2
0

ssl_asn1.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643
  1. /* ssl/ssl_asn1.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright 2005 Nokia. All rights reserved.
  60. *
  61. * The portions of the attached software ("Contribution") is developed by
  62. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  63. * license.
  64. *
  65. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  66. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  67. * support (see RFC 4279) to OpenSSL.
  68. *
  69. * No patent licenses or other rights except those expressly stated in
  70. * the OpenSSL open source license shall be deemed granted or received
  71. * expressly, by implication, estoppel, or otherwise.
  72. *
  73. * No assurances are provided by Nokia that the Contribution does not
  74. * infringe the patent or other intellectual property rights of any third
  75. * party or that the license provides you with all the necessary rights
  76. * to make use of the Contribution.
  77. *
  78. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  79. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  80. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  81. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  82. * OTHERWISE.
  83. */
  84. #include <stdio.h>
  85. #include <stdlib.h>
  86. #include <openssl/crypto.h>
  87. #include "ssl_locl.h"
  88. #include <openssl/asn1_mac.h>
  89. #include <openssl/objects.h>
  90. #include <openssl/x509.h>
  91. typedef struct ssl_session_asn1_st
  92. {
  93. ASN1_INTEGER version;
  94. ASN1_INTEGER ssl_version;
  95. ASN1_OCTET_STRING cipher;
  96. ASN1_OCTET_STRING comp_id;
  97. ASN1_OCTET_STRING master_key;
  98. ASN1_OCTET_STRING session_id;
  99. ASN1_OCTET_STRING session_id_context;
  100. ASN1_OCTET_STRING key_arg;
  101. #ifndef OPENSSL_NO_KRB5
  102. ASN1_OCTET_STRING krb5_princ;
  103. #endif /* OPENSSL_NO_KRB5 */
  104. ASN1_INTEGER time;
  105. ASN1_INTEGER timeout;
  106. ASN1_INTEGER verify_result;
  107. #ifndef OPENSSL_NO_TLSEXT
  108. ASN1_OCTET_STRING tlsext_hostname;
  109. ASN1_INTEGER tlsext_tick_lifetime;
  110. ASN1_OCTET_STRING tlsext_tick;
  111. #endif /* OPENSSL_NO_TLSEXT */
  112. #ifndef OPENSSL_NO_PSK
  113. ASN1_OCTET_STRING psk_identity_hint;
  114. ASN1_OCTET_STRING psk_identity;
  115. #endif /* OPENSSL_NO_PSK */
  116. #ifndef OPENSSL_NO_SRP
  117. ASN1_OCTET_STRING srp_username;
  118. #endif /* OPENSSL_NO_SRP */
  119. } SSL_SESSION_ASN1;
  120. int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
  121. {
  122. #define LSIZE2 (sizeof(long)*2)
  123. int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
  124. unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
  125. unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
  126. #ifndef OPENSSL_NO_TLSEXT
  127. int v6=0,v9=0,v10=0;
  128. unsigned char ibuf6[LSIZE2];
  129. #endif
  130. #ifndef OPENSSL_NO_COMP
  131. unsigned char cbuf;
  132. int v11=0;
  133. #endif
  134. #ifndef OPENSSL_NO_SRP
  135. int v12=0;
  136. #endif
  137. long l;
  138. SSL_SESSION_ASN1 a;
  139. M_ASN1_I2D_vars(in);
  140. if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
  141. return(0);
  142. /* Note that I cheat in the following 2 assignments. I know
  143. * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
  144. * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
  145. * This is a bit evil but makes things simple, no dynamic allocation
  146. * to clean up :-) */
  147. a.version.length=LSIZE2;
  148. a.version.type=V_ASN1_INTEGER;
  149. a.version.data=ibuf1;
  150. ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
  151. a.ssl_version.length=LSIZE2;
  152. a.ssl_version.type=V_ASN1_INTEGER;
  153. a.ssl_version.data=ibuf2;
  154. ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
  155. a.cipher.type=V_ASN1_OCTET_STRING;
  156. a.cipher.data=buf;
  157. if (in->cipher == NULL)
  158. l=in->cipher_id;
  159. else
  160. l=in->cipher->id;
  161. if (in->ssl_version == SSL2_VERSION)
  162. {
  163. a.cipher.length=3;
  164. buf[0]=((unsigned char)(l>>16L))&0xff;
  165. buf[1]=((unsigned char)(l>> 8L))&0xff;
  166. buf[2]=((unsigned char)(l ))&0xff;
  167. }
  168. else
  169. {
  170. a.cipher.length=2;
  171. buf[0]=((unsigned char)(l>>8L))&0xff;
  172. buf[1]=((unsigned char)(l ))&0xff;
  173. }
  174. #ifndef OPENSSL_NO_COMP
  175. if (in->compress_meth)
  176. {
  177. cbuf = (unsigned char)in->compress_meth;
  178. a.comp_id.length = 1;
  179. a.comp_id.type = V_ASN1_OCTET_STRING;
  180. a.comp_id.data = &cbuf;
  181. }
  182. #endif
  183. a.master_key.length=in->master_key_length;
  184. a.master_key.type=V_ASN1_OCTET_STRING;
  185. a.master_key.data=in->master_key;
  186. a.session_id.length=in->session_id_length;
