New option SSL_OP_NO_COMP to disable compression. New ctrls to set (566dda07) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,12 @@

		Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]

		*) New option SSL_OP_NO_COMP to disable use of compression selectively
		in SSL structures. New SSL ctrl to set maximum send fragment size.
		Save memory by seeting the I/O buffer sizes dynamically instead of
		using the maximum available value.
		[Steve Henson]

		*) New option -V for 'openssl ciphers'. This prints the ciphersuite code
		in addition to the text details.
		[Bodo Moeller]

+2 −0

Original line number	Diff line number	Diff line
		@@ -450,6 +450,8 @@ int MAIN(int argc, char **argv)
		off\|=SSL_OP_NO_SSLv3;
		else if (strcmp(*argv,"-no_ssl2") == 0)
		off\|=SSL_OP_NO_SSLv2;
		else if (strcmp(*argv,"-no_comp") == 0)
		{ off\|=SSL_OP_NO_COMPRESSION; }
		else if (strcmp(*argv,"-serverpref") == 0)
		off\|=SSL_OP_CIPHER_SERVER_PREFERENCE;
		else if (strcmp(*argv,"-cipher") == 0)

+2 −0

+2 −1

Original line number	Diff line number	Diff line
		@@ -349,7 +349,8 @@ static int ssl23_client_hello(SSL *s)
		p+=i;

		/* COMPRESSION */
		if (s->ctx->comp_methods == NULL)
		if ((s->options & SSL_OP_NO_COMPRESSION)
		\|\| !s->ctx->comp_methods)
		j=0;
		else
		j=sk_SSL_COMP_num(s->ctx->comp_methods);

+21 −7

Original line number	Diff line number	Diff line
		@@ -589,16 +589,22 @@ int ssl_verify_alarm_type(long type)
		int ssl3_setup_buffers(SSL *s)
		{
		unsigned char *p;
		unsigned int extra;
		size_t len;

		if (s->s3->rbuf.buf == NULL)
		{
		len = SSL3_RT_MAX_PLAIN_LENGTH
		+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD
		+ SSL3_RT_HEADER_LENGTH;
		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
		extra=SSL3_RT_MAX_EXTRA;
		else
		extra=0;
		len = SSL3_RT_MAX_PACKET_SIZE + extra;
		{
		s->s3->init_extra = 1;
		len += SSL3_RT_MAX_EXTRA;
		}
		#ifndef OPENSSL_NO_COMP
		if (!(s->options & SSL_OP_NO_COMPRESSION))
		len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
		#endif
		if ((p=OPENSSL_malloc(len)) == NULL)
		goto err;
		s->s3->rbuf.buf = p;
		@@ -607,8 +613,16 @@ int ssl3_setup_buffers(SSL *s)

		if (s->s3->wbuf.buf == NULL)
		{
		len = SSL3_RT_MAX_PACKET_SIZE;
		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
		len = s->max_send_fragment
		+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
		+ SSL3_RT_HEADER_LENGTH;
		#ifndef OPENSSL_NO_COMP
		if (!(s->options & SSL_OP_NO_COMPRESSION))
		len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
		#endif
		if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
		len += SSL3_RT_HEADER_LENGTH
		+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
		if ((p=OPENSSL_malloc(len)) == NULL)
		goto err;
		s->s3->wbuf.buf = p;