diff options
| -rw-r--r-- | Configurations/00-base-templates.conf | 11 | ||||
| -rwxr-xr-x | Configure | 19 | ||||
| -rw-r--r-- | INSTALL.md | 37 | ||||
| -rw-r--r-- | apps/enc.c | 22 | ||||
| -rw-r--r-- | apps/list.c | 3 | ||||
| -rw-r--r-- | apps/progs.pl | 2 | ||||
| -rw-r--r-- | crypto/comp/build.info | 3 | ||||
| -rw-r--r-- | crypto/comp/c_zstd.c | 827 | ||||
| -rw-r--r-- | crypto/comp/comp_err.c | 7 | ||||
| -rw-r--r-- | crypto/err/openssl.txt | 4 | ||||
| -rw-r--r-- | crypto/init.c | 2 | ||||
| -rw-r--r-- | crypto/objects/obj_dat.h | 9 | ||||
| -rw-r--r-- | crypto/objects/obj_mac.num | 1 | ||||
| -rw-r--r-- | crypto/objects/objects.txt | 3 | ||||
| -rw-r--r-- | doc/man3/COMP_CTX_new.pod | 38 | ||||
| -rw-r--r-- | doc/man3/SSL_COMP_add_compression_method.pod | 4 | ||||
| -rw-r--r-- | include/internal/comp.h | 1 | ||||
| -rw-r--r-- | include/openssl/comp.h | 3 | ||||
| -rw-r--r-- | include/openssl/comperr.h | 4 | ||||
| -rw-r--r-- | include/openssl/obj_mac.h | 4 | ||||
| -rw-r--r-- | test/bio_comp_test.c | 26 | ||||
| -rw-r--r-- | test/build.info | 2 | ||||
| -rw-r--r-- | test/recipes/07-test_bio_comp.t | 2 | ||||
| -rw-r--r-- | util/libcrypto.num | 3 | ||||
| -rw-r--r-- | util/perl/OpenSSL/Ordinals.pm | 1 |
25 files changed, 1010 insertions, 28 deletions
diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 4bc1915906..55da5ec56c 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -52,6 +52,8 @@ my %targets=( push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"}; push @defs, "ZLIB" unless $disabled{zlib}; push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"}; + push @defs, "ZSTD" unless $disabled{zstd}; + push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"}; return [ @defs ]; }, includes => @@ -61,6 +63,8 @@ my %targets=( if !$disabled{brotli} && $withargs{brotli_include}; push @incs, $withargs{zlib_include} if !$disabled{zlib} && $withargs{zlib_include}; + push @incs, $withargs{zstd_include} + if !$disabled{zstd} && $withargs{zstd_include}; return [ @incs ]; }, }, @@ -77,6 +81,7 @@ my %targets=( my @libs = (); push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib}; push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib}; + push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib}; return join(" ", @libs); }, ex_libs => @@ -89,6 +94,7 @@ my %targets=( push(@libs, "-lbrotlicommon"); push(@libs, "-lm"); } + push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"}); return join(" ", @libs); }, HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares @@ -123,6 +129,11 @@ my %targets=( push(@libs, $withargs{zlib_lib} // "ZLIB1"); } } + unless ($disabled{zstd}) { + if (defined($disabled{"zstd-dynamic"})) { + push(@libs, $withargs{zstd_lib} // "libzstd"); + } + } unless ($disabled{brotli}) { if (defined($disabled{"brotli-dynamic"})) { my $path = ""; @@ -517,6 +517,8 @@ my @disablables = ( "whirlpool", "zlib", "zlib-dynamic", + "zstd", + "zstd-dynamic", ); foreach my $proto ((@tls, @dtls)) { @@ -574,6 +576,8 @@ our %disabled = ( # "what" => "comment" "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default", + "zstd" => "default", + "zstd-dynamic" => "default", ); # Note: => pair form used for aesthetics, not to truly make a hash table @@ -602,6 +606,7 @@ my @disable_cascades = ( "ssl3-method" => [ "ssl3" ], "zlib" => [ "zlib-dynamic" ], "brotli" => [ "brotli-dynamic" ], + "zstd" => [ "zstd-dynamic" ], "des" => [ "mdc2" ], "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ], "dgram" => [ "dtls", "quic", "sctp" ], @@ -647,7 +652,7 @@ my @disable_cascades = ( "stdio" => [ "apps", "capieng", "egd" ], "apps" => [ "tests" ], "tests" => [ "external-tests" ], - "comp" => [ "zlib", "brotli" ], + "comp" => [ "zlib", "brotli", "zstd" ], "sm3" => [ "sm2" ], sub { !$disabled{"unit-test"} } => [ "heartbeats" ], @@ -912,6 +917,10 @@ while (@argvcopy) { delete $disabled{"brotli"}; } + elsif ($1 eq "zstd-dynamic") + { + delete $disabled{"zstd"}; + } my $algo = $1; delete $disabled{$algo}; @@ -996,6 +1005,14 @@ while (@argvcopy) { $withargs{brotli_include}=$1; } + elsif (/^--with-zstd-lib=(.*)$/) + { + $withargs{zstd_lib}=$1; + } + elsif (/^--with-zstd-include=(.*)$/) + { + $withargs{zstd_include}=$1; + } elsif (/^--with-fuzzer-lib=(.*)$/) { $withargs{fuzzer_lib}=$1; diff --git a/INSTALL.md b/INSTALL.md index 234f39c201..fdd234fa57 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -440,6 +440,32 @@ then this flag is optional and defaults to `ZLIB1` if not provided. This flag is optional and if not provided then `GNV$LIBZSHR`, `GNV$LIBZSHR32` or `GNV$LIBZSHR64` is used by default depending on the pointer size chosen. +### with-zstd-include + + --with-zstd-include=DIR + +The directory for the location of the Zstd include file. This option is only +necessary if [enable-std](#enable-zstd) is used and the include file is not +already on the system include path. + +OpenSSL requires Zstd 1.4 or greater. The Linux kernel source contains a +*zstd.h* file that is not compatible with the 1.4.x Zstd distribution, the +compilation will generate an error if the Linux *zstd.h* is included before +(or instead of) the Zstd distribution header. + +### with-zstd-lib + + --with-zstd-lib=LIB + +**On Unix**: this is the directory containing the Zstd library. +If not provided the system library path will be used. + +**On Windows:** this is the filename of the Zstd library (with or +without a path). This flag must be provided if the +[enable-zstd-dynamic](#enable-zstd-dynamic) option is not also used. +If `zstd-dynamic` is used then this flag is optional and defaults +to `LIBZSTD` if not provided. + Seeding the Random Generator ---------------------------- @@ -1014,6 +1040,17 @@ when needed. This is only supported on systems where loading of shared libraries is supported. +### enable-zstd + +Build with support for Zstd compression/decompression. + +### enable-zstd-dynamic + +Like the enable-zstd option, but has OpenSSL load the Zstd library dynamically +when needed. + +This is only supported on systems where loading of shared libraries is supported. + ### 386 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules diff --git a/apps/enc.c b/apps/enc.c index 4da2342791..cbeaeaa8aa 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -136,6 +136,8 @@ int enc_main(int argc, char **argv) #endif int do_brotli = 0; BIO *bbrot = NULL; + int do_zstd = 0; + BIO *bzstd = NULL; /* first check the command name */ if (strcmp(argv[0], "base64") == 0) @@ -148,6 +150,10 @@ int enc_main(int argc, char **argv) else if (strcmp(argv[0], "brotli") == 0) do_brotli = 1; #endif +#ifndef OPENSSL_NO_ZSTD + else if (strcmp(argv[0], "zstd") == 0) + do_zstd = 1; +#endif else if (strcmp(argv[0], "enc") != 0) ciphername = argv[0]; @@ -332,6 +338,8 @@ int enc_main(int argc, char **argv) #endif if (do_brotli) base64 = 0; + if (do_zstd) + base64 = 0; if (base64) { if (enc) @@ -436,6 +444,19 @@ int enc_main(int argc, char **argv) else rbio = BIO_push(bbrot, rbio); } + + if (do_zstd) { + if ((bzstd = BIO_new(BIO_f_zstd())) == NULL) + goto end; + if (debug) { + BIO_set_callback_ex(bzstd, BIO_debug_callback_ex); + BIO_set_callback_arg(bzstd, (char *)bio_err); + } + if (enc) + wbio = BIO_push(bzstd, wbio); + else + rbio = BIO_push(bzstd, rbio); + } #endif if (base64) { @@ -682,6 +703,7 @@ int enc_main(int argc, char **argv) BIO_free(bzl); #endif BIO_free(bbrot); + BIO_free(bzstd); release_engine(e); OPENSSL_free(pass); return ret; diff --git a/apps/list.c b/apps/list.c index f198c1cda7..76067f6b3b 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1427,6 +1427,9 @@ static void list_disabled(void) #ifdef OPENSSL_NO_BROTLI BIO_puts(bio_out, "BROTLI\n"); #endif +#ifdef OPENSSL_NO_ZSTD + BIO_puts(bio_out, "ZSTD\n"); +#endif } /* Unified enum for help and list commands. */ diff --git a/apps/progs.pl b/apps/progs.pl index c4e7ae59cf..77404e78dc 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -188,7 +188,7 @@ EOF "camellia-128-cbc", "camellia-128-ecb", "camellia-192-cbc", "camellia-192-ecb", "camellia-256-cbc", "camellia-256-ecb", - "base64", "zlib", "brotli", + "base64", "zlib", "brotli", "zstd", "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", "rc2", "bf", "cast", "rc5", "des-ecb", "des-ede", "des-ede3", diff --git a/crypto/comp/build.info b/crypto/comp/build.info index 014628e45d..7892c96ff2 100644 --- a/crypto/comp/build.info +++ b/crypto/comp/build.info @@ -1,5 +1,6 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]= \ comp_lib.c comp_err.c \ - c_brotli.c \ + c_brotli.c \ + c_zstd.c \ c_zlib.c diff --git a/crypto/comp/c_zstd.c b/crypto/comp/c_zstd.c new file mode 100644 index 0000000000..99d326219e --- /dev/null +++ b/crypto/comp/c_zstd.c @@ -0,0 +1,827 @@ +/* + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Uses zstd compression library from https://github.com/facebook/zstd + * Requires version 1.4.x (latest as of this writing is 1.4.5) + * Using custom free functions require static linking, so that is disabled when + * using the shared library. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/objects.h> +#include "internal/comp.h" +#include <openssl/err.h> +#include "crypto/cryptlib.h" +#include "internal/bio.h" +#include "internal/thread_once.h" +#include "comp_local.h" + +COMP_METHOD *COMP_zstd(void); + +static COMP_METHOD zstd_method_nozstd = { + NID_undef, + "(undef)", + NULL, + NULL, + NULL, + NULL, +}; + +#ifdef OPENSSL_NO_ZSTD +# undef ZSTD_SHARED +#else + +# ifndef ZSTD_SHARED +# define ZSTD_STATIC_LINKING_ONLY +# endif +# include <zstd.h> + +/* Note: There is also a linux zstd.h file in the kernel source */ +# ifndef ZSTD_H_235446 +# error Wrong (i.e. linux) zstd.h included. +# endif + +# if ZSTD_VERSION_MAJOR != 1 && ZSTD_VERSION_MINOR < 4 +# error Expecting version 1.4 or greater of ZSTD +# endif + +# ifndef ZSTD_SHARED +/* memory allocations functions for zstd initialisation */ +static void *zstd_alloc(void *opaque, size_t size) +{ + return OPENSSL_zalloc(size); +} + +static void zstd_free(void *opaque, void *address) +{ + OPENSSL_free(address); +} + +static ZSTD_customMem zstd_mem_funcs = { + zstd_alloc, + zstd_free, + NULL +}; +# endif + +/* + * When OpenSSL is built on Windows, we do not want to require that + * the LIBZSTD.DLL be available in order for the OpenSSL DLLs to + * work. Therefore, all ZSTD routines are loaded at run time + * and we do not link to a .LIB file when ZSTD_SHARED is set. + */ +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +# include <windows.h> +# endif + +# ifdef ZSTD_SHARED +# include "internal/dso.h" + +/* Function pointers */ +typedef ZSTD_CStream* (*createCStream_ft)(void); +typedef size_t (*initCStream_ft)(ZSTD_CStream*, int); +typedef size_t (*freeCStream_ft)(ZSTD_CStream*); +typedef size_t (*compressStream2_ft)(ZSTD_CCtx*, ZSTD_outBuffer*, ZSTD_inBuffer*, ZSTD_EndDirective); +typedef size_t (*flushStream_ft)(ZSTD_CStream*, ZSTD_outBuffer*); +typedef size_t (*endStream_ft)(ZSTD_CStream*, ZSTD_outBuffer*); +typedef size_t (*compress_ft)(void*, size_t, const void*, size_t, int); +typedef ZSTD_DStream* (*createDStream_ft)(void); +typedef size_t (*initDStream_ft)(ZSTD_DStream*); +typedef size_t (*freeDStream_ft)(ZSTD_DStream*); +typedef size_t (*decompressStream_ft)(ZSTD_DStream*, ZSTD_outBuffer*, ZSTD_inBuffer*); +typedef size_t (*decompress_ft)(void*, size_t, const void*, size_t); +typedef unsigned (*isError_ft)(size_t); +typedef const char* (*getErrorName_ft)(size_t); +typedef size_t (*DStreamInSize_ft)(void); +typedef size_t (*CStreamInSize_ft)(void); + +static createCStream_ft p_createCStream = NULL; +static initCStream_ft p_initCStream = NULL; +static freeCStream_ft p_freeCStream = NULL; +static compressStream2_ft p_compressStream2 = NULL; +static flushStream_ft p_flushStream = NULL; +static endStream_ft p_endStream = NULL; +static compress_ft p_compress = NULL; +static createDStream_ft p_createDStream = NULL; +static initDStream_ft p_initDStream = NULL; +static freeDStream_ft p_freeDStream = NULL; +static decompressStream_ft p_decompressStream = NULL; +static decompress_ft p_decompress = NULL; +static isError_ft p_isError = NULL; +static getErrorName_ft p_getErrorName = NULL; +static DStreamInSize_ft p_DStreamInSize = NULL; +static CStreamInSize_ft p_CStreamInSize = NULL; + +static DSO *zstd_dso = NULL; + +# define ZSTD_createCStream p_createCStream +# define ZSTD_initCStream p_initCStream +# define ZSTD_freeCStream p_freeCStream +# define ZSTD_compressStream2 p_compressStream2 +# define ZSTD_flushStream p_flushStream +# define ZSTD_endStream p_endStream +# define ZSTD_compress p_compress +# define ZSTD_createDStream p_createDStream +# define ZSTD_initDStream p_initDStream +# define ZSTD_freeDStream p_freeDStream +# define ZSTD_decompressStream p_decompressStream +# define ZSTD_decompress p_decompress +# define ZSTD_isError p_isError +# define ZSTD_getErrorName p_getErrorName +# define ZSTD_DStreamInSize p_DStreamInSize +# define ZSTD_CStreamInSize p_CStreamInSize + +# endif /* ifdef ZSTD_SHARED */ + +struct zstd_state { + ZSTD_CStream *compressor; + ZSTD_DStream *decompressor; +}; + +static int zstd_stateful_init(COMP_CTX *ctx) +{ + struct zstd_state *state = OPENSSL_zalloc(sizeof(*state)); + + if (state == NULL) + return 0; + +# ifdef ZSTD_SHARED + state->compressor = ZSTD_createCStream(); +# else + state->compressor = ZSTD_createCStream_advanced(zstd_mem_funcs); +# endif + if (state->compressor == NULL) + goto err; + ZSTD_initCStream(state->compressor, ZSTD_CLEVEL_DEFAULT); + +# ifdef ZSTD_SHARED + state->decompressor = ZSTD_createDStream(); +# else + state->decompressor = ZSTD_createDStream_advanced(zstd_mem_funcs); +# endif + if (state->decompressor == NULL) + goto err; + ZSTD_initDStream(state->decompressor); + + ctx->data = state; + return 1; + err: + ZSTD_freeCStream(state->compressor); + ZSTD_freeDStream(state->decompressor); + OPENSSL_free(state); + return 0; +} + +static void zstd_stateful_finish(COMP_CTX *ctx) +{ + struct zstd_state *state = ctx->data; + + if (state != NULL) { + ZSTD_freeCStream(state->compressor); + ZSTD_freeDStream(state->decompressor); + OPENSSL_free(state); + ctx->data = NULL; + } +} + +static int zstd_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, + unsigned int ilen) +{ + ZSTD_inBuffer inbuf; + ZSTD_outBuffer outbuf; + size_t ret; + struct zstd_state *state = ctx->data; + + inbuf.src = in; + inbuf.size = ilen; + inbuf.pos = 0; + outbuf.dst = out; + outbuf.size = olen; + outbuf.pos = 0; + + if (state == NULL) + return -1; + + /* If input length is zero, end the stream/frame ? */ + if (ilen == 0) { + ret = ZSTD_endStream(state->compressor, &outbuf); + if (ZSTD_isError(ret)) + return -1; + return outbuf.pos; + } + + /* + * The finish API does not provide a final output buffer, + * so each compress operation has to be ended, if all + * the input data can't be accepted, or there is more output, + * this has to be considered an error, since there is no more + * output buffer space. + */ + do { + ret = ZSTD_compressStream2(state->compressor, &outbuf, &inbuf, ZSTD_e_continue); + if (ZSTD_isError(ret)) + return -1; + /* do I need to check for ret == 0 ? */ + } while (inbuf.pos < inbuf.size); + + /* Did not consume all the data */ + if (inbuf.pos < inbuf.size) + return -1; + + ret = ZSTD_flushStream(state->compressor, &outbuf); + if (ZSTD_isError(ret)) + return -1; + + return outbuf.pos; +} + +static int zstd_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, + unsigned int ilen) +{ + ZSTD_inBuffer inbuf; + ZSTD_outBuffer outbuf; + size_t ret; + struct zstd_state *state = ctx->data; + + inbuf.src = in; + inbuf.size = ilen; + inbuf.pos = 0; + outbuf.dst = out; + outbuf.size = olen; + outbuf.pos = 0; + + if (state == NULL) + return -1; + + if (ilen == 0) + return 0; + + do { + ret = ZSTD_decompressStream(state->decompressor, &outbuf, &inbuf); + if (ZSTD_isError(ret)) + return -1; + /* If we completed a frame, and there's more data, try again */ + } while (ret == 0 && inbuf.pos < inbuf.size); + + /* Did not consume all the data */ + if (inbuf.pos < inbuf.size) + return -1; + + return outbuf.pos; +} + + +static COMP_METHOD zstd_stateful_method = { + NID_zstd, + LN_zstd, + zstd_stateful_init, + zstd_stateful_finish, + zstd_stateful_compress_block, + zstd_stateful_expand_block +}; + +static int zstd_oneshot_init(COMP_CTX *ctx) +{ + return 1; +} + +static void zstd_oneshot_finish(COMP_CTX *ctx) +{ +} + +static int zstd_oneshot_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, + unsigned int ilen) +{ + size_t out_size; + + if (ilen == 0) + return 0; + + /* Note: uses STDLIB memory allocators */ + out_size = ZSTD_compress(out, olen, in, ilen, ZSTD_CLEVEL_DEFAULT); + if (ZSTD_isError(out_size)) + return -1; + + return out_size; +} + +static int zstd_oneshot_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, + unsigned int ilen) +{ + size_t out_size; + + if (ilen == 0) + return 0; + + /* Note: uses STDLIB memory allocators */ + out_size = ZSTD_decompress(out, olen, in, ilen); + if (ZSTD_isError(out_size)) + return -1; + + return out_size; +} + +static COMP_METHOD zstd_oneshot_method = { + NID_zstd, + LN_zstd, + zstd_oneshot_init, + zstd_oneshot_finish, + zstd_oneshot_compress_block, + zstd_oneshot_expand_block +}; + +static CRYPTO_ONCE zstd_once = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(ossl_comp_zstd_init) +{ +# ifdef ZSTD_SHARED +# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +# define LIBZSTD "LIBZSTD" +# else +# define LIBZSTD "zstd" +# endif + + zstd_dso = DSO_load(NULL, LIBZSTD, NULL, 0); + if (zstd_dso != NULL) { + p_createCStream = (createCStream_ft)DSO_bind_func(zstd_dso, "ZSTD_createCStream"); + p_initCStream = (initCStream_ft)DSO_bind_func(zstd_dso, "ZSTD_initCStream"); + p_freeCStream = (freeCStream_ft)DSO_bind_func(zstd_dso, "ZSTD_freeCStream"); + p_compressStream2 = (compressStream2_ft)DSO_bind_func(zstd_dso, "ZSTD_compressStream2"); + p_flushStream = (flushStream_ft)DSO_bind_func(zstd_dso, "ZSTD_flushStream"); + p_endStream = (endStream_ft)DSO_bind_func(zstd_dso, "ZSTD_endStream"); + p_compress = (compress_ft)DSO_bind_func(zstd_dso, "ZSTD_compress"); + p_createDStream = (createDStream_ft)DSO_bind_func(zstd_dso, "ZSTD_createDStream"); + p_initDStream = (initDStream_ft)DSO_bind_func(zstd_dso, "ZSTD_initDStream"); + p_freeDStream = (freeDStream_ft)DSO_bind_func(zstd_dso, "ZSTD_freeDStream"); + p_decompressStream = (decompressStream_ft)DSO_bind_func(zstd_dso, "ZSTD_decompressStream"); + p_decompress = (decompress_ft)DSO_bind_func(zstd_dso, "ZSTD_decompress"); + p_isError = (isError_ft)DSO_bind_func(zstd_dso, "ZSTD_isError"); + p_getErrorName = (getErrorName_ft)DSO_bind_func(zstd_dso, "ZSTD_getErrorName"); + p_DStreamInSize = (DStreamInSize_ft)DSO_bind_func(zstd_dso, "ZSTD_DStreamInSize"); + p_CStreamInSize = (CStreamInSize_ft)DSO_bind_func(zstd_dso, "ZSTD_CStreamInSize"); + } + + if (p_createCStream == NULL || p_initCStream == NULL || p_freeCStream == NULL + || p_compressStream2 == NULL || p_flushStream == NULL || p_endStream == NULL + || p_compress == NULL || p_createDStream == NULL || p_initDStream == NULL + || p_freeDStream == NULL || p_decompressStream == NULL || p_decompress == NULL + || p_isError == NULL || p_getErrorName == NULL || p_DStreamInSize == NULL + || p_CStreamInSize == NULL) { + ossl_comp_zstd_cleanup(); + return 0; + } +# endif + return 1; +} +#endif /* ifndef ZSTD / else */ + +COMP_METHOD *COMP_zstd(void) +{ + COMP_METHOD *meth = &zstd_method_nozstd; + +#ifndef OPENSSL_NO_ZSTD + if (RUN_ONCE(&zstd_once, ossl_comp_zstd_init)) + meth = &zstd_stateful_method; +#endif + return meth; +} + +COMP_METHOD *COMP_zstd_oneshot(void) +{ + COMP_METHOD *meth = &zstd_method_nozstd; + +#ifndef OPENSSL_NO_ZSTD + if (RUN_ONCE(&zstd_once, ossl_comp_zstd_init)) + meth = &zstd_oneshot_method; +#endif + return meth; +} + +/* Also called from OPENSSL_cleanup() */ +void ossl_comp_zstd_cleanup(void) +{ +#ifdef ZSTD_SHARED + DSO_free(zstd_dso); + zstd_dso = NULL; + p_createCStream = NULL; + p_initCStream = NULL; + p_freeCStream = NULL; + p_compressStream2 = NULL; + p_flushStream = NULL; + p_endStream = NULL; + p_compress = NULL; + p_createDStream = NULL; + p_initDStream = NULL; + p_freeDStream = NULL; + p_decompressStream = NULL; + p_decompress = NULL; + p_isError = NULL; + p_getErrorName = NULL; + p_DStreamInSize = NULL; + p_CStreamInSize = NULL; +#endif +} + +#ifndef OPENSSL_NO_ZSTD + +/* Zstd-based compression/decompression filter BIO */ + +typedef struct { + struct { /* input structure */ + ZSTD_DStream *state; + ZSTD_inBuffer inbuf; /* has const src */ + size_t bufsize; + void* buffer; + } decompress; + struct { /* output structure */ + ZSTD_CStream *state; + ZSTD_outBuffer outbuf; + size_t bufsize; + size_t write_pos; + } compress; +} BIO_ZSTD_CTX; + +# define ZSTD_DEFAULT_BUFSIZE 1024 + +static int bio_zstd_new(BIO *bi); +static int bio_zstd_free(BIO *bi); +static int bio_zstd_read(BIO *b, char *out, int outl); +static int bio_zstd_write(BIO *b, const char *in, int inl); +static long bio_zstd_ctrl(BIO *b, int cmd, long num, void *ptr); +static long bio_zstd_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); + +static const BIO_METHOD bio_meth_zstd = { + BIO_TYPE_COMP, + "zstd", + /* TODO: Convert to new style write function */ + bwrite_conv, + bio_zstd_write, + /* TODO: Convert to new style read function */ + bread_conv, + bio_zstd_read, + NULL, /* bio_zstd_puts, */ + NULL, /* bio_zstd_gets, */ + bio_zstd_ctrl, + bio_zstd_new, + bio_zstd_free, + bio_zstd_callback_ctrl +}; +#endif + +const BIO_METHOD *BIO_f_zstd(void) +{ +#ifndef OPENSSL_NO_ZSTD + return &bio_meth_zstd; +#else + return NULL; +#endif +} + +#ifndef OPENSSL_NO_ZSTD +static int bio_zstd_new(BIO *bi) +{ + BIO_ZSTD_CTX *ctx; + +# ifdef ZSTD_SHARED + (void)COMP_zstd(); + if (zstd_dso == NULL) { + ERR_raise(ERR_LIB_COMP, COMP_R_ZSTD_NOT_SUPPORTED); + return 0; + } +# endif + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) { + ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); + return 0; + } + +# ifdef ZSTD_SHARED + ctx->decompress.state = ZSTD_createDStream(); +# else + ctx->decompress.state = ZSTD_createDStream_advanced(zstd_mem_funcs); +# endif + if (ctx->decompress.state == NULL) + goto err; + ZSTD_initDStream(ctx->decompress.state); + ctx->decompress.bufsize = ZSTD_DStreamInSize(); + +# ifdef ZSTD_SHARED + ctx->compress.state = ZSTD_createCStream(); +# else + ctx->compress.state = ZSTD_createCStream_advanced(zstd_mem_funcs); +# endif + if (ctx->compress.state == NULL) + goto err; + ZSTD_initCStream(ctx->compress.state, ZSTD_CLEVEL_DEFAULT); + ctx->compress.bufsize = ZSTD_CStreamInSize(); + + BIO_set_init(bi, 1); + BIO_set_data(bi, ctx); + + return 1; + err: + ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); + ZSTD_freeDStream(ctx->decompress.state); + ZSTD_freeCStream(ctx->compress.state); + OPENSSL_free(ctx); + return 0; +} + +static int bio_zstd_free(BIO *bi) +{ + BIO_ZSTD_CTX *ctx; + + if (bi == NULL) + return 0; + + ctx = BIO_get_data(bi); + if (ctx != NULL) { + ZSTD_freeDStream(ctx->decompress.state); + OPENSSL_free(ctx->decompress.buffer); + ZSTD_freeCStream(ctx->compress.state); + OPENSSL_free(ctx->compress.outbuf.dst); + OPENSSL_free(ctx); + } + BIO_set_data(bi, NULL); + BIO_set_init(bi, 0); + + return 1; +} + +static int bio_zstd_read(BIO *b, char *out, int outl) +{ + BIO_ZSTD_CTX *ctx; + size_t zret; + int ret; + ZSTD_outBuffer outBuf; + BIO *next = BIO_next(b); + + if (out == NULL || outl <= 0) + return 0; + + ctx = BIO_get_data(b); + BIO_clear_retry_flags(b); + if (ctx->decompress.buffer == NULL) { + ctx->decompress.buffer = OPENSSL_malloc(ctx->decompress.bufsize); + if (ctx->decompress.buffer == NULL) { + ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->decompress.inbuf.src = ctx->decompress.buffer; + ctx->decompress.inbuf.size = 0; + ctx->decompress.inbuf.pos = 0; + } + + /* Copy output data directly to supplied buffer */ + outBuf.dst = out; + outBuf.size = (size_t)outl; + outBuf.pos = 0; + for (;;) { + /* Decompress while data available */ + do { + zret = ZSTD_decompressStream(ctx->decompress.state, &outBuf, &ctx->decompress.inbuf); + if (ZSTD_isError(zret)) { + ERR_raise(ERR_LIB_COMP, COMP_R_ZSTD_DECOMPRESS_ERROR); + ERR_add_error_data(1, ZSTD_getErrorName(zret)); + return -1; + } + /* No more output space */ + if (outBuf.pos == outBuf.size) + return outBuf.pos; + } while (ctx->decompress.inbuf.pos < ctx->decompress.inbuf.size); + + /* + * No data in input buffer try to read some in, if an error then + * return the total data read. + */ + ret = BIO_read(next, ctx->decompress.buffer, ctx->decompress.bufsize); + if (ret <= 0) { + BIO_copy_next_retry(b); + if (ret < 0 && outBuf.pos == 0) + return ret; + return outBuf.pos; + } + ctx->decompress.inbuf.size = ret; + ctx->decompress.inbuf.pos = 0; + } +} + +static int bio_zstd_write(BIO *b, const char *in, int inl) +{ + BIO_ZSTD_CTX *ctx; + size_t zret; + ZSTD_inBuffer inBuf; + int ret; + int done = 0; + BIO *next = BIO_next(b); + + if (in == NULL || inl <= 0) + return 0; + + ctx = BIO_get_data(b); + + BIO_clear_retry_flags(b); + if (ctx->compress.outbuf.dst == NULL) { + ctx->compress.outbuf.dst = OPENSSL_malloc(ctx->compress.bufsize); + if (ctx->compress.outbuf.dst == NULL) { + ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->compress.outbuf.size = ctx->compress.bufsize; + ctx->compress.outbuf.pos = 0; + ctx->compress.write_pos = 0; + } + /* Obtain input data directly from supplied buffer */ + inBuf.src = in; + inBuf.size = inl; + inBuf.pos = 0; + for (;;) { + /* If data in output buffer write it first */ + while (ctx->compress.write_pos < ctx->compress.outbuf.pos) { + ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos, + ctx->compress.outbuf.pos - ctx->compress.write_pos); + if (ret <= 0) { + BIO_copy_next_retry(b); + if (ret < 0 && inBuf.pos == 0) + return ret; + return inBuf.pos; + } + ctx->compress.write_pos += ret; + } + + /* Have we consumed all supplied data? */ + if (done) + return inBuf.pos; + + /* Reset buffer */ + ctx->compress.outbuf.pos = 0; + ctx->compress.outbuf.size = ctx->compress.bufsize; + ctx->compress.write_pos = 0; + /* Compress some more */ + zret = ZSTD_compressStream2(ctx->compress.state, &ctx->compress.outbuf, &inBuf, ZSTD_e_end); + if (ZSTD_isError(zret)) { + ERR_raise(ERR_LIB_COMP, COMP_R_ZSTD_COMPRESS_ERROR); + ERR_add_error_data(1, ZSTD_getErrorName(zret)); + return 0; + } else if (zret == 0) { + done = 1; + } + } +} + +static int bio_zstd_flush(BIO *b) +{ + BIO_ZSTD_CTX *ctx; + size_t zret; + int ret; + BIO *next = BIO_next(b); + + ctx = BIO_get_data(b); + + /* If no data written or already flush show success */ + if (ctx->compress.outbuf.dst == NULL) + return 1; + + BIO_clear_retry_flags(b); + /* No more input data */ + ctx->compress.outbuf.pos = 0; + ctx->compress.outbuf.size = ctx->compress.bufsize; + ctx->compress.write_pos = 0; + for (;;) { + /* If data in output buffer