  187. a.session_id.type=V_ASN1_OCTET_STRING;
  188. a.session_id.data=in->session_id;
  189. a.session_id_context.length=in->sid_ctx_length;
  190. a.session_id_context.type=V_ASN1_OCTET_STRING;
  191. a.session_id_context.data=in->sid_ctx;
  192. a.key_arg.length=in->key_arg_length;
  193. a.key_arg.type=V_ASN1_OCTET_STRING;
  194. a.key_arg.data=in->key_arg;
  195. #ifndef OPENSSL_NO_KRB5
  196. if (in->krb5_client_princ_len)
  197. {
  198. a.krb5_princ.length=in->krb5_client_princ_len;
  199. a.krb5_princ.type=V_ASN1_OCTET_STRING;
  200. a.krb5_princ.data=in->krb5_client_princ;
  201. }
  202. #endif /* OPENSSL_NO_KRB5 */
  203. if (in->time != 0L)
  204. {
  205. a.time.length=LSIZE2;
  206. a.time.type=V_ASN1_INTEGER;
  207. a.time.data=ibuf3;
  208. ASN1_INTEGER_set(&(a.time),in->time);
  209. }
  210. if (in->timeout != 0L)
  211. {
  212. a.timeout.length=LSIZE2;
  213. a.timeout.type=V_ASN1_INTEGER;
  214. a.timeout.data=ibuf4;
  215. ASN1_INTEGER_set(&(a.timeout),in->timeout);
  216. }
  217. if (in->verify_result != X509_V_OK)
  218. {
  219. a.verify_result.length=LSIZE2;
  220. a.verify_result.type=V_ASN1_INTEGER;
  221. a.verify_result.data=ibuf5;
  222. ASN1_INTEGER_set(&a.verify_result,in->verify_result);
  223. }
  224. #ifndef OPENSSL_NO_TLSEXT
  225. if (in->tlsext_hostname)
  226. {
  227. a.tlsext_hostname.length=strlen(in->tlsext_hostname);
  228. a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
  229. a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
  230. }
  231. if (in->tlsext_tick)
  232. {
  233. a.tlsext_tick.length= in->tlsext_ticklen;
  234. a.tlsext_tick.type=V_ASN1_OCTET_STRING;
  235. a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
  236. }
  237. if (in->tlsext_tick_lifetime_hint > 0)
  238. {
  239. a.tlsext_tick_lifetime.length=LSIZE2;
  240. a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
  241. a.tlsext_tick_lifetime.data=ibuf6;
  242. ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
  243. }
  244. #endif /* OPENSSL_NO_TLSEXT */
  245. #ifndef OPENSSL_NO_PSK
  246. if (in->psk_identity_hint)
  247. {
  248. a.psk_identity_hint.length=strlen(in->psk_identity_hint);
  249. a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
  250. a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
  251. }
  252. if (in->psk_identity)
  253. {
  254. a.psk_identity.length=strlen(in->psk_identity);
  255. a.psk_identity.type=V_ASN1_OCTET_STRING;
  256. a.psk_identity.data=(unsigned char *)(in->psk_identity);
  257. }
  258. #endif /* OPENSSL_NO_PSK */
  259. #ifndef OPENSSL_NO_SRP
  260. if (in->srp_username)
  261. {
  262. a.srp_username.length=strlen(in->srp_username);
  263. a.srp_username.type=V_ASN1_OCTET_STRING;
  264. a.srp_username.data=(unsigned char *)(in->srp_username);
  265. }
  266. #endif /* OPENSSL_NO_SRP */
  267. M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
  268. M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
  269. M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
  270. M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
  271. M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
  272. #ifndef OPENSSL_NO_KRB5
  273. if (in->krb5_client_princ_len)
  274. M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
  275. #endif /* OPENSSL_NO_KRB5 */
  276. if (in->key_arg_length > 0)
  277. M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
  278. if (in->time != 0L)
  279. M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
  280. if (in->timeout != 0L)
  281. M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
  282. if (in->peer != NULL)
  283. M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
  284. M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
  285. if (in->verify_result != X509_V_OK)
  286. M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
  287. #ifndef OPENSSL_NO_TLSEXT
  288. if (in->tlsext_tick_lifetime_hint > 0)
  289. M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
  290. if (in->tlsext_tick)
  291. M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
  292. if (in->tlsext_hostname)
  293. M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
  294. #ifndef OPENSSL_NO_COMP
  295. if (in->compress_meth)
  296. M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
  297. #endif
  298. #endif /* OPENSSL_NO_TLSEXT */
  299. #ifndef OPENSSL_NO_PSK
  300. if (in->psk_identity_hint)
  301. M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
  302. if (in->psk_identity)
  303. M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
  304. #endif /* OPENSSL_NO_PSK */
  305. #ifndef OPENSSL_NO_SRP
  306. if (in->srp_username)
  307. M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
  308. #endif /* OPENSSL_NO_SRP */
  309. M_ASN1_I2D_seq_total();
