[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue May 12 14:25:06 UTC 2015


The branch master has been updated
       via  9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 (commit)
      from  253617806da0aeb0cea1fedf6136460fb4993eae (commit)


- Log -----------------------------------------------------------------
commit 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2
Author: Rich Salz <rsalz at akamai.com>
Date:   Fri May 8 12:05:36 2015 -0400

    Make COMP_CTX and COMP_METHOD opaque
    
    Since COMP_METHOD is now defined in comp_lcl.h, it is no
    longer possible to create new TLS compression methods without
    using the OpenSSL source.  Only ZLIB is supported by default.
    Also, since the types are opaque, #ifdef guards to use "char *"
    instead of the real type aren't necessary.
    
    The changes are actually minor.  Adding missing copyright to some
    files makes the diff misleadingly big.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/comp/Makefile                      |  4 +-
 crypto/comp/c_zlib.c                      | 57 +++++++++++++++++++-
 apps/timeouts.h => crypto/comp/comp_lcl.h | 33 +++++++-----
 crypto/comp/comp_lib.c                    | 81 ++++++++++++++++++++++++++--
 include/openssl/comp.h                    | 88 +++++++++++++++++++++----------
 include/openssl/ossl_typ.h                |  5 +-
 include/openssl/ssl.h                     | 15 +-----
 ssl/ssl_ciph.c                            | 46 ++++++++--------
 ssl/ssl_lib.c                             | 29 ++++------
 ssl/ssl_locl.h                            | 19 +------
 ssl/ssl_txt.c                             |  5 +-
 test/ssltest.c                            |  5 +-
 util/libeay.num                           |  4 ++
 util/ssleay.num                           | 20 +++----
 14 files changed, 273 insertions(+), 138 deletions(-)
 copy apps/timeouts.h => crypto/comp/comp_lcl.h (76%)

diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile
index 1a180f4..7884f99 100644
--- a/crypto/comp/Makefile
+++ b/crypto/comp/Makefile
@@ -68,7 +68,7 @@ c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
+c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_lcl.h
 comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
 comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -82,4 +82,4 @@ comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
 comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
+comp_lib.o: ../../include/openssl/symhacks.h comp_lcl.h comp_lib.c
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 2d5b54f..83773a1 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -1,9 +1,64 @@
+/* ====================================================================
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
 #include <openssl/err.h>
+#include "comp_lcl.h"
 
 COMP_METHOD *COMP_zlib(void);
 
@@ -14,8 +69,6 @@ static COMP_METHOD zlib_method_nozlib = {
     NULL,
     NULL,
     NULL,
-    NULL,
-    NULL,
 };
 
 #ifndef ZLIB
diff --git a/apps/timeouts.h b/crypto/comp/comp_lcl.h
similarity index 76%
copy from apps/timeouts.h
copy to crypto/comp/comp_lcl.h
index f423010..f1ec8d5 100644
--- a/apps/timeouts.h
+++ b/crypto/comp/comp_lcl.h
@@ -1,10 +1,5 @@
-/* apps/timeouts.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -54,14 +49,26 @@
  * This product includes cryptographic software written by Eric Young
  * (eay at cryptsoft.com).  This product includes software written by Tim
  * Hudson (tjh at cryptsoft.com).
- *
  */
 
-#ifndef INCLUDED_TIMEOUTS_H
-# define INCLUDED_TIMEOUTS_H
 
-/* numbers in us */
-# define DGRAM_RCV_TIMEOUT         250000
-# define DGRAM_SND_TIMEOUT         250000
+struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+};
 
-#endif                          /* ! INCLUDED_TIMEOUTS_H */
+struct comp_ctx_st {
+    struct comp_method_st *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+};
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index 42d9936..aa82376 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -1,17 +1,70 @@
+/* ====================================================================
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
+#include "comp_lcl.h"
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 {
     COMP_CTX *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
-        /* ZZZZZZZZZZZZZZZZ */
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
         return (NULL);
-    }
     memset(ret, 0, sizeof(*ret));
     ret->meth = meth;
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
@@ -21,6 +74,21 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
     return (ret);
 }
 
