diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 9420e920..69d77fbf 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1080,7 +1080,6 @@ dtls1_buffer_message(SSL *s, int is_ccs) /* save current state*/ frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; - frag->msg_header.saved_retransmit_state.compress = s->compress; frag->msg_header.saved_retransmit_state.session = s->session; frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; @@ -1157,7 +1156,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* save current state */ saved_state.enc_write_ctx = s->enc_write_ctx; saved_state.write_hash = s->write_hash; - saved_state.compress = s->compress; saved_state.session = s->session; saved_state.epoch = s->d1->w_epoch; saved_state.epoch = s->d1->w_epoch; @@ -1167,7 +1165,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* restore state in which the message was originally sent */ s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; - s->compress = frag->msg_header.saved_retransmit_state.compress; s->session = frag->msg_header.saved_retransmit_state.session; s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; @@ -1183,7 +1180,6 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, /* restore current state */ s->enc_write_ctx = saved_state.enc_write_ctx; s->write_hash = saved_state.write_hash; - s->compress = saved_state.compress; s->session = saved_state.session; s->d1->w_epoch = saved_state.epoch; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index b0adaa16..be862a5e 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -445,7 +445,6 @@ int dtls1_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; - s->session->compress_meth=0; if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 24870fb7..f987bd7a 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -487,23 +487,6 @@ printf("\n"); goto err; } - /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) - { - al=SSL_AD_RECORD_OVERFLOW; - OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { al=SSL_AD_RECORD_OVERFLOW; @@ -1480,20 +1463,8 @@ static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* we now 'read' from wr->input, wr->length bytes into * wr->data */ - /* first we compress */ - if (s->compress != NULL) - { - if (!ssl3_do_compress(s)) - { - OPENSSL_PUT_ERROR(SSL, do_dtls1_write, SSL_R_COMPRESSION_FAILURE); - goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; - } + memcpy(wr->data,wr->input,wr->length); + wr->input=wr->data; /* we should still have the output to wr->data and the input * from wr->input. Length should be wr->length. diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 6052f315..488e33d0 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -121,7 +121,6 @@ struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ - char *compress; SSL_SESSION *session; unsigned short epoch; }; diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 6e2902a2..e37c4e76 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -166,12 +166,7 @@ int tls1_cbc_remove_padding(const SSL* s, padding_length = rec->data[rec->length-1]; - /* NB: if compression is in operation the first packet may not be of - * even length so the padding bug check cannot be performed. This bug - * workaround has been around since SSLeay so hopefully it is either - * fixed now or no buggy implementation supports compression [steve] - */ - if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) + if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { /* First packet is even in size, so check */ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) && diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f463f2f1..8c2eeb92 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -478,7 +478,6 @@ int ssl3_connect(SSL *s) s->init_num=0; s->session->cipher=s->s3->tmp.new_cipher; - s->session->compress_meth=0; if (!s->method->ssl3_enc->setup_key_block(s)) { ret= -1; @@ -1134,14 +1133,6 @@ int ssl3_get_server_hello(SSL *s) OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); goto f_err; } - /* If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) - { - OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } #ifndef OPENSSL_NO_TLSEXT /* TLS extensions*/ diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index baac2aa9..6ab267ec 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -378,7 +378,6 @@ int ssl3_setup_key_block(SSL *s) s->s3->tmp.new_sym_enc=c; s->s3->tmp.new_hash=hash; - s->s3->tmp.new_compression=NULL; num=EVP_MD_size(hash); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 16d5225d..118d542f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2709,8 +2709,6 @@ void ssl3_free(SSL *s) ssl3_release_read_buffer(s); if (s->s3->wbuf.buf != NULL) ssl3_release_write_buffer(s); - if (s->s3->rrec.comp != NULL) - OPENSSL_free(s->s3->rrec.comp); #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); @@ -2761,11 +2759,6 @@ void ssl3_clear(SSL *s) if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - if (s->s3->rrec.comp != NULL) - { - OPENSSL_free(s->s3->rrec.comp); - s->s3->rrec.comp=NULL; - } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) { diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a308eadd..e144217f 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -496,23 +496,6 @@ printf("\n"); goto f_err; } - /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!ssl3_do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) { al=SSL_AD_RECORD_OVERFLOW; @@ -557,16 +540,6 @@ err: return(ret); } -int ssl3_do_uncompress(SSL *ssl) - { - return(1); - } - -int ssl3_do_compress(SSL *ssl) - { - return(1); - } - /* Call this to write data in records of type 'type' * It will return <= 0 if not all data has been sent or non-blocking IO. */ @@ -811,20 +784,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* we now 'read' from wr->input, wr->length bytes into * wr->data */ - /* first we compress */ - if (s->compress != NULL) - { - if (!ssl3_do_compress(s)) - { - OPENSSL_PUT_ERROR(SSL, do_ssl3_write, SSL_R_COMPRESSION_FAILURE); - goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; - } + memcpy(wr->data,wr->input,wr->length); + wr->input=wr->data; /* we should still have the output to wr->data and the input * from wr->input. Length should be wr->length. diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 81aff9df..27ac813c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1309,25 +1309,11 @@ int ssl3_get_client_hello(SSL *s) } #endif - /* Worst case, we will use the NULL compression, but if we have other - * options, we will now look for them. We have i-1 compression - * algorithms from the client, starting at q. */ - s->s3->tmp.new_compression=NULL; - /* If compression is disabled we'd better not try to resume a session - * using compression. - */ - if (s->session->compress_meth != 0) - { - OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_INCONSISTENT_COMPRESSION); - goto f_err; - } - /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ if (!s->hit) { - s->session->compress_meth=0; if (s->session->ciphers != NULL) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers=ciphers; diff --git a/ssl/ssl.h b/ssl/ssl.h index aee417fb..33c0d6a0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -553,8 +553,6 @@ struct ssl_session_st long timeout; long time; - unsigned int compress_meth; /* Need to lookup the method */ - const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this * needs to be used to load @@ -1495,14 +1493,12 @@ struct ssl_st ignored. */ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ EVP_MD_CTX *read_hash; /* used for mac generation */ - char *expand; SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then |enc_write_ctx| and |write_hash| are ignored. */ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ - char *compress; /* session info */ diff --git a/ssl/ssl3.h b/ssl/ssl3.h index af1ecf2b..792f4dd3 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -368,7 +368,6 @@ typedef struct ssl3_record_st /*r */ unsigned int off; /* read/write offset into 'buf' */ /*rw*/ unsigned char *data; /* pointer to the record data */ /*rw*/ unsigned char *input; /* where the decode bytes are */ -/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ /*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ } SSL3_RECORD; @@ -538,7 +537,6 @@ typedef struct ssl3_state_st const EVP_MD *new_hash; int new_mac_pkey_type; int new_mac_secret_size; - char *new_compression; int cert_request; } tmp; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 73900259..fc8c88e4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1145,8 +1145,6 @@ long tls1_default_timeout(void); int dtls1_do_write(SSL *s,int type); int ssl3_read_n(SSL *s, int n, int max, int extend); int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); -int ssl3_do_compress(SSL *ssl); -int ssl3_do_uncompress(SSL *ssl); int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len); unsigned char *dtls1_set_message_header(SSL *s,