  310. M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
  311. M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
  312. M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
  313. M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
  314. M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
  315. #ifndef OPENSSL_NO_KRB5
  316. if (in->krb5_client_princ_len)
  317. M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
  318. #endif /* OPENSSL_NO_KRB5 */
  319. if (in->key_arg_length > 0)
  320. M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
  321. if (in->time != 0L)
  322. M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
  323. if (in->timeout != 0L)
  324. M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
  325. if (in->peer != NULL)
  326. M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
  327. M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
  328. v4);
  329. if (in->verify_result != X509_V_OK)
  330. M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
  331. #ifndef OPENSSL_NO_TLSEXT
  332. if (in->tlsext_hostname)
  333. M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
  334. #endif /* OPENSSL_NO_TLSEXT */
  335. #ifndef OPENSSL_NO_PSK
  336. if (in->psk_identity_hint)
  337. M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
  338. if (in->psk_identity)
  339. M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
  340. #endif /* OPENSSL_NO_PSK */
  341. #ifndef OPENSSL_NO_TLSEXT
  342. if (in->tlsext_tick_lifetime_hint > 0)
  343. M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
  344. if (in->tlsext_tick)
  345. M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
  346. #endif /* OPENSSL_NO_TLSEXT */
  347. #ifndef OPENSSL_NO_COMP
  348. if (in->compress_meth)
  349. M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
  350. #endif
  351. #ifndef OPENSSL_NO_SRP
  352. if (in->srp_username)
  353. M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
  354. #endif /* OPENSSL_NO_SRP */
  355. M_ASN1_I2D_finish();
  356. }
  357. SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
  358. long length)
  359. {
  360. int ssl_version=0,i;
  361. long id;
  362. ASN1_INTEGER ai,*aip;
  363. ASN1_OCTET_STRING os,*osp;
  364. M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
  365. aip= &ai;
  366. osp= &os;
  367. M_ASN1_D2I_Init();
  368. M_ASN1_D2I_start_sequence();
  369. ai.data=NULL; ai.length=0;
  370. M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
  371. if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
  372. /* we don't care about the version right now :-) */
  373. M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
  374. ssl_version=(int)ASN1_INTEGER_get(aip);
  375. ret->ssl_version=ssl_version;
  376. if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
  377. os.data=NULL; os.length=0;
  378. M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
  379. if (ssl_version == SSL2_VERSION)
  380. {
  381. if (os.length != 3)
  382. {
  383. c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
  384. goto err;
  385. }
  386. id=0x02000000L|
  387. ((unsigned long)os.data[0]<<16L)|
  388. ((unsigned long)os.data[1]<< 8L)|
  389. (unsigned long)os.data[2];
  390. }
  391. else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
  392. {
  393. if (os.length != 2)
  394. {
  395. c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
  396. goto err;
  397. }
  398. id=0x03000000L|
  399. ((unsigned long)os.data[0]<<8L)|
  400. (unsigned long)os.data[1];
  401. }
  402. else
  403. {
  404. c.error=SSL_R_UNKNOWN_SSL_VERSION;
  405. goto err;
  406. }
  407. ret->cipher=NULL;
  408. ret->cipher_id=id;
  409. M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
  410. if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
  411. i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
  412. else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
  413. i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
  414. if (os.length > i)
  415. os.length = i;
  416. if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
  417. os.length = sizeof(ret->session_id);
  418. ret->session_id_length=os.length;
  419. OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
  420. memcpy(ret->session_id,os.data,os.length);
  421. M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
  422. if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
  423. ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
  424. else
  425. ret->master_key_length=os.length;
  426. memcpy(ret->master_key,os.data,ret->master_key_length);
  427. os.length=0;
  428. #ifndef OPENSSL_NO_KRB5
  429. os.length=0;
  430. M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
  431. if (os.data)
  432. {