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
+{
+    return ctx->meth;
+}
+
+int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+
+const char *COMP_get_name(const COMP_METHOD *meth)
+{
+    return meth->name;
+}
+
 void COMP_CTX_free(COMP_CTX *ctx)
 {
     if (ctx == NULL)
@@ -37,7 +105,6 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
 {
     int ret;
     if (ctx->meth->compress == NULL) {
-        /* ZZZZZZZZZZZZZZZZZ */
         return (-1);
     }
     ret = ctx->meth->compress(ctx, out, olen, in, ilen);
@@ -54,7 +121,6 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
     int ret;
 
     if (ctx->meth->expand == NULL) {
-        /* ZZZZZZZZZZZZZZZZZ */
         return (-1);
     }
     ret = ctx->meth->expand(ctx, out, olen, in, ilen);
@@ -64,3 +130,8 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
     }
     return (ret);
 }
+
+int COMP_CTX_get_type(const COMP_CTX* comp)
+{
+    return comp->meth ? comp->meth->type : NID_undef;
+}
diff --git a/include/openssl/comp.h b/include/openssl/comp.h
index 6799b0f..c7d903f 100644
--- a/include/openssl/comp.h
+++ b/include/openssl/comp.h
@@ -1,3 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
 
 #ifndef HEADER_COMP_H
 # define HEADER_COMP_H
@@ -8,41 +62,19 @@
 extern "C" {
 #endif
 
-typedef struct comp_ctx_st COMP_CTX;
-
-typedef struct comp_method_st {
-    int type;                   /* NID for compression library */
-    const char *name;           /* A text string to identify the library */
-    int (*init) (COMP_CTX *ctx);
-    void (*finish) (COMP_CTX *ctx);
-    int (*compress) (COMP_CTX *ctx,
-                     unsigned char *out, unsigned int olen,
-                     unsigned char *in, unsigned int ilen);
-    int (*expand) (COMP_CTX *ctx,
-                   unsigned char *out, unsigned int olen,
-                   unsigned char *in, unsigned int ilen);
-    /*
-     * The following two do NOTHING, but are kept for backward compatibility
-     */
-    long (*ctrl) (void);
-    long (*callback_ctrl) (void);
-} COMP_METHOD;
-
-struct comp_ctx_st {
-    COMP_METHOD *meth;
-    unsigned long compress_in;
-    unsigned long compress_out;
-    unsigned long expand_in;
-    unsigned long expand_out;
-    CRYPTO_EX_DATA ex_data;
-};
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
 void COMP_CTX_free(COMP_CTX *ctx);
+
 int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
                         unsigned char *in, int ilen);
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
                       unsigned char *in, int ilen);
+
 COMP_METHOD *COMP_zlib(void);
 void COMP_zlib_cleanup(void);
 
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index b32ce66..e4e3270 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2015 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -176,6 +176,9 @@ typedef struct engine_st ENGINE;
 typedef struct ssl_st SSL;
 typedef struct ssl_ctx_st SSL_CTX;
 
+typedef struct comp_ctx_st COMP_CTX;
+typedef struct comp_method_st COMP_METHOD;
+
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
 typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 43c6801..e8c2e6c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -145,9 +145,7 @@
 
 # include <openssl/e_os2.h>
 
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
+# include <openssl/comp.h>
 # include <openssl/bio.h>
 # ifdef OPENSSL_USE_DEPRECATED
 #  include <openssl/x509.h>
@@ -703,9 +701,6 @@ __owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
 typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
                                unsigned int *id_len);
 
