They are not required for TLS 1.3, and are deprecated for TLS 1.2.
We eliminate them in order to reduce the complexity in the record
packet handling.
Resolves #212
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
AC_CHECK_SIZEOF(unsigned long int, 4)
AC_CHECK_SIZEOF(unsigned int, 4)
-AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
- [disable zlib compression support]),
- ac_zlib=$withval, ac_zlib=yes)
-AC_MSG_CHECKING([whether to include zlib compression support])
-if test x$ac_zlib != xno; then
- AC_MSG_RESULT(yes)
- AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
- if test x$ac_cv_libz != xyes; then
- AC_MSG_WARN(
-***
-*** ZLIB was not found. You will not be able to use ZLIB compression.)
- fi
-else
- AC_MSG_RESULT(no)
-fi
-
-PKG_CHECK_EXISTS(zlib, ZLIB_HAS_PKGCONFIG=y, ZLIB_HAS_PKGCONFIG=n)
-
-if test x$ac_zlib != xno; then
- if test "$ZLIB_HAS_PKGCONFIG" = "y" ; then
- if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
- GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
- else
- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
- fi
- LIBZ_PC=""
- else
- LIBZ_PC=$LIBZ
- fi
-fi
-AC_SUBST(LIBZ_PC)
AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
SUBDIRS += nettle
endif
-HFILES = abstract_int.h debug.h compress.h cipher.h \
+HFILES = abstract_int.h debug.h cipher.h \
buffers.h errors.h gnutls_int.h dtls.h \
handshake.h num.h algorithms.h \
dh.h kx.h hash_int.h cipher_int.h \
/*
* Copyright (C) 2000-2013 Free Software Foundation, Inc.
* Copyright (C) 2013 Nikos Mavrogiannopoulos
+ * Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
#include "gnutls_int.h"
#include "errors.h"
-#include "compress.h"
#include "cipher.h"
#include "algorithms.h"
#include "hash_int.h"
#include <state.h>
#include <random.h>
-static int compressed_to_ciphertext(gnutls_session_t session,
- uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t * compressed,
- size_t min_pad,
- content_type_t _type,
- record_parameters_st * params);
-static int ciphertext_to_compressed(gnutls_session_t session,
- gnutls_datum_t * ciphertext,
- gnutls_datum_t * compressed,
- uint8_t type,
- record_parameters_st * params,
- gnutls_uint64 * sequence);
-
-inline static int is_write_comp_null(record_parameters_st * record_params)
-{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
-}
-
-inline static int is_read_comp_null(record_parameters_st * record_params)
-{
- if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
- return 0;
-
- return 1;
-}
-
+static int encrypt_packet(gnutls_session_t session,
+ uint8_t * cipher_data, int cipher_size,
+ gnutls_datum_t * plain,
+ size_t min_pad,
+ content_type_t _type,
+ record_parameters_st * params);
+static int decrypt_packet(gnutls_session_t session,
+ gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plain,
+ uint8_t type,
+ record_parameters_st * params,
+ gnutls_uint64 * sequence);
/* returns ciphertext which contains the headers too. This also
* calculates the size in the header field.
mbuffer_st * bufel,
content_type_t type, record_parameters_st * params)
{
- gnutls_datum_t comp;
- int free_comp = 0;
+ gnutls_datum_t plaintext;
int ret;
- if (data_size == 0 || is_write_comp_null(params) == 0) {
- comp.data = (uint8_t *) data;
- comp.size = data_size;
- } else {
- /* Here comp is allocated and must be
- * freed.
- */
- free_comp = 1;
-
- comp.size = _mbuffer_get_udata_size(bufel);
- comp.data = gnutls_malloc(comp.size);
- if (comp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret =
- _gnutls_compress(¶ms->write.compression_state,
- data, data_size, comp.data, comp.size,
- session->internals.priorities.
- stateless_compression);
- if (ret < 0) {
- gnutls_free(comp.data);
- return gnutls_assert_val(ret);
- }
-
- comp.size = ret;
- }
+ plaintext.data = (uint8_t *) data;
+ plaintext.size = data_size;
ret =
- compressed_to_ciphertext(session,
+ encrypt_packet(session,
_mbuffer_get_udata_ptr(bufel),
_mbuffer_get_udata_size
- (bufel), &comp, min_pad, type,
+ (bufel), &plaintext, min_pad, type,
params);
- if (free_comp)
- gnutls_free(comp.data);
-
if (ret < 0)
return gnutls_assert_val(ret);
if (ciphertext->size == 0)
return 0;
- if (is_read_comp_null(params) == 0) {
- ret =
- ciphertext_to_compressed(session, ciphertext,
- output, type, params,
- sequence);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return ret;
- } else {
- gnutls_datum_t tmp;
-
- tmp.size = output->size;
- tmp.data = gnutls_malloc(tmp.size);
- if (tmp.data == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
- ret =
- ciphertext_to_compressed(session, ciphertext,
- &tmp, type, params,
- sequence);
- if (ret < 0)
- goto leave;
-
- tmp.size = ret;
-
- if (ret != 0) {
- ret =
- _gnutls_decompress(¶ms->read.
