From 8242354952ead170335b98b33254ca9a0e836926 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Mon, 6 Oct 2003 11:00:15 +0000
Subject: Make sure int SSL_COMP_add_compression_method() checks if a certain
 compression identity is already present among the registered compression
 methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
---
 ssl/ssl.h      |  3 +++
 ssl/ssl_ciph.c | 10 +++++++++-
 ssl/ssl_err.c  |  3 ++-
 ssl/ssltest.c  | 20 +++++++++++++++++---
 4 files changed, 31 insertions(+), 5 deletions(-)

(limited to 'ssl')

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 7cd7ece4cd..2d4035090f 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1485,8 +1485,10 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
 #endif
 
 #ifndef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
+void *SSL_COMP_get_compression_method(void);
 int SSL_COMP_add_compression_method(int id,char *cm);
 #endif
 
@@ -1701,6 +1703,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
 #define SSL_R_DIGEST_CHECK_FAILED			 149
+#define SSL_R_DUPLICATE_COMPRESSION_ID			 1121
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 1119
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index cfce88846f..44b50feff7 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1182,7 +1182,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 	comp->id=id;
 	comp->method=cm;
 	load_builtin_compressions();
-	if ((ssl_comp_methods == NULL)
+	if (ssl_comp_methods
+		&& !sk_SSL_COMP_find(ssl_comp_methods,comp))
+		{
+		OPENSSL_free(comp);
+		MemCheck_on();
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
+		return(1);
+		}
+	else if ((ssl_comp_methods == NULL)
 		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
 		{
 		OPENSSL_free(comp);
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index b9a50b8e63..359ea45b94 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /* ssl/ssl_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -271,6 +271,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_DUPLICATE_COMPRESSION_ID          ,"duplicate compression id"},
 {SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER      ,"ecgroup too large for cipher"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
 {SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 0c684604c7..6391cf207b 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -164,8 +164,8 @@
 
 /* There is really no standard for this, so let's assign some tentative
    numbers.  In any case, these numbers are only for this test */
-#define COMP_RLE	1
-#define COMP_ZLIB	2
+#define COMP_RLE	255
+#define COMP_ZLIB	1
 
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifndef OPENSSL_NO_RSA
@@ -373,7 +373,7 @@ int main(int argc, char *argv[])
 	SSL_METHOD *meth=NULL;
 	SSL *c_ssl,*s_ssl;
 	int number=1,reuse=0;
-	long bytes=1L;
+	long bytes=256L;
 #ifndef OPENSSL_NO_DH
 	DH *dh;
 	int dhe1024 = 0, dhe1024dsa = 0;
@@ -387,6 +387,7 @@ int main(int argc, char *argv[])
 	clock_t s_time = 0, c_time = 0;
 	int comp = 0;
 	COMP_METHOD *cm = NULL;
+	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
 
 	verbose = 0;
 	debug = 0;
@@ -612,6 +613,19 @@ bad:
 			ERR_print_errors_fp(stderr);
 			}
 		}
+	ssl_comp_methods = SSL_COMP_get_compression_methods();
+	fprintf(stderr, "Available compression methods:\n");
+	{
+	int i, n = sk_SSL_COMP_num(ssl_comp_methods);
+	if (n == 0)
+		fprintf(stderr, "  NONE\n");
+	else
+		for (i = 0; i < n; i++)
+			{
+			SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, i);
+			fprintf(stderr, "  %d: %s\n", c->id, c->name);
+			}
+	}
 
 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	if (ssl2)
-- 
cgit v1.2.3