Remove more remnants of compression.

Change-Id: I721914594fc92a66d95c7ec2088f13b68e964103

ssl/d1_both.c

@@ -1080,7 +1080,6 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	/* save current state*/
 	frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
 	frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
-	frag->msg_header.saved_retransmit_state.compress = s->compress;
 	frag->msg_header.saved_retransmit_state.session = s->session;
 	frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
 	
@@ -1157,7 +1156,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 	/* save current state */
 	saved_state.enc_write_ctx = s->enc_write_ctx;
 	saved_state.write_hash = s->write_hash;
-	saved_state.compress = s->compress;
 	saved_state.session = s->session;
 	saved_state.epoch = s->d1->w_epoch;
 	saved_state.epoch = s->d1->w_epoch;
@@ -1167,7 +1165,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 	/* restore state in which the message was originally sent */
 	s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
 	s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
-	s->compress = frag->msg_header.saved_retransmit_state.compress;
 	s->session = frag->msg_header.saved_retransmit_state.session;
 	s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
 	
@@ -1183,7 +1180,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
 	/* restore current state */
 	s->enc_write_ctx = saved_state.enc_write_ctx;
 	s->write_hash = saved_state.write_hash;
-	s->compress = saved_state.compress;
 	s->session = saved_state.session;
 	s->d1->w_epoch = saved_state.epoch;
 	

ssl/d1_clnt.c

@@ -445,7 +445,6 @@ int dtls1_connect(SSL *s)
 			s->init_num=0;
 
 			s->session->cipher=s->s3->tmp.new_cipher;
-			s->session->compress_meth=0;
 			if (!s->method->ssl3_enc->setup_key_block(s))
 				{
 				ret= -1;

ssl/d1_pkt.c

@@ -487,23 +487,6 @@ printf("\n");
 		goto err;
 		}
 
-	/* r->length is now just compressed */
-	if (s->expand != NULL)
-		{
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
-			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-			goto f_err;
-			}
-		if (!ssl3_do_uncompress(s))
-			{
-			al=SSL_AD_DECOMPRESSION_FAILURE;
-			OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_BAD_DECOMPRESSION);
-			goto f_err;
-			}
-		}
-
 	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
@@ -1480,20 +1463,8 @@ static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
 	/* we now 'read' from wr->input, wr->length bytes into
 	 * wr->data */
 
-	/* first we compress */
-	if (s->compress != NULL)
-		{
-		if (!ssl3_do_compress(s))
-			{
-			OPENSSL_PUT_ERROR(SSL, do_dtls1_write, SSL_R_COMPRESSION_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		memcpy(wr->data,wr->input,wr->length);
-		wr->input=wr->data;
-		}
+	memcpy(wr->data,wr->input,wr->length);
+	wr->input=wr->data;
 
 	/* we should still have the output to wr->data and the input
 	 * from wr->input.  Length should be wr->length.

ssl/dtls1.h

@@ -121,7 +121,6 @@ struct dtls1_retransmit_state
 	{
 	EVP_CIPHER_CTX *enc_write_ctx;	/* cryptographic state */
 	EVP_MD_CTX *write_hash;			/* used for mac generation */
-	char *compress;
 	SSL_SESSION *session;
 	unsigned short epoch;
 	};

ssl/s3_cbc.c

@@ -166,12 +166,7 @@ int tls1_cbc_remove_padding(const SSL* s,
 
 	padding_length = rec->data[rec->length-1];
 
-	/* NB: if compression is in operation the first packet may not be of
-	 * even length so the padding bug check cannot be performed. This bug
-	 * workaround has been around since SSLeay so hopefully it is either
-	 * fixed now or no buggy implementation supports compression [steve]
-	 */
-	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
+	if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
 		{
 		/* First packet is even in size, so check */
 		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&

ssl/s3_clnt.c

@@ -478,7 +478,6 @@ int ssl3_connect(SSL *s)
 			s->init_num=0;
 
 			s->session->cipher=s->s3->tmp.new_cipher;
-			s->session->compress_meth=0;
 			if (!s->method->ssl3_enc->setup_key_block(s))
 				{
 				ret= -1;
@@ -1134,14 +1133,6 @@ int ssl3_get_server_hello(SSL *s)
 		OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
-	/* If compression is disabled we'd better not try to resume a session
-	 * using compression.
-	 */
-	if (s->session->compress_meth != 0)
-		{
-		OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_INCONSISTENT_COMPRESSION);
-		goto f_err;
-		}
 
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/

ssl/s3_enc.c

@@ -378,7 +378,6 @@ int ssl3_setup_key_block(SSL *s)
 