- compression_state, tmp.data,
- tmp.size, output->data,
- output->size);
- if (ret < 0)
- goto leave;
- }
+ ret =
+ decrypt_packet(session, ciphertext,
+ output, type, params,
+ sequence);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- leave:
- gnutls_free(tmp.data);
- return ret;
- }
+ return ret;
}
}
/* This is the actual encryption
- * Encrypts the given compressed datum, and puts the result to cipher_data,
+ * Encrypts the given plaintext datum, and puts the result to cipher_data,
* which has cipher_size size.
* return the actual encrypted data length.
*/
static int
-compressed_to_ciphertext(gnutls_session_t session,
+encrypt_packet(gnutls_session_t session,
uint8_t * cipher_data, int cipher_size,
- gnutls_datum_t * compressed,
+ gnutls_datum_t * plain,
size_t min_pad,
content_type_t type,
record_parameters_st * params)
pad = min_pad;
length =
- calc_enc_length_block(session, ver, compressed->size,
+ calc_enc_length_block(session, ver, plain->size,
tag_size, &pad, auth_cipher,
blocksize, etm);
} else { /* AEAD + STREAM */
pad = 0;
length =
- calc_enc_length_stream(session, compressed->size,
+ calc_enc_length_stream(session, plain->size,
tag_size, auth_cipher,
exp_iv_size);
}
if (etm)
ret = length-tag_size;
else
- ret = compressed->size;
+ ret = plain->size;
preamble_size =
make_preamble(UINT64DATA(params->write.sequence_number),
*/
ret =
_gnutls_auth_cipher_encrypt2_tag(¶ms->write.cipher_state,
- compressed->data,
- compressed->size, cipher_data,
+ plain->data,
+ plain->size, cipher_data,
cipher_size, pad);
if (ret < 0)
return gnutls_assert_val(ret);
nonce, imp_iv_size + exp_iv_size,
preamble, preamble_size,
tag_size,
- compressed->data, compressed->size,
+ plain->data, plain->size,
cipher_data, cipher_size);
if (ret < 0)
return gnutls_assert_val(ret);
}
}
-/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
- * Returns the actual compressed packet size.
+/* Deciphers the ciphertext packet, and puts the result to plain.
+ * Returns the actual plaintext packet size.
*/
static int
-ciphertext_to_compressed(gnutls_session_t session,
+decrypt_packet(gnutls_session_t session,
gnutls_datum_t * ciphertext,
- gnutls_datum_t * compressed,
+ gnutls_datum_t * plain,
uint8_t type, record_parameters_st * params,
gnutls_uint64 * sequence)
{
length_to_decrypt = ciphertext->size;
- /* Pass the type, version, length and compressed through
+ /* Pass the type, version, length and plain through
* MAC.
*/
preamble_size =
if (unlikely
- ((unsigned) length_to_decrypt > compressed->size)) {
+ ((unsigned) length_to_decrypt > plain->size)) {
_gnutls_audit_log(session,
"Received %u bytes, while expecting less than %u\n",
(unsigned int) length_to_decrypt,
- (unsigned int) compressed->size);
+ (unsigned int) plain->size);
return
gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
}
preamble, preamble_size,
tag_size,
ciphertext->data, length_to_decrypt,
- compressed->data, compressed->size);
+ plain->data, plain->size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
length_to_decrypt = ciphertext->size;
length = ciphertext->size - tag_size;
- tag_ptr = compressed->data + length;
+ tag_ptr = plain->data + length;
- /* Pass the type, version, length and compressed through
+ /* Pass the type, version, length and plain through
* MAC.
*/
preamble_size =
return gnutls_assert_val(ret);
if (unlikely
- ((unsigned) length_to_decrypt > compressed->size)) {
+ ((unsigned) length_to_decrypt > plain->size)) {
_gnutls_audit_log(session,
"Received %u bytes, while expecting less than %u\n",
(unsigned int) length_to_decrypt,
- (unsigned int) compressed->size);
+ (unsigned int) plain->size);
return
gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
}
cipher_state,
ciphertext->data,
length_to_decrypt,
- compressed->data,
- compressed->size);
+ plain->data,
+ plain->size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
* an API. (the length of plaintext is required to calculate
* auth_data, but it is not available before decryption).
*/
- if (unlikely(ciphertext->size > compressed->size))
+ if (unlikely(ciphertext->size > plain->size))
return
gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
_gnutls_cipher_decrypt2(¶ms->read.cipher_state.
cipher, ciphertext->data,
ciphertext->size,
- compressed->data,
- compressed->size);
+ plain->data,
+ plain->size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
- pad = compressed->data[ciphertext->size - 1]; /* pad */
+ pad = plain->data[ciphertext->size - 1]; /* pad */
/* Check the pading bytes (TLS 1.x).
* Note that we access all 256 bytes of ciphertext for padding check
#endif
for (i = 2; i <= MIN(256, ciphertext->size); i++) {
tmp_pad_failed |=
- (compressed->
+ (plain->
data[ciphertext->size - i] != pad);
pad_failed |=
((i <= (1 + pad)) & (tmp_pad_failed));
}
length = ciphertext->size - tag_size - pad - 1;
- tag_ptr = &compressed->data[length];
+ tag_ptr = &plain->data[length];
- /* Pass the type, version, length and compressed through
+ /* Pass the type, version, length and plain through
* MAC.