write it first */ + while (ctx->compress.write_pos < ctx->compress.outbuf.pos) { + ret = BIO_write(next, (unsigned char*)ctx->compress.outbuf.dst + ctx->compress.write_pos, + ctx->compress.outbuf.pos - ctx->compress.write_pos); + if (ret <= 0) { + BIO_copy_next_retry(b); + return ret; + } + ctx->compress.write_pos += ret; + } + + /* Reset buffer */ + ctx->compress.outbuf.pos = 0; + ctx->compress.outbuf.size = ctx->compress.bufsize; + ctx->compress.write_pos = 0; + /* Compress some more */ + zret = ZSTD_flushStream(ctx->compress.state, &ctx->compress.outbuf); + if (ZSTD_isError(zret)) { + ERR_raise(ERR_LIB_COMP, COMP_R_ZSTD_DECODE_ERROR); + ERR_add_error_data(1, ZSTD_getErrorName(zret)); + return 0; + } + if (zret == 0) + return 1; + } +} + +static long bio_zstd_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO_ZSTD_CTX *ctx; + int ret = 0, *ip; + size_t ibs, obs; + unsigned char *tmp; + BIO *next = BIO_next(b); + + if (next == NULL) + return 0; + ctx = BIO_get_data(b); + switch (cmd) { + + case BIO_CTRL_RESET: + ctx->compress.write_pos = 0; + ctx->compress.bufsize = 0; + ret = 1; + break; + + case BIO_CTRL_FLUSH: + ret = bio_zstd_flush(b); + if (ret > 0) + ret = BIO_flush(next); + break; + + case BIO_C_SET_BUFF_SIZE: + ibs = ctx->decompress.bufsize; + obs = ctx->compress.bufsize; + if (ptr != NULL) { + ip = ptr; + if (*ip == 0) + ibs = (size_t)num; + else + obs = (size_t)num; + } else { + obs = ibs = (size_t)num; + } + + if (ibs > 0 && ibs != ctx->decompress.bufsize) { + if (ctx->decompress.buffer != NULL) { + tmp = OPENSSL_realloc(ctx->decompress.buffer, ibs); + if (tmp == NULL) + return 0; + if (ctx->decompress.inbuf.src == ctx->decompress.buffer) + ctx->decompress.inbuf.src = tmp; + ctx->decompress.buffer = tmp; + } + ctx->decompress.bufsize = ibs; + } + + if (obs > 0 && obs != ctx->compress.bufsize) { + if (ctx->compress.outbuf.dst != NULL) { + tmp = OPENSSL_realloc(ctx->compress.outbuf.dst, obs); + if (tmp == NULL) + return 0; + ctx->compress.outbuf.dst = tmp; + } + ctx->compress.bufsize = obs; + } + ret = 1; + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(next, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + case BIO_CTRL_WPENDING: + if (ctx->compress.outbuf.pos < ctx->compress.outbuf.size) + ret = 1; + else + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + case BIO_CTRL_PENDING: + if (ctx->decompress.inbuf.pos < ctx->decompress.inbuf.size) + ret = 1; + else + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + } + + return ret; +} + +static long bio_zstd_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) +{ + BIO *next = BIO_next(b); + if (next == NULL) + return 0; + return BIO_callback_ctrl(next, cmd, fp); +} + +#endif diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 4f55f820da..10a9e66860 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -33,6 +33,13 @@ static const ERR_STRING_DATA COMP_str_reasons[] = { "zlib inflate error"}, {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZSTD_COMPRESS_ERROR), + "zstd compress error"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZSTD_DECODE_ERROR), "zstd decode error"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZSTD_DECOMPRESS_ERROR), + "zstd decompress error"}, + {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZSTD_NOT_SUPPORTED), + "zstd not supported"}, {0, NULL} }; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 67179fa9ae..ef02a097e4 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -390,6 +390,10 @@ COMP_R_BROTLI_NOT_SUPPORTED:105:brotli not supported COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported +COMP_R_ZSTD_COMPRESS_ERROR:107:zstd compress error +COMP_R_ZSTD_DECODE_ERROR:108:zstd decode error +COMP_R_ZSTD_DECOMPRESS_ERROR:109:zstd decompress error +COMP_R_ZSTD_NOT_SUPPORTED:110:zstd not supported CONF_R_ERROR_LOADING_DSO:110:error loading dso CONF_R_INVALID_PRAGMA:122:invalid pragma CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null diff --git a/crypto/init.c b/crypto/init.c index fa8f0d694a..2e3318d46c 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -391,6 +391,8 @@ void OPENSSL_cleanup(void) ossl_comp_zlib_cleanup(); OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_comp_brotli_cleanup()\n"); ossl_comp_brotli_cleanup(); + OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_comp_zstd_cleanup()\n"); + ossl_comp_zstd_cleanup(); #endif if (async_inited) { diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 115c707cd1..ca710b7ffe 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1154,7 +1154,7 @@ static const unsigned char so[8356] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x32, /* [ 8344] OBJ_id_ct_signedTAL */ }; -#define NUM_NID 1289 +#define NUM_NID 1290 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2445,9 +2445,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"brainpoolP384r1tls13", "brainpoolP384r1tls13", NID_brainpoolP384r1tls13}, {"brainpoolP512r1tls13", "brainpoolP512r1tls13", NID_brainpoolP512r1tls13}, {"brotli", "Brotli compression", NID_brotli}, + {"zstd", "Zstandard compression", NID_zstd}, }; -#define NUM_SN 1280 +#define NUM_SN 1281 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -3729,9 +3730,10 @@ static const unsigned int sn_objs[NUM_SN] = { 158, /* "x509Certificate" */ 160, /* "x509Crl" */ 1093, /* "x509ExtAdmission" */ + 1289, /* "zstd" */ }; -#define NUM_LN 1280 +#define