From 5ba6e25952cd7bc775e670a0706a051fbeaab0c7 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 16 Sep 2012 11:21:45 +0200
Subject: [PATCH] use a %STATELESS_COMPRESSION priority string instead of
 gnutls_init() flag.

---
 doc/cha-gtls-app.texi           | 5 +++++
 doc/cha-intro-tls.texi          | 2 +-
 lib/gnutls_cipher.c             | 2 +-
 lib/gnutls_int.h                | 4 ++--
 lib/gnutls_priority.c           | 4 ++++
 lib/gnutls_state.c              | 6 +-----
 lib/includes/gnutls/gnutls.h.in | 2 --
 7 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 734568479..7e82a42ed 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -979,6 +979,11 @@ will prevent the sending of any TLS extensions in client side. Note
 that TLS 1.2 requires extensions to be used, as well as safe
 renegotiation thus this option must be used with care.
 
+@item %STATELESS_COMPRESSION @tab
+will disable keeping state across records when compressing. This may
+help to mitigate attacks when compression is used but an attacker
+is in control of input data.
+
 @item %SERVER_PRECEDENCE @tab
 The ciphersuite will be selected according to server priorities
 and not the client's.
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index e68058a24..21b85336a 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -191,7 +191,7 @@ on @xcite{RFC3749}. The supported algorithms are shown below.
 Note that compression enables attacks such as traffic analysis, or even
 plaintext recovery under certain circumstances. To avoid some of these
 attacks GnuTLS allows each record to be compressed independently (i.e.,
-stateless compression), by using a flag to @funcref{gnutls_init}.
+stateless compression), by using the "%STATELESS_COMPRESSION" priority string.
 
 @node Weaknesses and countermeasures
 @subsection Weaknesses and countermeasures
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 5266fbecb..248b376a5 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -105,7 +105,7 @@ _gnutls_encrypt (gnutls_session_t session, const uint8_t * headers,
         return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
       
       ret = _gnutls_compress(&params->write.compression_state, data, data_size, 
-                             comp.data, comp.size, session->internals.stateless_compression);
+                             comp.data, comp.size, session->internals.priorities.stateless_compression);
       if (ret < 0)
         {
           gnutls_free(comp.data);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 11c099d44..c7814392e 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -589,6 +589,8 @@ struct gnutls_priority_st
   unsigned int ssl3_record_version:1;
   unsigned int server_precedence:1;
   unsigned int allow_key_usage_violation:1;
+  /* Whether stateless compression will be used */
+  unsigned int stateless_compression:1;
   unsigned int additional_verify_flags;
 };
 
@@ -882,8 +884,6 @@ typedef struct
   /* if set it means that the master key was set using
    * gnutls_session_set_master() rather than being negotiated. */
   unsigned int premaster_set:1;
-  /* Whether stateless compression will be used */
-  unsigned int stateless_compression:1;
 
   unsigned int cb_tls_unique_len;
   unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index decd6d507..c5db0a28e 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -986,6 +986,10 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
             {
               (*priority_cache)->no_extensions = 1;
             }
+          else if (strcasecmp (&broken_list[i][1], "STATELESS_COMPRESSION") == 0)
+            {
+              (*priority_cache)->stateless_compression = 1;
+            }
           else if (strcasecmp (&broken_list[i][1],
                                "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
             {
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 26d0ed9cd..c9c09cef5 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -293,8 +293,7 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session)
  * @flags can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. For a DTLS
  * entity, the flags %GNUTLS_DATAGRAM and  %GNUTLS_NONBLOCK are
  * also available. The latter flag will enable a non-blocking
- * operation of the DTLS timers. The flag %GNUTLS_STATELESS_COMPRESSION
- * would disable keeping state across records when compressing.
+ * operation of the DTLS timers. 
  *
  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
  **/
@@ -394,9 +393,6 @@ gnutls_init (gnutls_session_t * session, unsigned int flags)
   else
     (*session)->internals.transport = GNUTLS_STREAM;
   
-  if (flags & GNUTLS_STATELESS_COMPRESSION)
-    (*session)->internals.stateless_compression = 1;
-  
   if (flags & GNUTLS_NONBLOCK)
     (*session)->internals.dtls.blocking = 0;
   else
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 52bd31142..ef00c5b8a 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -295,14 +295,12 @@ extern "C"
    * @GNUTLS_CLIENT: Connection end is a client.
    * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
    * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
-   * @GNUTLS_STATELESS_COMPRESSION: Compression will be applied independently on each record.
    *
    */
 #define GNUTLS_SERVER 1
 #define GNUTLS_CLIENT (1<<1)
 #define GNUTLS_DATAGRAM (1<<2)
 #define GNUTLS_NONBLOCK (1<<3)
-#define GNUTLS_STATELESS_COMPRESSION (1<<4)
 
 /**
  * gnutls_alert_level_t:
-- 
2.11.4.GIT