*/
preamble_size =
ret =
_gnutls_auth_cipher_add_auth(¶ms->read.
cipher_state,
- compressed->data, length);
+ plain->data, length);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
} else { /* EtM */
_gnutls_cipher_decrypt2(¶ms->read.cipher_state.
cipher, ciphertext->data,
ciphertext->size - tag_size,
- compressed->data,
- compressed->size);
+ plain->data,
+ plain->size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
- pad = compressed->data[ciphertext->size - tag_size - 1]; /* pad */
+ pad = plain->data[ciphertext->size - tag_size - 1]; /* pad */
length = ciphertext->size - tag_size - pad - 1;
if (unlikely(length < 0))
if (unlikely
(gnutls_memcmp(tag, tag_ptr, tag_size) != 0 || pad_failed != 0)) {
/* HMAC was not the same. */
- dummy_wait(params, compressed, pad_failed, pad,
+ dummy_wait(params, plain, pad_failed, pad,
length + preamble_size);
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
/*
- * Copyright (C) 2000-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
*
*/
-/* This file contains the functions which convert the TLS plaintext
- * packet to TLS compressed packet.
- */
-
#include "gnutls_int.h"
-#include "compress.h"
-#include "errors.h"
-#include "constate.h"
-#include <algorithms.h>
-#include <gnutls/gnutls.h>
-
-/* Compression Section */
-#define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \
- { #name, name, id, wb, ml, cl}
-
-
-#define MAX_COMP_METHODS 5
-const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
-
-gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
- GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
-#ifdef HAVE_LIBZ
- /* draft-ietf-tls-compression-02 */
- GNUTLS_COMPRESSION_ENTRY(GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
-#endif
- {0, 0, 0, 0, 0, 0}
-};
-static const gnutls_compression_method_t supported_compressions[] = {
-#ifdef HAVE_LIBZ
- GNUTLS_COMP_DEFLATE,
-#endif
- GNUTLS_COMP_NULL,
- 0
-};
-
-#define GNUTLS_COMPRESSION_LOOP(b) \
- const gnutls_compression_entry *p; \
- for(p = _gnutls_compression_algorithms; p->name != NULL; p++) { b ; }
-#define GNUTLS_COMPRESSION_ALG_LOOP(a) \
- GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } )
-#define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \
- GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } )
-
-/* Compression Functions */
+/* Compatibility compression functions */
/**
* gnutls_compression_get_name:
const char *gnutls_compression_get_name(gnutls_compression_method_t
algorithm)
{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret =
- p->name + sizeof("GNUTLS_COMP_") - 1);
+ if (algorithm == GNUTLS_COMP_NULL)
+ return "NULL";
- return ret;
+ return NULL;
}
/**
**/
gnutls_compression_method_t gnutls_compression_get_id(const char *name)
{
- gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
+ if (strcasecmp(name, "NULL") == 0)
+ return GNUTLS_COMP_NULL;
- GNUTLS_COMPRESSION_LOOP(if
- (strcasecmp
- (p->name + sizeof("GNUTLS_COMP_") - 1,
- name) == 0) ret = p->id);
-
- return ret;
+ return GNUTLS_COMP_UNKNOWN;
}
/**
**/
const gnutls_compression_method_t *gnutls_compression_list(void)
{
- return supported_compressions;
-}
-
-/* return the tls number of the specified algorithm */
-int _gnutls_compression_get_num(gnutls_compression_method_t algorithm)
-{
- int ret = -1;
-
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->num);
-
- return ret;
-}
-
-#ifdef HAVE_LIBZ
-
-static int get_wbits(gnutls_compression_method_t algorithm)
-{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->window_bits);
- return ret;
-}
-
-static int get_mem_level(gnutls_compression_method_t algorithm)
-{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->mem_level);
- return ret;
-}
-
-static int get_comp_level(gnutls_compression_method_t algorithm)
-{
- int ret = -1;
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->comp_level);
- return ret;
-}
-
-#endif
-
-/* returns the gnutls internal ID of the TLS compression
- * method num
- */
-gnutls_compression_method_t _gnutls_compression_get_id(int num)
-{
- gnutls_compression_method_t ret = -1;
-
- /* avoid prefix */
- GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id);
-
- return ret;
-}
-
-int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm)
-{
- ssize_t ret = -1;
- GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
-}
-
-
-
-/* For compression */
-
-#define MIN_PRIVATE_COMP_ALGO 0xEF
-
-/* returns the TLS numbers of the compression methods we support
- */
-#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
-int
-_gnutls_supported_compression_methods(gnutls_session_t session,
- uint8_t * comp, size_t comp_size)
-{
- unsigned int i, j;
- int tmp;
-
- if (comp_size < SUPPORTED_COMPRESSION_METHODS)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) {
- if (IS_DTLS(session) && session->internals.priorities.compression.priority[i] != GNUTLS_COMP_NULL) {
- gnutls_assert();
- continue;
- }
-
- tmp =
- _gnutls_compression_get_num(session->
- internals.priorities.
- compression.priority[i]);
-
- /* remove private compression algorithms, if requested.
- */
- if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
- session->internals.enable_private == 0))
- {
- gnutls_assert();
- continue;
- }
-
- comp[j] = (uint8_t) tmp;
- j++;
- }
-
- if (j == 0) {
- gnutls_assert();
- return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
- }
- return j;
-}
-
-
-/* The flag d is the direction (compress, decompress). Non zero is
- * decompress.
