Merge "Run AEAD test cases at the end of a file."
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 9420e92..69d77fb 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1080,7 +1080,6 @@
/* save current state*/
frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
- frag->msg_header.saved_retransmit_state.compress = s->compress;
frag->msg_header.saved_retransmit_state.session = s->session;
frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
@@ -1157,7 +1156,6 @@
/* save current state */
saved_state.enc_write_ctx = s->enc_write_ctx;
saved_state.write_hash = s->write_hash;
- saved_state.compress = s->compress;
saved_state.session = s->session;
saved_state.epoch = s->d1->w_epoch;
saved_state.epoch = s->d1->w_epoch;
@@ -1167,7 +1165,6 @@
/* restore state in which the message was originally sent */
s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
- s->compress = frag->msg_header.saved_retransmit_state.compress;
s->session = frag->msg_header.saved_retransmit_state.session;
s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
@@ -1183,7 +1180,6 @@
/* restore current state */
s->enc_write_ctx = saved_state.enc_write_ctx;
s->write_hash = saved_state.write_hash;
- s->compress = saved_state.compress;
s->session = saved_state.session;
s->d1->w_epoch = saved_state.epoch;
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index b0adaa1..be862a5 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -445,7 +445,6 @@
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
- s->session->compress_meth=0;
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 24870fb..f987bd7 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -487,23 +487,6 @@
goto err;
}
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
{
al=SSL_AD_RECORD_OVERFLOW;
@@ -1480,20 +1463,8 @@
/* we now 'read' from wr->input, wr->length bytes into
* wr->data */
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- OPENSSL_PUT_ERROR(SSL, do_dtls1_write, SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
+ memcpy(wr->data,wr->input,wr->length);
+ wr->input=wr->data;
/* we should still have the output to wr->data and the input
* from wr->input. Length should be wr->length.
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 6052f31..488e33d 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -121,7 +121,6 @@
{
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
- char *compress;
SSL_SESSION *session;
unsigned short epoch;
};
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 6e2902a..e37c4e7 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -166,12 +166,7 @@
padding_length = rec->data[rec->length-1];
- /* NB: if compression is in operation the first packet may not be of
- * even length so the padding bug check cannot be performed. This bug
- * workaround has been around since SSLeay so hopefully it is either
- * fixed now or no buggy implementation supports compression [steve]
- */
- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
+ if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
{
/* First packet is even in size, so check */
if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f463f2f..8c2eeb9 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -478,7 +478,6 @@
s->init_num=0;
s->session->cipher=s->s3->tmp.new_cipher;
- s->session->compress_meth=0;
if (!s->method->ssl3_enc->setup_key_block(s))
{
ret= -1;
@@ -1134,14 +1133,6 @@
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
goto f_err;
}
- /* If compression is disabled we'd better not try to resume a session
- * using compression.
- */
- if (s->session->compress_meth != 0)
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions*/
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index baac2aa..6ab267e 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -378,7 +378,6 @@
s->s3->tmp.new_sym_enc=c;
s->s3->tmp.new_hash=hash;
- s->s3->tmp.new_compression=NULL;
num=EVP_MD_size(hash);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 16d5225..118d542 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2709,8 +2709,6 @@
ssl3_release_read_buffer(s);
if (s->s3->wbuf.buf != NULL)
ssl3_release_write_buffer(s);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
DH_free(s->s3->tmp.dh);
@@ -2761,11 +2759,6 @@
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- if (s->s3->rrec.comp != NULL)
- {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp=NULL;
- }
#ifndef OPENSSL_NO_DH
if (s->s3->tmp.dh != NULL)
{
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a308ead..e144217 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -496,23 +496,6 @@
goto f_err;
}
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
@@ -557,16 +540,6 @@
return(ret);
}
-int ssl3_do_uncompress(SSL *ssl)
- {
- return(1);
- }
-
-int ssl3_do_compress(SSL *ssl)
- {
- return(1);
- }
-
/* Call this to write data in records of type 'type'
* It will return <= 0 if not all data has been sent or non-blocking IO.
*/
@@ -811,20 +784,8 @@
/* we now 'read' from wr->input, wr->length bytes into
* wr->data */
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- OPENSSL_PUT_ERROR(SSL, do_ssl3_write, SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
+ memcpy(wr->data,wr->input,wr->length);
+ wr->input=wr->data;
/* we should still have the output to wr->data and the input
* from wr->input. Length should be wr->length.
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 81aff9d..27ac813 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1309,25 +1309,11 @@
}
#endif
- /* Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q. */
- s->s3->tmp.new_compression=NULL;
- /* If compression is disabled we'd better not try to resume a session
- * using compression.
- */
- if (s->session->compress_meth != 0)
- {
- OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_INCONSISTENT_COMPRESSION);
- goto f_err;
- }
-
/* Given s->session->ciphers and SSL_get_ciphers, we must
* pick a cipher */
if (!s->hit)
{
- s->session->compress_meth=0;
if (s->session->ciphers != NULL)
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers=ciphers;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index aee417f..33c0d6a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -553,8 +553,6 @@
long timeout;
long time;
- unsigned int compress_meth; /* Need to lookup the method */
-
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
@@ -1495,14 +1493,12 @@
ignored. */
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD_CTX *read_hash; /* used for mac generation */
- char *expand;
SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
|enc_write_ctx| and |write_hash| are
ignored. */
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
- char *compress;
/* session info */
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index af1ecf2..792f4dd 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -368,7 +368,6 @@
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
@@ -538,7 +537,6 @@
const EVP_MD *new_hash;
int new_mac_pkey_type;
int new_mac_secret_size;
- char *new_compression;
int cert_request;
} tmp;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7390025..fc8c88e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1145,8 +1145,6 @@
int dtls1_do_write(SSL *s,int type);
int ssl3_read_n(SSL *s, int n, int max, int extend);
int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
unsigned int len);
unsigned char *dtls1_set_message_header(SSL *s,