-typedef struct ssl_comp_st SSL_COMP;
-
-
 # define SSL_SESS_CACHE_OFF                      0x0000
 # define SSL_SESS_CACHE_CLIENT                   0x0001
 # define SSL_SESS_CACHE_SERVER                   0x0002
@@ -1774,7 +1769,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
                                                 int keylength));
 # endif
 
-# ifndef OPENSSL_NO_COMP
 __owur const COMP_METHOD *SSL_get_current_compression(SSL *s);
 __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
@@ -1783,13 +1777,6 @@ __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
                                                       *meths);
 void SSL_COMP_free_compression_methods(void);
 __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-# else
-__owur const void *SSL_get_current_compression(SSL *s);
-__owur const void *SSL_get_current_expansion(SSL *s);
-__owur const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-__owur int SSL_COMP_add_compression_method(int id, void *cm);
-# endif
 
 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
 int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ed274e0..ddedf5c 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -495,22 +495,20 @@ static void load_builtin_compressions(void)
 
         if (ssl_comp_methods == NULL) {
             SSL_COMP *comp = NULL;
+            COMP_METHOD *method = COMP_zlib();
 
             MemCheck_off();
             ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-            if (ssl_comp_methods != NULL) {
+            if (COMP_get_type(method) != NID_undef
+                && ssl_comp_methods != NULL) {
                 comp = OPENSSL_malloc(sizeof(*comp));
                 if (comp != NULL) {
-                    comp->method = COMP_zlib();
-                    if (comp->method && comp->method->type == NID_undef)
-                        OPENSSL_free(comp);
-                    else {
-                        comp->id = SSL_COMP_ZLIB_IDX;
-                        comp->name = comp->method->name;
-                        sk_SSL_COMP_push(ssl_comp_methods, comp);
-                    }
+                    comp->method = method;
+                    comp->id = SSL_COMP_ZLIB_IDX;
+                    comp->name = COMP_get_name(method);
+                    sk_SSL_COMP_push(ssl_comp_methods, comp);
+                    sk_SSL_COMP_sort(ssl_comp_methods);
                 }
-                sk_SSL_COMP_sort(ssl_comp_methods);
             }
             MemCheck_on();
         }
@@ -1870,20 +1868,23 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
 }
 
 #ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
 {
     return NULL;
 }
-
-int SSL_COMP_add_compression_method(int id, void *cm)
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
 {
-    return 1;
+    return meths;
 }
-
-const char *SSL_COMP_get_name(const void *comp)
+void SSL_COMP_free_compression_methods(void)
 {
-    return NULL;
 }
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    return 1;
+}
+
 #else
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
 {
@@ -1915,7 +1916,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 {
     SSL_COMP *comp;
 
-    if (cm == NULL || cm->type == NID_undef)
+    if (cm == NULL || COMP_get_type(cm) == NID_undef)
         return 1;
 
     /*-
@@ -1960,14 +1961,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         return (0);
     }
 }
+#endif
 
 const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 {
-    if (comp)
-        return comp->name;
+#ifndef OPENSSL_NO_COMP
+    return comp ? COMP_get_name(comp) : NULL;
+#else
     return NULL;
-}
 #endif
+}
+
 /* For a cipher return the index corresponding to the certificate type */
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8f74ef1..441c6fa 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2882,32 +2882,23 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
     return (NULL);
 }
 
-#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
-{
-    return NULL;
-}
-
-const void *SSL_get_current_expansion(SSL *s)
-{
-    return NULL;
-}
-#else
-
 const COMP_METHOD *SSL_get_current_compression(SSL *s)
 {
-    if (s->compress != NULL)
-        return (s->compress->meth);
-    return (NULL);
+#ifndef OPENSSL_NO_COMP
+    return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+    return NULL;
+#endif
 }
 
 const COMP_METHOD *SSL_get_current_expansion(SSL *s)
 {
-    if (s->expand != NULL)
-        return (s->expand->meth);
-    return (NULL);
-}
+#ifndef OPENSSL_NO_COMP
+    return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+    return NULL;
 #endif
+}
 
 int ssl_init_wbio_buffer(SSL *s, int push)
 {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 9ae1a07..64feb84 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -705,15 +705,12 @@ typedef struct srp_ctx_st {
 