- */
-int _gnutls_comp_init(comp_hd_st * handle,
- gnutls_compression_method_t method, int d)
-{
- handle->algo = method;
- handle->handle = NULL;
-
- switch (method) {
- case GNUTLS_COMP_DEFLATE:
-#ifdef HAVE_LIBZ
- {
- int window_bits, mem_level;
- int comp_level;
- z_stream *zhandle;
- int err;
-
- window_bits = get_wbits(method);
- mem_level = get_mem_level(method);
- comp_level = get_comp_level(method);
-
- handle->handle = gnutls_malloc(sizeof(z_stream));
- if (handle->handle == NULL)
- return
- gnutls_assert_val
- (GNUTLS_E_MEMORY_ERROR);
-
- zhandle = handle->handle;
-
- zhandle->zalloc = (alloc_func) 0;
- zhandle->zfree = (free_func) 0;
- zhandle->opaque = (voidpf) 0;
-
- if (d)
- err = inflateInit2(zhandle, window_bits);
- else {
- err = deflateInit2(zhandle,
- comp_level, Z_DEFLATED,
- window_bits, mem_level,
- Z_DEFAULT_STRATEGY);
- }
- if (err != Z_OK) {
- gnutls_assert();
- gnutls_free(handle->handle);
- return GNUTLS_E_COMPRESSION_FAILED;
- }
- }
- break;
-#endif
- case GNUTLS_COMP_NULL:
- case GNUTLS_COMP_UNKNOWN:
- break;
- default:
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- return 0;
-}
-
-/* The flag d is the direction (compress, decompress). Non zero is
- * decompress.
- */
-void _gnutls_comp_deinit(comp_hd_st * handle, int d)
-{
- if (handle != NULL) {
- switch (handle->algo) {
-#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- if (d)
- inflateEnd(handle->handle);
- else
- deflateEnd(handle->handle);
- break;
- }
-#endif
- default:
- break;
- }
- gnutls_free(handle->handle);
- handle->handle = NULL;
- }
-}
-
-/* These functions are memory consuming
- */
-
-int
-_gnutls_compress(comp_hd_st * handle, const uint8_t * plain,
- size_t plain_size, uint8_t * compressed,
- size_t max_comp_size, unsigned int stateless)
-{
- int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
-
- /* NULL compression is not handled here
- */
- if (handle == NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo) {
-#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
- int type;
-
- if (stateless) {
- type = Z_FULL_FLUSH;
- } else
- type = Z_SYNC_FLUSH;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) plain;
- zhandle->avail_in = plain_size;
- zhandle->next_out = (Bytef *) compressed;
- zhandle->avail_out = max_comp_size;
-
- err = deflate(zhandle, type);
- if (err != Z_OK || zhandle->avail_in != 0)
- return
- gnutls_assert_val
- (GNUTLS_E_COMPRESSION_FAILED);
-
-
- compressed_size =
- max_comp_size - zhandle->avail_out;
- break;
- }
-#endif
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
-
-#ifdef COMPRESSION_DEBUG
- _gnutls_debug_log("Compression ratio: %f\n",
- (float) ((float) compressed_size /
- (float) plain_size));
-#endif
-
- return compressed_size;
-}
-
-
-
-int
-_gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size)
-{
- int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
-
- if (compressed_size > max_plain_size + EXTRA_COMP_SIZE) {
- gnutls_assert();
- return GNUTLS_E_DECOMPRESSION_FAILED;
- }
-
- /* NULL compression is not handled here
- */
-
- if (handle == NULL) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (handle->algo) {
-#ifdef HAVE_LIBZ
- case GNUTLS_COMP_DEFLATE:
- {
- z_stream *zhandle;
- int err;
-
- zhandle = handle->handle;
-
- zhandle->next_in = (Bytef *) compressed;
- zhandle->avail_in = compressed_size;
-
- zhandle->next_out = (Bytef *) plain;
- zhandle->avail_out = max_plain_size;
- err = inflate(zhandle, Z_SYNC_FLUSH);
-
- if (err != Z_OK)
- return
- gnutls_assert_val
- (GNUTLS_E_DECOMPRESSION_FAILED);
-
- plain_size = max_plain_size - zhandle->avail_out;
- break;
- }
-#endif
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- } /* switch */
-
- return plain_size;
+ static const gnutls_compression_method_t list[2] = {GNUTLS_COMP_NULL, 0};
+ return list;
}
+++ /dev/null
-/*
- * Copyright (C) 2000-2012 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-#ifndef GNUTLS_COMPRESS_H
-#define GNUTLS_COMPRESS_H
-
-/* Algorithm handling. */
-int _gnutls_supported_compression_methods(gnutls_session_t session,
- uint8_t * comp, size_t max_comp);
-int _gnutls_compression_is_ok(gnutls_compression_method_t algorithm);
-int _gnutls_compression_get_num(gnutls_compression_method_t algorithm);
-gnutls_compression_method_t _gnutls_compression_get_id(int num);
-
-#ifdef HAVE_LIBZ
-#include <zlib.h>
-#endif
-
-#define GNUTLS_COMP_FAILED NULL
-
-typedef struct comp_hd_st {
- void *handle;
- gnutls_compression_method_t algo;
-} comp_hd_st;
-
-int _gnutls_comp_init(comp_hd_st *, gnutls_compression_method_t, int d);
-void _gnutls_comp_deinit(comp_hd_st * handle, int d);
-
-int _gnutls_decompress(comp_hd_st * handle, uint8_t * compressed,
- size_t compressed_size, uint8_t * plain,
- size_t max_plain_size);
-int _gnutls_compress(comp_hd_st *, const uint8_t * plain,
- size_t plain_size, uint8_t * compressed,
