From da9342ed5edabfbbd658e35f6bad1831682cc7e7 Mon Sep 17 00:00:00 2001 From: sashan Date: Thu, 16 May 2024 06:33:55 +0200 Subject: [PATCH] Move stack of compression methods from libssl to OSSL_LIB_CTX The compression methods are now a global variable in libssl. This change moves it into OSSL library context. It is necessary to eliminate atexit call from libssl. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24414) --- build.info | 2 + crypto/build.info | 8 +- crypto/comp_methods.c | 59 ++++++++++++ crypto/context.c | 22 +++++ doc/man3/OSSL_LIB_CTX.pod | 19 +++- include/internal/comp.h | 10 ++ include/internal/cryptlib.h | 7 +- include/openssl/{comp.h => comp.h.in} | 28 ++++-- include/openssl/crypto.h.in | 3 + include/openssl/ssl.h.in | 5 +- ssl/record/rec_layer_s3.c | 1 + ssl/ssl_ciph.c | 126 +++++++++----------------- ssl/ssl_init.c | 23 ----- ssl/ssl_local.h | 6 +- ssl/ssl_txt.c | 2 + ssl/statem/statem_clnt.c | 1 + ssl/statem/statem_srvr.c | 1 + test/ssl_old_test.c | 2 +- util/libcrypto.num | 1 + 19 files changed, 196 insertions(+), 130 deletions(-) create mode 100644 crypto/comp_methods.c rename include/openssl/{comp.h => comp.h.in} (80%) diff --git a/build.info b/build.info index 51d9184045b..c8bcb74bda2 100644 --- a/build.info +++ b/build.info @@ -26,6 +26,7 @@ DEPEND[]=include/openssl/asn1.h \ include/openssl/cmp.h \ include/openssl/cms.h \ include/openssl/conf.h \ + include/openssl/comp.h \ include/openssl/core_names.h \ include/openssl/crmf.h \ include/openssl/crypto.h \ @@ -55,6 +56,7 @@ GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in +GENERATE[include/openssl/comp.h]=include/openssl/comp.h.in # include/openssl/configuration.h is generated by configdata.pm # We still need this information for the FIPS module checksum, but the attribute # 'skip' ensures that nothing is actually done with it. diff --git a/crypto/build.info b/crypto/build.info index 58c98025672..90a3b78cda2 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -104,10 +104,10 @@ $UTIL_COMMON=\ SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ - cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ - o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \ - punycode.c passphrase.c sleep.c deterministic_nonce.c quic_vlint.c \ - time.c + comp_methods.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c \ + o_dir.c o_fopen.c getenv.c o_init.c init.c trace.c provider.c \ + provider_child.c punycode.c passphrase.c sleep.c deterministic_nonce.c \ + quic_vlint.c time.c SOURCE[../providers/libfips.a]=$UTIL_COMMON SOURCE[../libcrypto]=$UPLINKSRC diff --git a/crypto/comp_methods.c b/crypto/comp_methods.c new file mode 100644 index 00000000000..d4f00c1a546 --- /dev/null +++ b/crypto/comp_methods.c @@ -0,0 +1,59 @@ +/* + * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/cryptlib.h" +#include "internal/comp.h" + +#define SSL_COMP_NULL_IDX 0 +#define SSL_COMP_ZLIB_IDX 1 +#define SSL_COMP_NUM_IDX 2 + +#ifndef OPENSSL_NO_COMP +static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) +{ + return ((*a)->id - (*b)->id); +} +#endif + +STACK_OF(SSL_COMP) *ossl_load_builtin_compressions(void) +{ + STACK_OF(SSL_COMP) *comp_methods = NULL; +#ifndef OPENSSL_NO_COMP + SSL_COMP *comp = NULL; + COMP_METHOD *method = COMP_zlib(); + + comp_methods = sk_SSL_COMP_new(sk_comp_cmp); + + if (COMP_get_type(method) != NID_undef && comp_methods != NULL) { + comp = OPENSSL_malloc(sizeof(*comp)); + if (comp != NULL) { + comp->method = method; + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = COMP_get_name(method); + if (!sk_SSL_COMP_push(comp_methods, comp)) + OPENSSL_free(comp); + } + } +#endif + return comp_methods; +} + +static void cmeth_free(SSL_COMP *cm) +{ + OPENSSL_free(cm); +} + +void ossl_free_compression_methods_int(STACK_OF(SSL_COMP) *methods) +{ + sk_SSL_COMP_pop_free(methods, cmeth_free); +} diff --git a/crypto/context.c b/crypto/context.c index 2fbb2fbf60e..84707e76943 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -11,6 +11,7 @@ #include #include "internal/thread_once.h" #include "internal/property.h" +#include "internal/cryptlib.h" #include "internal/core.h" #include "internal/bio.h" #include "internal/provider.h" @@ -48,6 +49,7 @@ struct ossl_lib_ctx_st { void *thread_event_handler; void *fips_prov; #endif + STACK_OF(SSL_COMP) *comp_methods; int ischild; int conf_diagnostics; @@ -204,6 +206,10 @@ static int context_init(OSSL_LIB_CTX *ctx) if (!ossl_property_parse_init(ctx)) goto err; +#ifndef FIPS_MODULE + ctx->comp_methods = ossl_load_builtin_compressions(); +#endif + return 1; err: @@ -344,6 +350,14 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) ctx->child_provider = NULL; } #endif + +#ifndef FIPS_MODULE + if (ctx->comp_methods != NULL) { + ossl_free_compression_methods_int(ctx->comp_methods); + ctx->comp_methods = NULL; + } +#endif + } static int context_deinit(OSSL_LIB_CTX *ctx) @@ -634,11 +648,19 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) return ctx->fips_prov; #endif + case OSSL_LIB_CTX_COMP_METHODS: + return (void *)&ctx->comp_methods; + default: return NULL; } } +void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index) +{ + return ossl_lib_ctx_get_data(ctx, index); +} + OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx) { ctx = ossl_lib_ctx_get_concrete(ctx); diff --git a/doc/man3/OSSL_LIB_CTX.pod b/doc/man3/OSSL_LIB_CTX.pod index ad058041d8b..a464475a147 100644 --- a/doc/man3/OSSL_LIB_CTX.pod +++ b/doc/man3/OSSL_LIB_CTX.pod @@ -2,8 +2,9 @@ =head1 NAME -OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch, -OSSL_LIB_CTX_new_child, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, +OSSL_LIB_CTX, OSSL_LIB_CTX_get_data, OSSL_LIB_CTX_new, +OSSL_LIB_CTX_new_from_dispatch, OSSL_LIB_CTX_new_child, +OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config, OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default - OpenSSL library context @@ -22,6 +23,7 @@ OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx); OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void); OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *ctx); + void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index); =head1 DESCRIPTION @@ -111,6 +113,14 @@ in the mean time. This means that the calling thread must not free the library context that was the default at the start of the async job before that job has finished. +OSSL_LIB_CTX_get_data() returns a memory address whose interpretation depends +on the index. The index argument refers to a context member which is +to be retrieved. The values for index are all private to OpenSSL currently +and so applications should not typically call this function. +If ctx is NULL then the function operates on the default library context. +OSSL_LIB_CTX_get_data() returns a memory address whose interpretation +depends on the index. + =head1 RETURN VALUES OSSL_LIB_CTX_new(), OSSL_LIB_CTX_get0_global_default() and @@ -121,10 +131,15 @@ OSSL_LIB_CTX_free() doesn't return any value. OSSL_LIB_CTX_load_config() returns 1 on success, 0 on error. +OSSL_LIB_CTX_get_data() returns a memory address whose interpretation +depends on the index. + =head1 HISTORY All of the functions described on this page were added in OpenSSL 3.0. +OSSL_LIB_CTX_get_data() was introduced in OpenSSL 3.4. + =head1 COPYRIGHT Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/internal/comp.h b/include/internal/comp.h index c48c29d5620..cb1032f216f 100644 --- a/include/internal/comp.h +++ b/include/internal/comp.h @@ -6,9 +6,19 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +#ifndef _INTERNAL_COMP_H +#define _INTERNAL_COMP_H #include void ossl_comp_zlib_cleanup(void); void ossl_comp_brotli_cleanup(void); void ossl_comp_zstd_cleanup(void); + +struct ssl_comp_st { + int id; + const char *name; + COMP_METHOD *method; +}; + +#endif diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 6c2ac47275a..1635830500c 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -86,7 +86,6 @@ typedef struct ossl_ex_data_global_st { EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; } OSSL_EX_DATA_GLOBAL; - /* OSSL_LIB_CTX */ # define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX 0 @@ -117,7 +116,8 @@ typedef struct ossl_ex_data_global_st { # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 # define OSSL_LIB_CTX_THREAD_INDEX 19 # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 -# define OSSL_LIB_CTX_MAX_INDEXES 20 +# define OSSL_LIB_CTX_COMP_METHODS 21 +# define OSSL_LIB_CTX_MAX_INDEXES 21 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); @@ -161,4 +161,7 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, const char sep); +STACK_OF(SSL_COMP) *ossl_load_builtin_compressions(void); +void ossl_free_compression_methods_int(STACK_OF(SSL_COMP) *methods); + #endif diff --git a/include/openssl/comp.h b/include/openssl/comp.h.in similarity index 80% rename from include/openssl/comp.h rename to include/openssl/comp.h.in index f81ba0f39c8..bd1efdc568e 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h.in @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::stackhash qw(generate_stack_macros); +-} + #ifndef OPENSSL_COMP_H # define OPENSSL_COMP_H # pragma once @@ -18,7 +22,6 @@ # include -# ifndef OPENSSL_NO_COMP # include # include # ifdef __cplusplus @@ -27,6 +30,8 @@ extern "C" { +# ifndef OPENSSL_NO_COMP + COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); int COMP_CTX_get_type(const COMP_CTX* comp); @@ -46,19 +51,26 @@ COMP_METHOD *COMP_brotli_oneshot(void); COMP_METHOD *COMP_zstd(void); COMP_METHOD *COMP_zstd_oneshot(void); -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define COMP_zlib_cleanup() while(0) continue -#endif +# ifndef OPENSSL_NO_DEPRECATED_1_1_0 +# define COMP_zlib_cleanup() while(0) continue +# endif -# ifdef OPENSSL_BIO_H +# ifdef OPENSSL_BIO_H const BIO_METHOD *BIO_f_zlib(void); const BIO_METHOD *BIO_f_brotli(void); const BIO_METHOD *BIO_f_zstd(void); +# endif + # endif +typedef struct ssl_comp_st SSL_COMP; + +{- + generate_stack_macros("SSL_COMP"); +-} -# ifdef __cplusplus + +# ifdef __cplusplus } -# endif # endif #endif diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in index 034f150cb65..ef87f9754d9 100644 --- a/include/openssl/crypto.h.in +++ b/include/openssl/crypto.h.in @@ -541,6 +541,9 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value); void OSSL_sleep(uint64_t millis); + +void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index); + # ifdef __cplusplus } # endif diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 442d5cbc3c0..7ffce7fdd35 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -236,10 +236,8 @@ typedef struct ssl_cipher_st SSL_CIPHER; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; typedef struct ssl_conf_ctx_st SSL_CONF_CTX; -typedef struct ssl_comp_st SSL_COMP; STACK_OF(SSL_CIPHER); -STACK_OF(SSL_COMP); /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ typedef struct srtp_protection_profile_st { @@ -975,8 +973,7 @@ extern "C" { * in VisualStudio 2015 */ {- - generate_const_stack_macros("SSL_CIPHER") - .generate_stack_macros("SSL_COMP"); + generate_const_stack_macros("SSL_CIPHER"); -} /* compatibility */ diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 6a31efe1c03..e61861d9fd1 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -19,6 +19,7 @@ #include #include "record_local.h" #include "internal/packet.h" +#include "internal/comp.h" void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index e70b800a5c6..ce6d0d99a24 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -21,6 +21,7 @@ #include "ssl_local.h" #include "internal/thread_once.h" #include "internal/cryptlib.h" +#include "internal/comp.h" /* NB: make sure indices in these tables match values above */ @@ -57,16 +58,6 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ }; -#define SSL_COMP_NULL_IDX 0 -#define SSL_COMP_ZLIB_IDX 1 -#define SSL_COMP_NUM_IDX 2 - -static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; - -#ifndef OPENSSL_NO_COMP -static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; -#endif - /* NB: make sure indices in this table matches values above */ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_MD5, NID_md5}, /* SSL_MD_MD5_IDX 0 */ @@ -445,40 +436,6 @@ int ssl_load_ciphers(SSL_CTX *ctx) return 1; } -#ifndef OPENSSL_NO_COMP - -static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b) -{ - return ((*a)->id - (*b)->id); -} - -DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) -{ - SSL_COMP *comp = NULL; - COMP_METHOD *method = COMP_zlib(); - - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - - if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) { - comp = OPENSSL_malloc(sizeof(*comp)); - if (comp != NULL) { - comp->method = method; - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = COMP_get_name(method); - if (!sk_SSL_COMP_push(ssl_comp_methods, comp)) - OPENSSL_free(comp); - sk_SSL_COMP_sort(ssl_comp_methods); - } - } - return 1; -} - -static int load_builtin_compressions(void) -{ - return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions); -} -#endif - int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc, const EVP_CIPHER **enc) { @@ -549,20 +506,15 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, return 0; if (comp != NULL) { SSL_COMP ctmp; -#ifndef OPENSSL_NO_COMP - if (!load_builtin_compressions()) { - /* - * Currently don't care, since a failure only means that - * ssl_comp_methods is NULL, which is perfectly OK - */ - } -#endif + STACK_OF(SSL_COMP) *comp_methods; + *comp = NULL; ctmp.id = s->compress_meth; - if (ssl_comp_methods != NULL) { - i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); + comp_methods = SSL_COMP_get_compression_methods(); + if (comp_methods != NULL) { + i = sk_SSL_COMP_find(comp_methods, &ctmp); if (i >= 0) - *comp = sk_SSL_COMP_value(ssl_comp_methods, i); + *comp = sk_SSL_COMP_value(comp_methods, i); } /* If were only interested in comp then return success */ if ((enc == NULL) && (md == NULL)) @@ -649,6 +601,7 @@ const EVP_MD *ssl_prf_md(SSL_CONNECTION *s) ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT); } + #define ITEM_SEP(a) \ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) @@ -1988,17 +1941,19 @@ uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c) SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) { SSL_COMP *ctmp; - int i, nn; + SSL_COMP srch_key; + int i; if ((n == 0) || (sk == NULL)) return NULL; - nn = sk_SSL_COMP_num(sk); - for (i = 0; i < nn; i++) { + srch_key.id = n; + i = sk_SSL_COMP_find(sk, &srch_key); + if (i >= 0) ctmp = sk_SSL_COMP_value(sk, i); - if (ctmp->id == n) - return ctmp; - } - return NULL; + else + ctmp = NULL; + + return ctmp; } #ifdef OPENSSL_NO_COMP @@ -2021,34 +1976,44 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) #else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { - load_builtin_compressions(); - return ssl_comp_methods; + STACK_OF(SSL_COMP) **rv; + + rv = (STACK_OF(SSL_COMP) **)OSSL_LIB_CTX_get_data(NULL, + OSSL_LIB_CTX_COMP_METHODS); + if (rv != NULL) + return *rv; + else + return NULL; } STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths) { - STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; - ssl_comp_methods = meths; - return old_meths; -} + STACK_OF(SSL_COMP) **comp_methods; + STACK_OF(SSL_COMP) *old_meths; -static void cmeth_free(SSL_COMP *cm) -{ - OPENSSL_free(cm); -} + comp_methods = (STACK_OF(SSL_COMP) **)OSSL_LIB_CTX_get_data(NULL, + OSSL_LIB_CTX_COMP_METHODS); + if (comp_methods == NULL) { + old_meths = meths; + } else { + old_meths = *comp_methods; + *comp_methods = meths; + } -void ssl_comp_free_compression_methods_int(void) -{ - STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods; - ssl_comp_methods = NULL; - sk_SSL_COMP_pop_free(old_meths, cmeth_free); + return old_meths; } int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { + STACK_OF(SSL_COMP) *comp_methods; SSL_COMP *comp; + comp_methods = SSL_COMP_get_compression_methods(); + + if (comp_methods == NULL) + return 1; + if (cm == NULL || COMP_get_type(cm) == NID_undef) return 1; @@ -2070,18 +2035,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return 1; comp->id = id; - comp->method = cm; - load_builtin_compressions(); - if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { + if (sk_SSL_COMP_find(comp_methods, comp) >= 0) { OPENSSL_free(comp); ERR_raise(ERR_LIB_SSL, SSL_R_DUPLICATE_COMPRESSION_ID); return 1; } - if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { + if (!sk_SSL_COMP_push(comp_methods, comp)) { OPENSSL_free(comp); ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); return 1; } + return 0; } #endif diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 70e567b72c1..c99639db7c5 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -19,8 +19,6 @@ static int stopped; -static void ssl_library_stop(void); - static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT; static int ssl_base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) @@ -36,11 +34,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) #endif ssl_sort_cipher_list(); OSSL_TRACE(INIT, "ossl_init_ssl_base: SSL_add_ssl_module()\n"); - /* - * We ignore an error return here. Not much we can do - but not that bad - * either. We can still safely continue. - */ - OPENSSL_atexit(ssl_library_stop); ssl_base_inited = 1; return 1; } @@ -67,22 +60,6 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings, return 1; } -static void ssl_library_stop(void) -{ - /* Might be explicitly called and also by atexit */ - if (stopped) - return; - stopped = 1; - - if (ssl_base_inited) { -#ifndef OPENSSL_NO_COMP - OSSL_TRACE(INIT, "ssl_library_stop: " - "ssl_comp_free_compression_methods_int()\n"); - ssl_comp_free_compression_methods_int(); -#endif - } -} - /* * If this function is called with a non NULL settings value then it must be * called prior to any threads making calls to any OpenSSL functions, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 2d827d8bb9b..9083ec2f3bb 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -37,6 +37,7 @@ # include "internal/ktls.h" # include "internal/time.h" # include "internal/ssl.h" +# include "internal/cryptlib.h" # include "record/record.h" # ifdef OPENSSL_BUILD_SHLIBSSL @@ -637,11 +638,6 @@ typedef enum { #define MAX_COMPRESSIONS_SIZE 255 -struct ssl_comp_st { - int id; - const char *name; - COMP_METHOD *method; -}; typedef struct raw_extension_st { /* Raw packet data for the extension */ diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 9e9c2e10ec8..2a0f5032558 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -12,6 +12,8 @@ #include #include "ssl_local.h" +#include "internal/comp.h" + #ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6f73d5f698e..162442ea2de 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -27,6 +27,7 @@ #include #include #include "internal/cryptlib.h" +#include "internal/comp.h" static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, PACKET *pkt); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5ff479a2ec1..08544ed0bf7 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -27,6 +27,7 @@ #include #include #include +#include "internal/comp.h" #define TICKET_NONCE_SIZE 8 diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 3e668e11dd1..18677af6f89 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -1346,7 +1346,7 @@ int main(int argc, char *argv[]) int j; printf("Available compression methods:"); for (j = 0; j < n; j++) { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + const SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c)); } printf("\n"); diff --git a/util/libcrypto.num b/util/libcrypto.num index a5f9bb32cb1..e0474a0021d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5646,3 +5646,4 @@ OSSL_IETF_ATTR_SYNTAX_print ? 3_4_0 EXIST::FUNCTION: X509_ACERT_add_attr_nconf ? 3_4_0 EXIST::FUNCTION: OSSL_LIB_CTX_get_conf_diagnostics ? 3_4_0 EXIST::FUNCTION: OSSL_LIB_CTX_set_conf_diagnostics ? 3_4_0 EXIST::FUNCTION: +OSSL_LIB_CTX_get_data ? 3_4_0 EXIST::FUNCTION: -- 2.47.2