 # endif
 
+typedef struct ssl_comp_st SSL_COMP;
 
 struct ssl_comp_st {
     int id;
     const char *name;
-#  ifndef OPENSSL_NO_COMP
     COMP_METHOD *method;
-#  else
-    char *method;
-#  endif
 };
 
 DECLARE_STACK_OF(SSL_COMP)
@@ -1045,18 +1042,10 @@ struct ssl_st {
     int mac_flags;
     EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
     EVP_MD_CTX *read_hash;      /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
+    COMP_CTX *compress;         /* compression */
     COMP_CTX *expand;           /* uncompress */
-#  else
-    char *expand;
-#  endif
     EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
     EVP_MD_CTX *write_hash;     /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *compress;         /* compression */
-#  else
-    char *compress;
-#  endif
     /* session info */
     /* client cert? */
     /* This is used to hold the server certificate used */
@@ -1357,11 +1346,7 @@ typedef struct ssl3_state_st {
 struct dtls1_retransmit_state {
     EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
     EVP_MD_CTX *write_hash;     /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
     COMP_CTX *compress;         /* compression */
-#  else
-    char *compress;
-#  endif
     SSL_SESSION *session;
     unsigned short epoch;
 };
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 9277d2c..918e75e 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -221,9 +221,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                 0)
                 goto err;
         } else {
-            if (BIO_printf
-                (bp, "\n    Compression: %d (%s)", comp->id,
-                 comp->method->name) <= 0)
+            if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
+                 comp->name) <= 0)
                 goto err;
         }
     }
diff --git a/test/ssltest.c b/test/ssltest.c
index 39f1d80..e531b32 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -995,7 +995,7 @@ int main(int argc, char *argv[])
     int print_time = 0;
     clock_t s_time = 0, c_time = 0;
 #ifndef OPENSSL_NO_COMP
-    int comp = 0;
+    int n, comp = 0;
     COMP_METHOD *cm = NULL;
     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 #endif
@@ -1004,7 +1004,6 @@ int main(int argc, char *argv[])
     int fips_mode = 0;
 #endif
     int no_protocol = 0;
-    int n;
 
     SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
     STACK_OF(OPENSSL_STRING) *conf_args = NULL;
@@ -1373,7 +1372,7 @@ int main(int argc, char *argv[])
     if (comp == COMP_ZLIB)
         cm = COMP_zlib();
     if (cm != NULL) {
-        if (cm->type != NID_undef) {
+        if (COMP_get_type(cm) != NID_undef) {
             if (SSL_COMP_add_compression_method(comp, cm) != 0) {
                 fprintf(stderr, "Failed to add compression method\n");
                 ERR_print_errors_fp(stderr);
diff --git a/util/libeay.num b/util/libeay.num
index d1b0303..b3dcd5d 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4557,3 +4557,7 @@ ASN1_TYPE_pack_sequence                 4915	EXIST::FUNCTION:
 ASN1_TYPE_unpack_sequence               4916	EXIST::FUNCTION:
 CRYPTO_clean_free                       4917	NOEXIST::FUNCTION:
 CRYPTO_clear_free                       4918	EXIST::FUNCTION:
+COMP_CTX_get_method                     4919	EXIST::FUNCTION:
+COMP_CTX_get_type                       4920	EXIST::FUNCTION:
+COMP_get_name                           4921	EXIST::FUNCTION:
+COMP_get_type                           4922	EXIST::FUNCTION:
diff --git a/util/ssleay.num b/util/ssleay.num
index ee82ef2..ab89e91 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -164,7 +164,7 @@ SSL_CTX_get_cert_store                  180	EXIST::FUNCTION:
 SSL_CTX_set_cert_store                  181	EXIST::FUNCTION:
 SSL_want                                182	EXIST::FUNCTION:
 SSL_library_init                        183	EXIST::FUNCTION:
-SSL_COMP_add_compression_method         184	EXIST::FUNCTION:COMP
+SSL_COMP_add_compression_method         184	EXIST::FUNCTION:
 SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:STDIO
 SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
 SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
@@ -219,13 +219,13 @@ SSL_set_msg_callback                    267	EXIST::FUNCTION:
 DTLSv1_client_method                    268	EXIST::FUNCTION:
 SSL_CTX_set_tmp_ecdh_callback           269	EXIST::FUNCTION:EC
 SSL_set_tmp_ecdh_callback               270	EXIST::FUNCTION:EC
-SSL_COMP_get_name                       271	EXIST::FUNCTION:COMP
-SSL_get_current_compression             272	EXIST::FUNCTION:COMP
+SSL_COMP_get_name                       271	EXIST::FUNCTION:
+SSL_get_current_compression             272	EXIST::FUNCTION:
 DTLSv1_method                           273	EXIST::FUNCTION:
-SSL_get_current_expansion               274	EXIST::FUNCTION:COMP
+SSL_get_current_expansion               274	EXIST::FUNCTION:
 DTLSv1_server_method                    275	EXIST::FUNCTION:
-SSL_COMP_get_compression_methods        276	EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_get_compress_methods           276	EXIST:VMS:FUNCTION:COMP
+SSL_COMP_get_compression_methods        276	EXIST:!VMS:FUNCTION:
+SSL_COMP_get_compress_methods           276	EXIST:VMS:FUNCTION:
 SSL_SESSION_get_id                      277	EXIST::FUNCTION:
 SSL_CTX_sess_set_new_cb                 278	EXIST::FUNCTION:
 SSL_CTX_sess_get_get_cb                 279	EXIST::FUNCTION:
@@ -333,8 +333,8 @@ SSL_CTX_set_srv_supp_data               371	NOEXIST::FUNCTION:
 SSL_CONF_cmd_argv                       372	EXIST::FUNCTION:
 DTLSv1_2_server_method                  373	EXIST::FUNCTION:
 SSL_COMP_set0_compress_methods          374	NOEXIST::FUNCTION:
-SSL_COMP_set0_compression_methods       374	EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_set0_compr_methods             374	EXIST:VMS:FUNCTION:COMP
+SSL_COMP_set0_compression_methods       374	EXIST:!VMS:FUNCTION:
+SSL_COMP_set0_compr_methods             374	EXIST:VMS:FUNCTION:
 SSL_CTX_set_cert_cb                     375	EXIST::FUNCTION:
 SSL_CTX_add_client_custom_ext           376	EXIST::FUNCTION:TLSEXT
 SSL_is_server                           377	EXIST::FUNCTION:
@@ -367,8 +367,8 @@ DTLSv1_2_method                         404	EXIST::FUNCTION:
 DTLS_server_method                      405	EXIST::FUNCTION:
 SSL_CTX_use_serverinfo_file             406	EXIST::FUNCTION:STDIO,TLSEXT
 SSL_COMP_free_compress_methods          407	NOEXIST::FUNCTION:
-SSL_COMP_free_compression_methods       407	EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_free_compr_methods             407	EXIST:VMS:FUNCTION:COMP
+SSL_COMP_free_compression_methods       407	EXIST:!VMS:FUNCTION:
+SSL_COMP_free_compr_methods             407	EXIST:VMS:FUNCTION:
 SSL_extension_supported                 409	EXIST::FUNCTION:TLSEXT
 SSL_CTX_get_security_callback           410	EXIST::FUNCTION:
 SSL_SESSION_print_keylog                411	EXIST::FUNCTION:


More information about the openssl-commits mailing list