Commit 82423549 authored by Richard Levitte's avatar Richard Levitte
Browse files

Make sure int SSL_COMP_add_compression_method() checks if a certain 

compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
parent c40b9bde

crypto/comp/Makefile.ssl

+6 −6
Original line number Diff line number Diff line
@@ -91,12 +91,12 @@ c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 
c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c

c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h

c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h

c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

c_zlib.o: c_zlib.c

c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h

c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h

c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c

comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h

comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

crypto/des/Makefile.ssl

+7 −6
Original line number Diff line number Diff line
@@ -160,12 +160,13 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h 
cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

cfb64enc.o: cfb64enc.c des_locl.h

cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h

cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h

cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h

cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h

cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h

cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h

cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

cfb_enc.o: cfb_enc.c des_locl.h

des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h

des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h

des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

ssl/ssl.h

+3 −0
Original line number Diff line number Diff line
@@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, 
#endif



#ifndef OPENSSL_NO_COMP

STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void);

int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);

#else

void *SSL_COMP_get_compression_method(void);

int SSL_COMP_add_compression_method(int id,char *cm);

#endif
@@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void); 
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109

#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148

#define SSL_R_DIGEST_CHECK_FAILED			 149

#define SSL_R_DUPLICATE_COMPRESSION_ID			 1121

#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 1119

#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092

ssl/ssl_ciph.c

+9 −1
Original line number Diff line number Diff line
@@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) 
	comp->id=id;

	comp->method=cm;

	load_builtin_compressions();

	if ((ssl_comp_methods == NULL)

	if (ssl_comp_methods

		&& !sk_SSL_COMP_find(ssl_comp_methods,comp))

		{

		OPENSSL_free(comp);

		MemCheck_on();

		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);

		return(1);

		}

	else if ((ssl_comp_methods == NULL)

		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))

		{

		OPENSSL_free(comp);

ssl/ssl_err.c

+2 −1
Original line number Diff line number Diff line 
/* ssl/ssl_err.c */

/* ====================================================================

 * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions
@@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= 
{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},

{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},

{SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},

{SSL_R_DUPLICATE_COMPRESSION_ID          ,"duplicate compression id"},

{SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER      ,"ecgroup too large for cipher"},

{SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},

{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},