+c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
 comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
 des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
 #endif

 #ifndef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
+void *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,char *cm);
 #endif

@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
 #define SSL_R_DIGEST_CHECK_FAILED			 149
+#define SSL_R_DUPLICATE_COMPRESSION_ID			 1121
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 1119
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 	comp->id=id;
 	comp->method=cm;
 	load_builtin_compressions();
-	if ((ssl_comp_methods == NULL)
+	if (ssl_comp_methods
+		&& !sk_SSL_COMP_find(ssl_comp_methods,comp))
+		{
+		OPENSSL_free(comp);
+		MemCheck_on();
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
+		return(1);
+		}
+	else if ((ssl_comp_methods == NULL)
 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
 		{
 		OPENSSL_free(comp);
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_DUPLICATE_COMPRESSION_ID          ,"duplicate compression id"},
 {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER      ,"ecgroup too large for cipher"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
 {SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@ -164,8 +164,8 @@

 /* There is really no standard for this, so let's assign some tentative
   numbers.  In any case, these numbers are only for this test */
-#define COMP_RLE	1
-#define COMP_ZLIB	2
+#define COMP_RLE	255
+#define COMP_ZLIB	1

 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifndef OPENSSL_NO_RSA
@ -373,7 +373,7 @@ int main(int argc, char *argv[])
 	SSL_METHOD *meth=NULL;
 	SSL *c_ssl,*s_ssl;
 	int number=1,reuse=0;
-	long bytes=1L;
+	long bytes=256L;
 #ifndef OPENSSL_NO_DH
 	DH *dh;
 	int dhe1024 = 0, dhe1024dsa = 0;
@ -387,6 +387,7 @@ int main(int argc, char *argv[])
 	clock_t s_time = 0, c_time = 0;
 	int comp = 0;
 	COMP_METHOD *cm = NULL;
+	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;

 	verbose = 0;
 	debug = 0;
@ -612,6 +613,19 @@ bad:
 			ERR_print_errors_fp(stderr);
 			}
 		}
+	ssl_comp_methods = SSL_COMP_get_compression_methods();
+	fprintf(stderr, "Available compression methods:\n");
+	{
+	int i, n = sk_SSL_COMP_num(ssl_comp_methods);
+	if (n == 0)
+		fprintf(stderr, "  NONE\n");
+	else
+		for (i = 0; i < n; i++)
+			{
+			SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i);
+			fprintf(stderr, "  %d: %s\n", c->id, c->name);
+			}
+	}

 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	if (ssl2)
--- a/util/ssleay.num
+++ b/util/ssleay.num
@ -218,3 +218,4 @@ SSL_set_msg_callback                    267	EXIST::FUNCTION:
 SSL_set_tmp_ecdh_callback               268	EXIST::FUNCTION:ECDH
 SSL_CTX_set_tmp_ecdh_callback           269	EXIST::FUNCTION:ECDH
 SSL_SESSION_get_id                      270	EXIST::FUNCTION:
+SSL_COMP_get_compression_method         271	EXIST::FUNCTION:COMP