NUM_LN 1281 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3961,6 +3963,7 @@ static const unsigned int ln_objs[NUM_LN] = { 184, /* "X9.57" */ 185, /* "X9.57 CM ?" */ 1209, /* "XmppAddr" */ + 1289, /* "Zstandard compression" */ 478, /* "aRecord" */ 289, /* "aaControls" */ 287, /* "ac-auditEntity" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 5940f6911b..6f9cea2b0e 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1286,3 +1286,4 @@ brainpoolP256r1tls13 1285 brainpoolP384r1tls13 1286 brainpoolP512r1tls13 1287 brotli 1288 +zstd 1289 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a0991529b9..d8aaac0570 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1803,5 +1803,6 @@ joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization # Jdk trustedKeyUsage attribute oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle) -# NID for brotli +# NID for compression : brotli : Brotli compression + : zstd : Zstandard compression diff --git a/doc/man3/COMP_CTX_new.pod b/doc/man3/COMP_CTX_new.pod index 826fbb02d3..1fe1d691df 100644 --- a/doc/man3/COMP_CTX_new.pod +++ b/doc/man3/COMP_CTX_new.pod @@ -13,8 +13,11 @@ COMP_expand_block, COMP_zlib, COMP_brotli, COMP_brotli_oneshot, +COMP_zstd, +COMP_zstd_oneshot, BIO_f_zlib, -BIO_f_brotli +BIO_f_brotli, +BIO_f_zstd - Compression support =head1 SYNOPSIS @@ -36,9 +39,12 @@ BIO_f_brotli COMP_METHOD *COMP_zlib(void); COMP_METHOD *COMP_brotli(void); COMP_METHOD *COMP_brotli_oneshot(void); + COMP_METHOD *COMP_zstd(void); + COMP_METHOD *COMP_zstd_oneshot(void); const BIO_METHOD *BIO_f_zlib(void); const BIO_METHOD *BIO_f_brotli(void); + const BIO_METHOD *BIO_f_zstd(void); =head1 DESCRIPTION @@ -79,10 +85,18 @@ COMP_brotli() returns a B<COMP_METHOD> for stream-based Brotli compression. COMP_brotli_oneshot() returns a B<COMP_METHOD> for one-shot Brotli compression. +=item * + +COMP_zstd() returns a B<COMP_METHOD> for stream-based Zstandard compression. + +=item * + +COMP_zstd_oneshot() returns a B<COMP_METHOD> for one-shot Zstandard compression. + =back -BIO_f_zlib() and BIO_f_brotli() each return a B<BIO_METHOD> that may be used to -create a B<BIO> via L<BIO_new(3)> to read and write compressed files or streams. +BIO_f_zlib(), BIO_f_brotli() BIO_f_zstd() each return a B<BIO_METHOD> that may be used to +create a B<BIO> via B<BIO_new(3)> to read and write compressed files or streams. The functions are only available if the corresponding algorithm is compiled into the OpenSSL library. @@ -99,6 +113,8 @@ ZLIB may be found at L<https://zlib.net> Brotli may be found at L<https://github.com/google/brotli>. +Zstandard may be found at L<https://github.com/facebook/zstd>. + Compression of SSL/TLS records is not recommended, as it has been shown to lead to the CRIME attack L<https://en.wikipedia.org/wiki/CRIME>. It is disabled by default, and may be enabled by clearing the @@ -110,19 +126,21 @@ in RFC8879 L<https://datatracker.ietf.org/doc/html/rfc8879>. It may be disabled via the SSL_OP_NO_CERTIFICATE_COMPRESSION option of the L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions. -COMP_zlib() and COMP_brotli() are both stream-based compression methods. +COMP_zlib(), COMP_brotli() and COMP_zstd() are stream-based compression methods. Internal state (including compression dictionary) is maintained between calls. If an error is returned, the stream is corrupted, and should be closed. -COMP_brotli_oneshot() is not stream-based, it does not maintain state -between calls. An error in one call does not affect future calls. +COMP_brotli_oneshot() and COMP_zstd_oneshot() are not stream-based. These +methods do not maintain state between calls. An error in one call does not affect +future calls. =head1 RETURN VALUES COMP_CTX_new() returns a B<COMP_CTX> on success, or NULL on failure. -COMP_CTX_get_method(), COMP_zlib(), COMP_brotli(), and COMP_brotli_oneshot() -return a B<COMP_METHOD> on success, or NULL on failure. +COMP_CTX_get_method(), COMP_zlib(), COMP_brotli(), COMP_brotli_oneshot(), +COMP_zstd(), and COMP_zstd_oneshot() return a B<COMP_METHOD> on success, +or NULL on failure. COMP_CTX_get_type() and COMP_get_type() return a NID value. On failure, NID_undef is returned. @@ -134,7 +152,7 @@ bytes stored in the output buffer I<out>. This may be 0. On failure, COMP_get_name() returns a B<const char *> that must not be freed on success, or NULL on failure. -BIO_f_zlib() and BIO_f_brotli() return a B<BIO_METHOD>. +BIO_f_zlib(), BIO_f_brotli() and BIO_f_zstd() return a B<BIO_METHOD>. =head1 SEE ALSO @@ -142,7 +160,7 @@ L<BIO_new(3)>, L<SSL_CTX_set_options(3)>, L<SSL_set_options(3)> =head1 HISTORY -Brotli functions were added in OpenSSL 3.1.0. +Brotli and Zstandard functions were added in OpenSSL 3.2. =head1 COPYRIGHT diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod index a5aa674cdb..4b32023959 100644 --- a/doc/man3/SSL_COMP_add_compression_method.pod +++ b/doc/man3/SSL_COMP_add_compression_method.pod @@ -70,6 +70,10 @@ following compression methods available: =item COMP_brotli_oneshot() +=item COMP_zstd() + +=item COMP_zstd_oneshot() + =back =head1 RETURN VALUES diff --git a/include/internal/comp.h b/include/internal/comp.h index 45cab6c720..c48c29d562 100644 --- a/include/internal/comp.h +++ b/include/internal/comp.h @@ -11,3 +11,4 @@ void ossl_comp_zlib_cleanup(void); void ossl_comp_brotli_cleanup(void); +void ossl_comp_zstd_cleanup(void); diff --git a/include/openssl/comp.h b/include/openssl/comp.h index 28f674de4d..b1a9554cb8 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -42,6 +42,8 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, COMP_METHOD *COMP_zlib(void); COMP_METHOD *COMP_brotli(void); COMP_METHOD *COMP_brotli_oneshot(void); +COMP_METHOD *COMP_zstd(void); +COMP_METHOD *COMP_zstd_oneshot(void); #ifndef OPENSSL_NO_DEPRECATED_1_1_0 # define COMP_zlib_cleanup() while(0) continue @@ -52,6 +54,7 @@ COMP_METHOD *COMP_brotli_oneshot(void); const BIO_METHOD *BIO_f_zlib(void); # endif const BIO_METHOD *BIO_f_brotli(void); +const BIO_METHOD *BIO_f_zstd(void); # endif diff --git a/include/openssl/comperr.h b/include/openssl/comperr.h index 31dcda8957..e075506e68 100644 --- a/include/openssl/comperr.h +++ b/include/openssl/comperr.h @@ -31,6 +31,10 @@ # define COMP_R_ZLIB_DEFLATE_ERROR 99 # define COMP_R_ZLIB_INFLATE_ERROR 100 # define COMP_R_ZLIB_NOT_SUPPORTED 101 +# define COMP_R_ZSTD_COMPRESS_ERROR 107 +# define COMP_R_ZSTD_DECODE_ERROR 108 +# define COMP_R_ZSTD_DECOMPRESS_ERROR 109 +# define COMP_R_ZSTD_NOT_SUPPORTED 110 # endif #endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index daa5233294..2fcf6132f4 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5597,6 +5597,10 @@ #define LN_brotli "Brotli compression" #define NID_brotli 1288 +#define SN_zstd "zstd" +#define LN_zstd "Zstandard compression" +#define NID_zstd 1289 + #endif /* OPENSSL_OBJ_MAC_H */ #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/test/bio_comp_test.c b/test/bio_comp_test.c index b148d02dd3..5e0888da7f 100644 --- a/test/bio_comp_test.c +++ b/test/bio_comp_test.c @@ -25,8 +25,8 @@ static int sizes[NUM_SIZES] = { 64, 512, 2048, 16 * 1024 }; /* using global buffers */ -uint8_t *original = NULL; -uint8_t *result = NULL; +unsigned char *original = NULL; +unsigned char *result = NULL; /* * For compression: @@ -62,8 +62,7 @@ static int do_bio_comp_test(const BIO_METHOD *meth, size_t size) BIO_push(bexp, bmem); rsize = BIO_read(bexp, result, size); - if (!TEST_int_eq(size, osize) - || !TEST_int_eq(size, rsize) + if (!TEST_int_eq(size, rsize) || !TEST_mem_eq(original, osize, result, rsize)) goto err; @@ -88,20 +87,20 @@ static int do_bio_comp(const BIO_METHOD *meth, int n) switch (type) { case 0: - test_printf_stdout("# zeros of size %d\n", size); + TEST_info("zeros of size %d\n", size); memset(original, 0, BUFFER_SIZE); break; case 1: - test_printf_stdout("# ones of size %d\n", size); - memset(original, 0, BUFFER_SIZE); + TEST_info("ones of size %d\n", size); + memset(original, 1, BUFFER_SIZE); break; case 2: - test_printf_stdout("# sequential of size %d\n", size); + TEST_info("sequential of size %d\n", size); for (i = 0; i < BUFFER_SIZE; i++) original[i] = i & 0xFF; break; case 3: - test_printf_stdout("# random of size %d\n", size); + TEST_info("random of size %d\n", size); if (!TEST_int_gt(RAND_bytes(original, BUFFER_SIZE), 0)) goto err; break; @@ -118,6 +117,12 @@ static int do_bio_comp(const BIO_METHOD *meth, int n) return success; } +#ifndef OPENSSL_NO_ZSTD +static int test_zstd(int n) +{ + return do_bio_comp(BIO_f_zstd(), n); +} +#endif #ifndef OPENSSL_NO_BROTLI static int test_brotli(int n) { @@ -139,5 +144,8 @@ int setup_tests(void) #ifndef OPENSSL_NO_BROTLI ADD_ALL_TESTS(test_brotli, NUM_SIZES * 4); #endif +#ifndef OPENSSL_NO_ZSTD + ADD_ALL_TESTS(test_zstd, NUM_SIZES * 4); +#endif return 1; } diff --git a/test/build.info b/test/build.info index 1fffaa15eb..6994131275 100644 --- a/test/build.info +++ b/test/build.info @@ -899,7 +899,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[context_internal_test]=.. ../include ../apps/include DEPEND[context_internal_test]=../libcrypto.a libtestutil.a - IF[{- !$disabled{zlib} || !$disabled{brotli} -}] + IF[{- !$disabled{zlib} || !$disabled{brotli} || !$disabled{zstd} -}] PROGRAMS{noinst}=bio_comp_test SOURCE[bio_comp_test]=bio_comp_test.c INCLUDE[bio_comp_test]=../include ../apps/include diff --git a/test/recipes/07-test_bio_comp.t b/test/recipes/07-test_bio_comp.t index e43fc49a52..16a8fa69da 100644 --- a/test/recipes/07-test_bio_comp.t +++ b/test/recipes/07-test_bio_comp.t @@ -14,6 +14,6 @@ use OpenSSL::Test::Utils; setup("test_bio_comp"); plan skip_all => "No compression algorithms" - if disabled("zlib") && disabled("brotli"); + if disabled("zlib") && disabled("brotli") && disabled("zstd"); simple_test("test_bio_comp", "bio_comp_test"); diff --git a/util/libcrypto.num b/util/libcrypto.num index 245b02ff2e..ec594ea551 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5472,3 +5472,6 @@ OSSL_get_max_threads ? 3_2_0 EXIST::FUNCTION: COMP_brotli ? 3_2_0 EXIST::FUNCTION:COMP COMP_brotli_oneshot ? 3_2_0 EXIST::FUNCTION:COMP BIO_f_brotli ? 3_2_0 EXIST::FUNCTION:COMP +COMP_zstd ? 3_2_0 EXIST::FUNCTION:COMP +COMP_zstd_oneshot ? 3_2_0 EXIST::FUNCTION:COMP +BIO_f_zstd ? 3_2_0 EXIST::FUNCTION:COMP diff --git a/util/perl/OpenSSL/Ordinals.pm b/util/perl/OpenSSL/Ordinals.pm index 66914254e0..d11e91c06b 100644 --- a/util/perl/OpenSSL/Ordinals.pm +++ b/util/perl/OpenSSL/Ordinals.pm @@ -415,6 +415,7 @@ sub _parse_features { if ($def =~ m{^ZLIB$}) { $features{$&} = $op; } if ($def =~ m{^BROTLI$}) { $features{$&} = $op; } + if ($def =~ m{^ZSTD$}) { $features{$&} = $op; } if ($def =~ m{^OPENSSL_USE_}) { $features{$'} = $op; } if ($def =~ m{^OPENSSL_NO_}) { $features{$'} = !$op; } } |