- size_t max_comp_size, unsigned int stateless);
-
-struct gnutls_compression_entry {
- const char *name;
- gnutls_compression_method_t id;
- /* the number reserved in TLS for the specific compression method */
- int num;
-
- /* used in zlib compressor */
- int window_bits;
- int mem_level;
- int comp_level;
-};
-typedef struct gnutls_compression_entry gnutls_compression_entry;
-
-#endif
/*
* Copyright (C) 2001-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
return gnutls_assert_val(ret);
- ret =
- _gnutls_comp_init(&state->compression_state,
- params->compression_algorithm,
- read /*1==decompress */ );
-
- if (ret < 0)
- return gnutls_assert_val(ret);
-
return 0;
}
return 0;
}
-int
-_gnutls_set_compression(gnutls_session_t session,
- gnutls_compression_method_t comp_algo)
-{
- record_parameters_st *params;
- int ret;
-
- ret = _gnutls_epoch_get(session, EPOCH_NEXT, ¶ms);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- if (params->initialized
- || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_compression_is_ok(comp_algo) != 0)
- return
- gnutls_assert_val
- (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
-
- session->security_parameters.compression_method = comp_algo;
- params->compression_algorithm = comp_algo;
-
- return 0;
-}
-
void
_gnutls_epoch_set_null_algos(gnutls_session_t session,
record_parameters_st * params)
params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
params->mac = mac_to_entry(GNUTLS_MAC_NULL);
- params->compression_algorithm = GNUTLS_COMP_NULL;
params->initialized = 1;
}
int hash_size;
int IV_size;
int key_size;
- gnutls_compression_method_t comp_algo;
record_parameters_st *params;
int ret;
const version_entry_st *ver = get_version(session);
_gnutls_record_log
("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
- comp_algo = params->compression_algorithm;
-
if (_gnutls_cipher_is_ok(params->cipher) == 0
|| _gnutls_mac_is_ok(params->mac) == 0)
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
if (_gnutls_mac_priority(session, params->mac->id) < 0)
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- if (_gnutls_compression_is_ok(comp_algo) != 0)
- return
- gnutls_assert_val
- (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
-
if (!_gnutls_version_has_explicit_iv(ver) &&
_gnutls_cipher_type(params->cipher) == CIPHER_BLOCK) {
IV_size = _gnutls_cipher_get_iv_size(params->cipher);
memcpy( dst->session_id, src->session_id, GNUTLS_MAX_SESSION_ID_SIZE); \
dst->session_id_size = src->session_id_size; \
dst->cert_type = src->cert_type; \
- dst->compression_method = src->compression_method; \
dst->timestamp = src->timestamp; \
dst->ext_master_secret = src->ext_master_secret; \
dst->etm = src->etm; \
(*slot)->epoch = epoch;
(*slot)->cipher = NULL;
(*slot)->mac = NULL;
- (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
if (IS_DTLS(session))
_gnutls_write_uint16(epoch,
_gnutls_free_datum(&state->key);
_gnutls_auth_cipher_deinit(&state->cipher_state);
-
- if (state->compression_state.handle != NULL)
- _gnutls_comp_deinit(&state->compression_state, d);
}
void
int _gnutls_set_cipher_suite(gnutls_session_t session,
const uint8_t suite[2]);
-int _gnutls_set_compression(gnutls_session_t session,
- gnutls_compression_method_t comp_algo);
void _gnutls_epoch_set_null_algos(gnutls_session_t session,
record_parameters_st * params);
int _gnutls_epoch_set_keys(gnutls_session_t session, uint16_t epoch);
static int record_overhead(const cipher_entry_st * cipher,
const mac_entry_st * mac,
- gnutls_compression_method_t comp,
unsigned etm,
unsigned est_data)
{
total += hash_len;
}
- if (comp != GNUTLS_COMP_NULL)
- total += EXTRA_COMP_SIZE;
-
/* This must be last */
if (_gnutls_cipher_type(cipher) == CIPHER_BLOCK) {
int rem, exp_iv;
* @version: is a #gnutls_protocol_t value
* @cipher: is a #gnutls_cipher_algorithm_t value
* @mac: is a #gnutls_mac_algorithm_t value
- * @comp: is a #gnutls_compression_method_t value
+ * @comp: is a #gnutls_compression_method_t value (ignored)
* @flags: must be zero
*
* This function will return the set size in bytes of the overhead
else
total = DTLS_RECORD_HEADER_SIZE;
- total += record_overhead(c, m, comp, 0, 0);
+ total += record_overhead(c, m, 0, 0);
return total;
}
return gnutls_assert_val(ret);
return record_overhead(params->cipher, params->mac,
- params->compression_algorithm, params->etm, est_data);
+ params->etm, est_data);
}
/**
URL: http://www.gnutls.org/
Version: @VERSION@
Libs: -L${libdir} -lgnutls
-Libs.private: @LIBZ_PC@ @LIBINTL@ @LIBSOCKET@ @LIBNSL@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@
+Libs.private: @LIBINTL@ @LIBSOCKET@ @LIBNSL@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@
@GNUTLS_REQUIRES_PRIVATE@
Cflags: -I${includedir}
* when receiving we use a different way as there are implementations that
* store more data than allowed.