  433. if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
  434. ret->krb5_client_princ_len=0;
  435. else
  436. ret->krb5_client_princ_len=os.length;
  437. memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
  438. OPENSSL_free(os.data);
  439. os.data = NULL;
  440. os.length = 0;
  441. }
  442. else
  443. ret->krb5_client_princ_len=0;
  444. #endif /* OPENSSL_NO_KRB5 */
  445. M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
  446. if (os.length > SSL_MAX_KEY_ARG_LENGTH)
  447. ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
  448. else
  449. ret->key_arg_length=os.length;
  450. memcpy(ret->key_arg,os.data,ret->key_arg_length);
  451. if (os.data != NULL) OPENSSL_free(os.data);
  452. ai.length=0;
  453. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
  454. if (ai.data != NULL)
  455. {
  456. ret->time=ASN1_INTEGER_get(aip);
  457. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  458. }
  459. else
  460. ret->time=(unsigned long)time(NULL);
  461. ai.length=0;
  462. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
  463. if (ai.data != NULL)
  464. {
  465. ret->timeout=ASN1_INTEGER_get(aip);
  466. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  467. }
  468. else
  469. ret->timeout=3;
  470. if (ret->peer != NULL)
  471. {
  472. X509_free(ret->peer);
  473. ret->peer=NULL;
  474. }
  475. M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
  476. os.length=0;
  477. os.data=NULL;
  478. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
  479. if(os.data != NULL)
  480. {
  481. if (os.length > SSL_MAX_SID_CTX_LENGTH)
  482. {
  483. c.error=SSL_R_BAD_LENGTH;
  484. goto err;
  485. }
  486. else
  487. {
  488. ret->sid_ctx_length=os.length;
  489. memcpy(ret->sid_ctx,os.data,os.length);
  490. }
  491. OPENSSL_free(os.data); os.data=NULL; os.length=0;
  492. }
  493. else
  494. ret->sid_ctx_length=0;
  495. ai.length=0;
  496. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
  497. if (ai.data != NULL)
  498. {
  499. ret->verify_result=ASN1_INTEGER_get(aip);
  500. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  501. }
  502. else
  503. ret->verify_result=X509_V_OK;
  504. #ifndef OPENSSL_NO_TLSEXT
  505. os.length=0;
  506. os.data=NULL;
  507. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
  508. if (os.data)
  509. {
  510. ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
  511. OPENSSL_free(os.data);
  512. os.data = NULL;
  513. os.length = 0;
  514. }
  515. else
  516. ret->tlsext_hostname=NULL;
  517. #endif /* OPENSSL_NO_TLSEXT */
  518. #ifndef OPENSSL_NO_PSK
  519. os.length=0;
  520. os.data=NULL;
  521. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
  522. if (os.data)
  523. {
  524. ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
  525. OPENSSL_free(os.data);
  526. os.data = NULL;
  527. os.length = 0;
  528. }
  529. else
  530. ret->psk_identity_hint=NULL;
  531. os.length=0;
  532. os.data=NULL;
  533. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
  534. if (os.data)
  535. {
  536. ret->psk_identity = BUF_strndup((char *)os.data, os.length);
  537. OPENSSL_free(os.data);
  538. os.data = NULL;
  539. os.length = 0;
  540. }
  541. else
  542. ret->psk_identity=NULL;
  543. #endif /* OPENSSL_NO_PSK */
  544. #ifndef OPENSSL_NO_TLSEXT
  545. ai.length=0;
  546. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
  547. if (ai.data != NULL)
  548. {
  549. ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
  550. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  551. }
  552. else if (ret->tlsext_ticklen && ret->session_id_length)
  553. ret->tlsext_tick_lifetime_hint = -1;
  554. else
  555. ret->tlsext_tick_lifetime_hint=0;
  556. os.length=0;
  557. os.data=NULL;
  558. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
  559. if (os.data)
  560. {
  561. ret->tlsext_tick = os.data;
  562. ret->tlsext_ticklen = os.length;
  563. os.data = NULL;
  564. os.length = 0;
  565. }
  566. else
  567. ret->tlsext_tick=NULL;
  568. #endif /* OPENSSL_NO_TLSEXT */
  569. #ifndef OPENSSL_NO_COMP
  570. os.length=0;
  571. os.data=NULL;
  572. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
  573. if (os.data)
  574. {
  575. ret->compress_meth = os.data[0];
  576. OPENSSL_free(os.data);
  577. os.data = NULL;
  578. }
  579. #endif
  580. #ifndef OPENSSL_NO_SRP
  581. os.length=0;
  582. os.data=NULL;
  583. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
  584. if (os.data)
  585. {
  586. ret->srp_username = BUF_strndup((char *)os.data, os.length);
  587. OPENSSL_free(os.data);
  588. os.data = NULL;
  589. os.length = 0;
  590. }
  591. else
  592. ret->srp_username=NULL;
  593. #endif /* OPENSSL_NO_SRP */
  594. M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
  595. }