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
-	s->s3->tmp.new_compression=NULL;
 
 	num=EVP_MD_size(hash);
 

ssl/s3_lib.c

@@ -2709,8 +2709,6 @@ void ssl3_free(SSL *s)
 		ssl3_release_read_buffer(s);
 	if (s->s3->wbuf.buf != NULL)
 		ssl3_release_write_buffer(s);
-	if (s->s3->rrec.comp != NULL)
-		OPENSSL_free(s->s3->rrec.comp);
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
@@ -2761,11 +2759,6 @@ void ssl3_clear(SSL *s)
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 
-	if (s->s3->rrec.comp != NULL)
-		{
-		OPENSSL_free(s->s3->rrec.comp);
-		s->s3->rrec.comp=NULL;
-		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		{

ssl/s3_pkt.c

@@ -496,23 +496,6 @@ printf("\n");
 		goto f_err;
 		}
 
-	/* r->length is now just compressed */
-	if (s->expand != NULL)
-		{
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
-			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-			goto f_err;
-			}
-		if (!ssl3_do_uncompress(s))
-			{
-			al=SSL_AD_DECOMPRESSION_FAILURE;
-			OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_BAD_DECOMPRESSION);
-			goto f_err;
-			}
-		}
-
 	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
@@ -557,16 +540,6 @@ err:
 	return(ret);
 	}
 
-int ssl3_do_uncompress(SSL *ssl)
-	{
-	return(1);
-	}
-
-int ssl3_do_compress(SSL *ssl)
-	{
-	return(1);
-	}
-
 /* Call this to write data in records of type 'type'
  * It will return <= 0 if not all data has been sent or non-blocking IO.
  */
@@ -811,20 +784,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	/* we now 'read' from wr->input, wr->length bytes into
 	 * wr->data */
 
-	/* first we compress */
-	if (s->compress != NULL)
-		{
-		if (!ssl3_do_compress(s))
-			{
-			OPENSSL_PUT_ERROR(SSL, do_ssl3_write, SSL_R_COMPRESSION_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		memcpy(wr->data,wr->input,wr->length);
-		wr->input=wr->data;
-		}
+        memcpy(wr->data,wr->input,wr->length);
+        wr->input=wr->data;
 
 	/* we should still have the output to wr->data and the input
 	 * from wr->input.  Length should be wr->length.

ssl/s3_srvr.c

@@ -1309,25 +1309,11 @@ int ssl3_get_client_hello(SSL *s)
 		}
 #endif
 
-	/* Worst case, we will use the NULL compression, but if we have other
-	 * options, we will now look for them.  We have i-1 compression
-	 * algorithms from the client, starting at q. */
-	s->s3->tmp.new_compression=NULL;
-	/* If compression is disabled we'd better not try to resume a session
-	 * using compression.
-	 */
-	if (s->session->compress_meth != 0)
-		{
-		OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_INCONSISTENT_COMPRESSION);
-		goto f_err;
-		}
-
 	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
 
 	if (!s->hit)
 		{
-		s->session->compress_meth=0;
 		if (s->session->ciphers != NULL)
 			sk_SSL_CIPHER_free(s->session->ciphers);
 		s->session->ciphers=ciphers;

ssl/ssl.h

@@ -553,8 +553,6 @@ struct ssl_session_st
 	long timeout;
 	long time;
 
-	unsigned int compress_meth;	/* Need to lookup the method */
-
 	const SSL_CIPHER *cipher;
 	unsigned long cipher_id;	/* when ASN.1 loaded, this
 					 * needs to be used to load
@@ -1495,14 +1493,12 @@ struct ssl_st
 					   ignored. */
 	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
 	EVP_MD_CTX *read_hash;		/* used for mac generation */
-	char *expand;
 
 	SSL_AEAD_CTX *aead_write_ctx;	/* AEAD context. If non-NULL, then
 					   |enc_write_ctx| and |write_hash| are
 					   ignored. */
 	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
 	EVP_MD_CTX *write_hash;		/* used for mac generation */
-	char *compress;	
 
 	/* session info */
 

ssl/ssl3.h

@@ -368,7 +368,6 @@ typedef struct ssl3_record_st
 /*r */	unsigned int off;       /* read/write offset into 'buf' */
 /*rw*/	unsigned char *data;    /* pointer to the record data */
 /*rw*/	unsigned char *input;   /* where the decode bytes are */
-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
 	} SSL3_RECORD;
@@ -538,7 +537,6 @@ typedef struct ssl3_state_st
 		const EVP_MD *new_hash;
 		int new_mac_pkey_type;
 		int new_mac_secret_size;
-		char *new_compression;
 		int cert_request;
 		} tmp;
 

ssl/ssl_locl.h

@@ -1145,8 +1145,6 @@ long tls1_default_timeout(void);
 int dtls1_do_write(SSL *s,int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 	unsigned int len);
 unsigned char *dtls1_set_message_header(SSL *s,