*/
-#define MAX_RECORD_SEND_OVERHEAD(session) (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+((gnutls_compression_get(session)!=GNUTLS_COMP_NULL)?(EXTRA_COMP_SIZE):(0))+MAX_HASH_SIZE/*MAC*/)
+#define MAX_RECORD_SEND_OVERHEAD(session) (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+MAX_HASH_SIZE/*MAC*/)
#define MAX_RECORD_SEND_SIZE(session) (IS_DTLS(session)? \
(MIN((size_t)gnutls_dtls_get_mtu(session), (size_t)session->security_parameters.max_record_send_size+MAX_RECORD_SEND_OVERHEAD(session))): \
((size_t)session->security_parameters.max_record_send_size+MAX_RECORD_SEND_OVERHEAD(session)))
#include <hash_int.h>
#include <cipher_int.h>
-#include <compress.h>
typedef struct {
uint8_t hash_algorithm;
* on resume;
*/
uint8_t cipher_suite[2];
- gnutls_compression_method_t compression_method;
gnutls_mac_algorithm_t prf_mac;
uint8_t master_secret[GNUTLS_MASTER_SIZE];
uint8_t client_random[GNUTLS_RANDOM_SIZE];
gnutls_datum_t IV;
gnutls_datum_t key;
auth_cipher_hd_st cipher_state;
- comp_hd_st compression_state;
gnutls_uint64 sequence_number;
};
uint16_t epoch;
int initialized;
- gnutls_compression_method_t compression_algorithm;
-
const cipher_entry_st *cipher;
bool etm;
const mac_entry_st *mac;
priority_st cipher;
priority_st mac;
priority_st kx;
- priority_st compression;
priority_st protocol;
priority_st cert_type;
priority_st sign_algo;
bool no_tickets;
bool no_etm;
bool have_cbc;
- /* Whether stateless compression will be used */
- bool stateless_compression;
unsigned int additional_verify_flags;
/* The session's expected security level.
/*
* Copyright (C) 2000-2016 Free Software Foundation, Inc.
- * Copyright (C) 2015-2016 Red Hat, Inc.
+ * Copyright (C) 2015-2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
#include "dh.h"
#include "debug.h"
#include "algorithms.h"
-#include "compress.h"
#include "cipher.h"
#include "buffers.h"
#include "mbuffers.h"
#define TRUE 1
#define FALSE 0
-static int server_select_comp_method(gnutls_session_t session,
+static int check_if_null_comp_present(gnutls_session_t session,
uint8_t * data, int datalen);
static int handshake_client(gnutls_session_t session);
static int handshake_server(gnutls_session_t session);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_set_compression(session,
- session->internals.
- resumed_security_parameters.
- compression_method);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
/* or write_compression_algorithm
* they are the same
*/
/* select appropriate compression method */
ret =
- server_select_comp_method(session, comp_ptr,
+ check_if_null_comp_present(session, comp_ptr,
comp_size);
if (ret < 0) {
gnutls_assert();
}
-/* This selects the best supported compression method from the ones provided
+/* This checks whether the null compression method is present.
*/
static int
-server_select_comp_method(gnutls_session_t session,
+check_if_null_comp_present(gnutls_session_t session,
uint8_t * data, int datalen)
{
- int x, i, j;
- uint8_t comps[MAX_ALGOS];
- int ret;
-
- x = _gnutls_supported_compression_methods(session, comps,
- MAX_ALGOS);
- if (x < 0) {
- gnutls_assert();
- return x;
- }
-
- if (session->internals.priorities.server_precedence == 0) {
- for (j = 0; j < datalen; j++) {
- for (i = 0; i < x; i++) {
- if (comps[i] == data[j]) {
- gnutls_compression_method_t method
- =
- _gnutls_compression_get_id
- (comps[i]);
-
- ret = _gnutls_set_compression
- (session, method);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n",
- session,
- gnutls_compression_get_name
- (method));
- return 0;
- }
- }
- }
- } else {
- for (i = 0; i < x; i++) {
- for (j = 0; j < datalen; j++) {
- if (comps[i] == data[j]) {
- gnutls_compression_method_t method
- =
- _gnutls_compression_get_id
- (comps[i]);
-
- ret = _gnutls_set_compression
- (session, method);
- if (ret < 0)
- return gnutls_assert_val(ret);
+ int j;
- _gnutls_handshake_log
- ("HSK[%p]: Selected Compression Method: %s\n",
- session,
- gnutls_compression_get_name
- (method));
- return 0;
- }
- }
- }
+ for (j = 0; j < datalen; j++) {
+ if (data[j] == 0)
+ return 0;
}
- /* we were not able to find a compatible compression
+ /* we were not able to find a the NULL compression
* algorithm
*/
gnutls_assert();
return 0;
}
-/* This function sets the given comp method to the session.
