this change moves stack of compression methods, now global variable

build.info

@@ -26,6 +26,7 @@ DEPEND[]=include/openssl/asn1.h \
          include/openssl/cmp.h \
          include/openssl/cms.h \
          include/openssl/conf.h \
+         include/openssl/comp.h \
          include/openssl/core_names.h \
          include/openssl/crmf.h \
          include/openssl/crypto.h \
@@ -55,6 +56,7 @@ GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in
 GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
 GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
 GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in
+GENERATE[include/openssl/comp.h]=include/openssl/comp.h.in
 # include/openssl/configuration.h is generated by configdata.pm
 # We still need this information for the FIPS module checksum, but the attribute
 # 'skip' ensures that nothing is actually done with it.

crypto/build.info

@@ -104,10 +104,10 @@ $UTIL_COMMON=\
 
 SOURCE[../libcrypto]=$UTIL_COMMON \
         mem.c mem_sec.c \
-        cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
-        o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \
-        punycode.c passphrase.c sleep.c deterministic_nonce.c quic_vlint.c \
-        time.c
+        comp_methods.c cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c \
+        o_dir.c o_fopen.c getenv.c o_init.c init.c trace.c provider.c \
+        provider_child.c punycode.c passphrase.c sleep.c deterministic_nonce.c \
+        quic_vlint.c time.c
 SOURCE[../providers/libfips.a]=$UTIL_COMMON
 
 SOURCE[../libcrypto]=$UPLINKSRC

crypto/comp_methods.c

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/comp.h>
+#include <openssl/obj_mac.h>
+
+#include "internal/cryptlib.h"
+#include "internal/comp.h"
+
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
+#ifndef OPENSSL_NO_COMP
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+    return ((*a)->id - (*b)->id);
+}
+#endif
+
+STACK_OF(SSL_COMP) *ossl_load_builtin_compressions(void)
+{
+    STACK_OF(SSL_COMP) *comp_methods = NULL;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            if (!sk_SSL_COMP_push(comp_methods, comp))
+                OPENSSL_free(comp);
+        }
+    }
+#endif
+    return comp_methods;
+}
+
+static void cmeth_free(SSL_COMP *cm)
+{
+    OPENSSL_free(cm);
+}
+
+void ossl_free_compression_methods_int(STACK_OF(SSL_COMP) *methods)
+{
+    sk_SSL_COMP_pop_free(methods, cmeth_free);
+}

crypto/context.c

@@ -11,6 +11,7 @@
 #include <openssl/conf.h>
 #include "internal/thread_once.h"
 #include "internal/property.h"
+#include "internal/cryptlib.h"
 #include "internal/core.h"
 #include "internal/bio.h"
 #include "internal/provider.h"
@@ -48,6 +49,7 @@ struct ossl_lib_ctx_st {
     void *thread_event_handler;
     void *fips_prov;
 #endif
+    STACK_OF(SSL_COMP) *comp_methods;
 
     int ischild;
     int conf_diagnostics;
@@ -204,6 +206,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
     if (!ossl_property_parse_init(ctx))
         goto err;
 
+#ifndef FIPS_MODULE
+    ctx->comp_methods = ossl_load_builtin_compressions();
+#endif
+
     return 1;
 
  err:
@@ -344,6 +350,14 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
         ctx->child_provider = NULL;
     }
 #endif
+
+#ifndef FIPS_MODULE
+    if (ctx->comp_methods != NULL) {
+        ossl_free_compression_methods_int(ctx->comp_methods);
+        ctx->comp_methods = NULL;
+    }
+#endif
+
 }
 
 static int context_deinit(OSSL_LIB_CTX *ctx)
@@ -634,11 +648,19 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
         return ctx->fips_prov;
 #endif
 
+    case OSSL_LIB_CTX_COMP_METHODS:
+        return (void *)&ctx->comp_methods;
+
     default:
         return NULL;
     }
 }
 
+void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index)
+{
+    return ossl_lib_ctx_get_data(ctx, index);
+}
+
 OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx)
 {
     ctx = ossl_lib_ctx_get_concrete(ctx);

doc/man3/OSSL_LIB_CTX.pod

@@ -2,8 +2,9 @@
 
 =head1 NAME
 
-OSSL_LIB_CTX, OSSL_LIB_CTX_new, OSSL_LIB_CTX_new_from_dispatch,
-OSSL_LIB_CTX_new_child, OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config,
+OSSL_LIB_CTX, OSSL_LIB_CTX_get_data, OSSL_LIB_CTX_new,
+OSSL_LIB_CTX_new_from_dispatch, OSSL_LIB_CTX_new_child,
+OSSL_LIB_CTX_free, OSSL_LIB_CTX_load_config,
 OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
 - OpenSSL library context
 
@@ -22,6 +23,7 @@ OSSL_LIB_CTX_get0_global_default, OSSL_LIB_CTX_set0_default
  void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx);
  OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void);
  OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *ctx);
+ void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index);
 
 =head1 DESCRIPTION
 
@@ -111,6 +113,14 @@ in the mean time.  This means that the calling thread must not free the
 library context that was the default at the start of the async job before
 that job has finished.
 