- */
-static int
-set_client_comp_method(gnutls_session_t session,
- uint8_t comp_method)
-{
- int comp_methods_num;
- uint8_t compression_methods[MAX_ALGOS];
- int id = _gnutls_compression_get_id(comp_method);
- int i;
- int ret;
-
- _gnutls_handshake_log
- ("HSK[%p]: Selected compression method: %s (%d)\n", session,
- gnutls_compression_get_name(id), (int) comp_method);
-
- comp_methods_num = _gnutls_supported_compression_methods(session,
- compression_methods,
- MAX_ALGOS);
- if (comp_methods_num < 0) {
- gnutls_assert();
- return comp_methods_num;
- }
-
- for (i = 0; i < comp_methods_num; i++) {
- if (compression_methods[i] == comp_method) {
- comp_methods_num = 0;
- break;
- }
- }
-
- if (comp_methods_num != 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
-
- ret = _gnutls_set_compression(session, id);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- return 0;
-}
-
/* This function returns 0 if we are resuming a session or -1 otherwise.
* This also sets the variables in the session. Used only while reading a server
* hello.
gnutls_assert();
goto no_resume;
}
- ret = _gnutls_set_compression(session,
- session->internals.
- resumed_security_parameters.
- compression_method);
- if (ret < 0) {
- gnutls_assert();
- goto no_resume;
- }
session->internals.resumed = RESUME_TRUE; /* we are resuming */
/* move to compression
*/
DECR_LEN(len, 1);
-
- ret = set_client_comp_method(session, data[pos++]);
- if (ret < 0) {
- gnutls_assert();
- return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
- }
+ pos++;
/* Parse extensions.
*/
* Needed in hello messages. Returns the new data length.
*/
static int
-copy_comp_methods(gnutls_session_t session,
+append_null_comp(gnutls_session_t session,
gnutls_buffer_st * cdata)
{
- int ret;
- uint8_t compression_methods[MAX_ALGOS], comp_num;
+ uint8_t compression_methods[2] = {0x01, 0x00};
size_t init_length = cdata->length;
+ int ret;
ret =
- _gnutls_supported_compression_methods(session,
- compression_methods,
- MAX_ALGOS);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- comp_num = ret;
-
- /* put the number of compression methods */
- ret = _gnutls_buffer_append_prefix(cdata, 8, comp_num);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- _gnutls_buffer_append_data(cdata, compression_methods,
- comp_num);
+ _gnutls_buffer_append_data(cdata, compression_methods, 2);
if (ret < 0)
return gnutls_assert_val(ret);
/* Copy the compression methods.
*/
- ret = copy_comp_methods(session, &extdata);
+ ret = append_null_comp(session, &extdata);
if (ret < 0) {
gnutls_assert();
goto cleanup;
gnutls_buffer_st extdata;
int pos = 0;
int datalen, ret = 0;
- uint8_t comp;
uint8_t session_id_len =
session->security_parameters.session_id_size;
char buf[2 * GNUTLS_MAX_SESSION_ID_SIZE + 1];
session->security_parameters.cipher_suite, 2);
pos += 2;
- comp =
- _gnutls_compression_get_num(session->
- security_parameters.
- compression_method);
- data[pos++] = comp;
+ data[pos++] = 0x00;
if (extdata.length > 0) {
memcpy(&data[pos], extdata.data, extdata.length);
};
static const int* cipher_priority_secure192 = _cipher_priority_secure192;
-static const int comp_priority[] = {
- /* compression should be explicitly requested to be enabled */
- GNUTLS_COMP_NULL,
- 0
-};
-
static const int _sign_priority_default[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_ECDSA_SHA256,
* @priority: is a #gnutls_priority_t type.
*
* Sets the priorities to use on the ciphers, key exchange methods,
- * macs and compression methods.
+ * and macs.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
if (session->internals.priorities.protocol.algorithms == 0 ||
session->internals.priorities.cipher.algorithms == 0 ||
session->internals.priorities.mac.algorithms == 0 ||
- session->internals.priorities.kx.algorithms == 0 ||
- session->internals.priorities.compression.algorithms == 0)
+ session->internals.priorities.kx.algorithms == 0)
return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
ADD_PROFILE_VFLAGS(session, priority->additional_verify_flags);
{
c->no_tickets = 1;
}
-static void enable_stateless_compression(gnutls_priority_t c)
-{
- c->stateless_compression = 1;
-}
static void disable_wildcards(gnutls_priority_t c)
{
c->additional_verify_flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS;
* @priorities: is a string describing priorities (may be %NULL)
* @err_pos: In case of an error this will have the position in the string the error occurred
*
- * Sets priorities for the ciphers, key exchange methods, macs and
- * compression methods. The @priority_cache should be deinitialized
+ * Sets priorities for the ciphers, key exchange methods, and macs.
+ * The @priority_cache should be deinitialized
* using gnutls_priority_deinit().
*
* The #priorities option allows you to specify a colon
* "SUITEB192" means all the NSA SuiteB ciphersuites with security level
* of 192.
*
- * "NONE" means nothing is enabled. This disables even protocols and
- * compression methods.
+ * "NONE" means nothing is enabled. This disables everything, including protocols.
*
* "@@KEYWORD1,KEYWORD2,..." The system administrator imposed settings.
* The provided keyword(s) will be expanded from a configuration-time
*
* "NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.
*
- * "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
- * enabled, SSL3.0 is disabled, and libz compression enabled.
+ * "SECURE128:-VERS-SSL3.0" means that only secure ciphers are
+ * and enabled, SSL3.0 is disabled.
*
* "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
*
}
break_list(darg, broken_list, &broken_list_size);
- /* This is our default set of protocol version, certificate types and
- * compression methods.
+ /* This is our default set of protocol version, certificate types.
*/
if (strcasecmp(broken_list[0], LEVEL_NONE) != 0) {
_set_priority(&(*priority_cache)->protocol,
protocol_priority);
- _set_priority(&(*priority_cache)->compression,
- comp_priority);
_set_priority(&(*priority_cache)->cert_type,
cert_type_priority_default);
_set_priority(&(*priority_cache)->sign_algo,
} /* now check if the element is something like -ALGO */
else if (strncasecmp
(&broken_list[i][1], "COMP-", 5) == 0) {
- if (strncasecmp
- (&broken_list[i][1], "COMP-ALL",
- 8) == 0) {
- bulk_fn(&(*priority_cache)->
- compression,
- comp_priority);
- } else {
- if ((algo =
- gnutls_compression_get_id
- (&broken_list[i][6])) !=
- GNUTLS_COMP_UNKNOWN)
- fn(&(*priority_cache)->
- compression, algo);
- else
- goto error;
- }
+ /* ignore all compression methods */
+ continue;
} /* now check if the element is something like -ALGO */
else if (strncasecmp
(&broken_list[i][1], "CURVE-", 6) == 0) {
* @err_pos: In case of an error this will have the position in the string the error occurred
*
* Sets the priorities to use on the ciphers, key exchange methods,
- * macs and compression methods. This function avoids keeping a
+ * and macs. This function avoids keeping a
* priority cache and is used to directly set string priorities to a
* TLS session. For documentation check the gnutls_priority_init().
*
* @session: is a #gnutls_session_t type.
*
* Sets the default priority on the ciphers, key exchange methods,
- * macs and compression methods. This is the recommended method of
+ * and macs. This is the recommended method of
* setting the defaults, in order to promote consistency between applications
* using GnuTLS, and to allow GnuTLS using applications to update settings
* in par with the library. For client applications which require
gnutls_priority_compression_list(gnutls_priority_t pcache,
const unsigned int **list)
{
- if (pcache->compression.algorithms == 0)
- return 0;
+ static const unsigned int priority[1] = {GNUTLS_COMP_NULL};
- *list = pcache->compression.priority;
- return pcache->compression.algorithms;
+ *list = priority;
+ return 1;
}
/**
NO_TICKETS, enable_no_tickets
NO_ETM, enable_no_etm
NO_SESSION_HASH, enable_no_ext_master_secret
-STATELESS_COMPRESSION, enable_stateless_compression
+STATELESS_COMPRESSION, dummy_func
VERIFY_ALLOW_BROKEN, enable_verify_allow_broken
VERIFY_ALLOW_SIGN_RSA_MD5, enable_verify_allow_rsa_md5
VERIFY_ALLOW_SIGN_WITH_SHA1, enable_verify_allow_sha1
#include "gnutls_int.h"
#include "errors.h"
#include "debug.h"
-#include "compress.h"
#include "cipher.h"
#include "buffers.h"
#include "mbuffers.h"
* 1 byte the key exchange algorithm used
* 1 byte the read cipher algorithm
* 1 byte the read mac algorithm
- * 1 byte the read compression algorithm
*
* 1 byte the write cipher algorithm
* 1 byte the write mac algorithm
- * 1 byte the write compression algorithm
*
* 1 byte the certificate type
* 1 byte the protocol version
BUFFER_APPEND_NUM(ps, session->security_parameters.entity);
BUFFER_APPEND_NUM(ps, session->security_parameters.kx_algorithm);
BUFFER_APPEND(ps, session->security_parameters.cipher_suite, 2);
- BUFFER_APPEND_NUM(ps,
- session->security_parameters.compression_method);
BUFFER_APPEND_NUM(ps, session->security_parameters.cert_type);
BUFFER_APPEND_NUM(ps, session->security_parameters.pversion->id);
BUFFER_POP(ps,
session->internals.resumed_security_parameters.
cipher_suite, 2);
- BUFFER_POP_NUM(ps,
- session->internals.resumed_security_parameters.
- compression_method);
BUFFER_POP_NUM(ps,
session->internals.resumed_security_parameters.
cert_type);
* @kx: the key exchange method
* @cipher: the cipher
* @mac: the MAC algorithm
- * @comp: the compression method
+ * @comp: the compression method (ignored)
* @master: the master key to use
* @session_id: the session identifier
*
if (ret < 0)
return gnutls_assert_val(ret);
- session->internals.resumed_security_parameters.compression_method =
- comp;
session->internals.resumed_security_parameters.cert_type =
DEFAULT_CERT_TYPE;
session->internals.resumed_security_parameters.pversion =
#include "dh.h"
#include "debug.h"
#include "algorithms.h"
-#include "compress.h"
#include "cipher.h"
#include "buffers.h"
#include "kx.h"
session->internals.resumed = RESUME_FALSE;
}
- ret = _gnutls_set_compression(session, GNUTLS_COMP_NULL);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
return sret;
}
#endif
gnutls_compression_method_t
gnutls_compression_get(gnutls_session_t session)
{
- record_parameters_st *record_params;
- int ret;
-
- ret =
- _gnutls_epoch_get(session, EPOCH_READ_CURRENT, &record_params);
- if (ret < 0)
- return gnutls_assert_val(GNUTLS_COMP_NULL);
-
- return record_params->compression_algorithm;
+ return GNUTLS_COMP_NULL;
}
static void deinit_keys(gnutls_session_t session)
projects / thirdparty / gnutls.git / commitdiff