+OSSL_LIB_CTX_get_data() returns a memory address whose interpretation depends
+on the index.  The index argument refers to a context member which is
+to be retrieved. The values for index are all private to OpenSSL currently
+and so applications should not typically call this function.
+If ctx is NULL then the function operates on the default library context.
+OSSL_LIB_CTX_get_data() returns a memory address whose interpretation
+depends on the index.
+
 =head1 RETURN VALUES
 
 OSSL_LIB_CTX_new(), OSSL_LIB_CTX_get0_global_default() and
@@ -121,10 +131,15 @@ OSSL_LIB_CTX_free() doesn't return any value.
 
 OSSL_LIB_CTX_load_config() returns 1 on success, 0 on error.
 
+OSSL_LIB_CTX_get_data() returns a memory address whose interpretation
+depends on the index.
+
 =head1 HISTORY
 
 All of the functions described on this page were added in OpenSSL 3.0.
 
+OSSL_LIB_CTX_get_data() was introduced in OpenSSL 3.4.
+
 =head1 COPYRIGHT
 
 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.

include/internal/comp.h

@@ -6,9 +6,19 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+#ifndef _INTERNAL_COMP_H
+#define	_INTERNAL_COMP_H
 
 #include <openssl/comp.h>
 
 void ossl_comp_zlib_cleanup(void);
 void ossl_comp_brotli_cleanup(void);
 void ossl_comp_zstd_cleanup(void);
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+    COMP_METHOD *method;
+};
+
+#endif

include/internal/cryptlib.h

@@ -86,7 +86,6 @@ typedef struct ossl_ex_data_global_st {
     EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
 } OSSL_EX_DATA_GLOBAL;
 
-
 /* OSSL_LIB_CTX */
 
 # define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX          0
@@ -117,7 +116,8 @@ typedef struct ossl_ex_data_global_st {
 # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX          18
 # define OSSL_LIB_CTX_THREAD_INDEX                  19
 # define OSSL_LIB_CTX_DECODER_CACHE_INDEX           20
-# define OSSL_LIB_CTX_MAX_INDEXES                   20
+# define OSSL_LIB_CTX_COMP_METHODS                  21
+# define OSSL_LIB_CTX_MAX_INDEXES                   21
 
 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
 int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
@@ -161,4 +161,7 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep);
 unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen,
                                    const char sep);
 
+STACK_OF(SSL_COMP) *ossl_load_builtin_compressions(void);
+void ossl_free_compression_methods_int(STACK_OF(SSL_COMP) *methods);
+
 #endif

include/openssl/comp.h → include/openssl/comp.h.in

@@ -1,12 +1,16 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_COMP_H
 # define OPENSSL_COMP_H
 # pragma once
@@ -18,7 +22,6 @@
 
 # include <openssl/opensslconf.h>
 
-# ifndef OPENSSL_NO_COMP
 # include <openssl/crypto.h>
 # include <openssl/comperr.h>
 # ifdef  __cplusplus
@@ -27,6 +30,8 @@ extern "C" {
 
 
 
+# ifndef OPENSSL_NO_COMP
+
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
 const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
 int COMP_CTX_get_type(const COMP_CTX* comp);
@@ -46,19 +51,26 @@ COMP_METHOD *COMP_brotli_oneshot(void);
 COMP_METHOD *COMP_zstd(void);
 COMP_METHOD *COMP_zstd_oneshot(void);
 
-#ifndef OPENSSL_NO_DEPRECATED_1_1_0
-# define COMP_zlib_cleanup() while(0) continue
-#endif
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   define COMP_zlib_cleanup() while(0) continue
+#  endif
 
-# ifdef OPENSSL_BIO_H
+#  ifdef OPENSSL_BIO_H
 const BIO_METHOD *BIO_f_zlib(void);
 const BIO_METHOD *BIO_f_brotli(void);
 const BIO_METHOD *BIO_f_zstd(void);
+#  endif
+
 # endif
 
+typedef struct ssl_comp_st SSL_COMP;
+
+{-
+    generate_stack_macros("SSL_COMP");
+-}
 
-#  ifdef  __cplusplus
+
+# ifdef  __cplusplus
 }
-#  endif
 # endif
 #endif

include/openssl/crypto.h.in

@@ -541,6 +541,9 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *ctx, int value);
 
 void OSSL_sleep(uint64_t millis);
 
+
+void *OSSL_LIB_CTX_get_data(OSSL_LIB_CTX *ctx, int index);
+
 # ifdef  __cplusplus
 }
 # endif

include/openssl/ssl.h.in

@@ -236,10 +236,8 @@ typedef struct ssl_cipher_st SSL_CIPHER;
 typedef struct ssl_session_st SSL_SESSION;
 typedef struct tls_sigalgs_st TLS_SIGALGS;
 typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
-typedef struct ssl_comp_st SSL_COMP;
 
 STACK_OF(SSL_CIPHER);
-STACK_OF(SSL_COMP);
 
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
 typedef struct srtp_protection_profile_st {
@@ -975,8 +973,7 @@ extern "C" {
  * in VisualStudio 2015
  */
 {-
-    generate_const_stack_macros("SSL_CIPHER")
-    .generate_stack_macros("SSL_COMP");
+    generate_const_stack_macros("SSL_CIPHER");
 -}
 
 /* compatibility */

ssl/record/rec_layer_s3.c

@@ -19,6 +19,7 @@
 #include <openssl/core_names.h>
 #include "record_local.h"
 #include "internal/packet.h"
+#include "internal/comp.h"
 
 void RECORD_LAYER_init(RECORD_LAYER *rl, SSL_CONNECTION *s)
 {