ssl_asn1.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398
  1. /* ssl/ssl_asn1.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <stdlib.h>
  60. #include "ssl_locl.h"
  61. #include <openssl/asn1_mac.h>
  62. #include <openssl/objects.h>
  63. #include <openssl/x509.h>
  64. typedef struct ssl_session_asn1_st
  65. {
  66. ASN1_INTEGER version;
  67. ASN1_INTEGER ssl_version;
  68. ASN1_OCTET_STRING cipher;
  69. ASN1_OCTET_STRING master_key;
  70. ASN1_OCTET_STRING session_id;
  71. ASN1_OCTET_STRING session_id_context;
  72. ASN1_OCTET_STRING key_arg;
  73. #ifndef OPENSSL_NO_KRB5
  74. ASN1_OCTET_STRING krb5_princ;
  75. #endif /* OPENSSL_NO_KRB5 */
  76. ASN1_INTEGER time;
  77. ASN1_INTEGER timeout;
  78. ASN1_INTEGER verify_result;
  79. } SSL_SESSION_ASN1;
  80. int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
  81. {
  82. #define LSIZE2 (sizeof(long)*2)
  83. int v1=0,v2=0,v3=0,v4=0,v5=0;
  84. unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
  85. unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
  86. long l;
  87. SSL_SESSION_ASN1 a;
  88. M_ASN1_I2D_vars(in);
  89. if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
  90. return(0);
  91. /* Note that I cheat in the following 2 assignments. I know
  92. * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
  93. * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
  94. * This is a bit evil but makes things simple, no dynamic allocation
  95. * to clean up :-) */
  96. a.version.length=LSIZE2;
  97. a.version.type=V_ASN1_INTEGER;
  98. a.version.data=ibuf1;
  99. ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
  100. a.ssl_version.length=LSIZE2;
  101. a.ssl_version.type=V_ASN1_INTEGER;
  102. a.ssl_version.data=ibuf2;
  103. ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
  104. a.cipher.type=V_ASN1_OCTET_STRING;
  105. a.cipher.data=buf;
  106. if (in->cipher == NULL)
  107. l=in->cipher_id;
  108. else
  109. l=in->cipher->id;
  110. if (in->ssl_version == SSL2_VERSION)
  111. {
  112. a.cipher.length=3;
  113. buf[0]=((unsigned char)(l>>16L))&0xff;
  114. buf[1]=((unsigned char)(l>> 8L))&0xff;
  115. buf[2]=((unsigned char)(l ))&0xff;
  116. }
  117. else
  118. {
  119. a.cipher.length=2;
  120. buf[0]=((unsigned char)(l>>8L))&0xff;
  121. buf[1]=((unsigned char)(l ))&0xff;
  122. }
  123. a.master_key.length=in->master_key_length;
  124. a.master_key.type=V_ASN1_OCTET_STRING;
  125. a.master_key.data=in->master_key;
  126. a.session_id.length=in->session_id_length;
  127. a.session_id.type=V_ASN1_OCTET_STRING;
  128. a.session_id.data=in->session_id;
  129. a.session_id_context.length=in->sid_ctx_length;
  130. a.session_id_context.type=V_ASN1_OCTET_STRING;
  131. a.session_id_context.data=in->sid_ctx;
  132. a.key_arg.length=in->key_arg_length;
  133. a.key_arg.type=V_ASN1_OCTET_STRING;
  134. a.key_arg.data=in->key_arg;
  135. #ifndef OPENSSL_NO_KRB5
  136. if (in->krb5_client_princ_len)
  137. {
  138. a.krb5_princ.length=in->krb5_client_princ_len;
  139. a.krb5_princ.type=V_ASN1_OCTET_STRING;
  140. a.krb5_princ.data=in->krb5_client_princ;
  141. }
  142. #endif /* OPENSSL_NO_KRB5 */
  143. if (in->time != 0L)
  144. {
  145. a.time.length=LSIZE2;
  146. a.time.type=V_ASN1_INTEGER;
  147. a.time.data=ibuf3;
  148. ASN1_INTEGER_set(&(a.time),in->time);
  149. }
  150. if (in->timeout != 0L)
  151. {
  152. a.timeout.length=LSIZE2;
  153. a.timeout.type=V_ASN1_INTEGER;
  154. a.timeout.data=ibuf4;
  155. ASN1_INTEGER_set(&(a.timeout),in->timeout);
  156. }
  157. if (in->verify_result != X509_V_OK)
  158. {
  159. a.verify_result.length=LSIZE2;
  160. a.verify_result.type=V_ASN1_INTEGER;
  161. a.verify_result.data=ibuf5;
  162. ASN1_INTEGER_set(&a.verify_result,in->verify_result);
  163. }
  164. M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
  165. M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
  166. M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
  167. M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
  168. M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
  169. #ifndef OPENSSL_NO_KRB5
  170. if (in->krb5_client_princ_len)
  171. M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
  172. #endif /* OPENSSL_NO_KRB5 */
  173. if (in->key_arg_length > 0)
  174. M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
  175. if (in->time != 0L)
  176. M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
  177. if (in->timeout != 0L)
  178. M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
  179. if (in->peer != NULL)
  180. M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
  181. M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
  182. if (in->verify_result != X509_V_OK)
  183. M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
  184. M_ASN1_I2D_seq_total();
  185. M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
  186. M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
  187. M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
  188. M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
  189. M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
  190. #ifndef OPENSSL_NO_KRB5
  191. if (in->krb5_client_princ_len)
  192. M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
  193. #endif /* OPENSSL_NO_KRB5 */
  194. if (in->key_arg_length > 0)
  195. M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
  196. if (in->time != 0L)
  197. M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
  198. if (in->timeout != 0L)
  199. M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
  200. if (in->peer != NULL)
  201. M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
  202. M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
  203. v4);
  204. if (in->verify_result != X509_V_OK)
  205. M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
  206. M_ASN1_I2D_finish();
  207. }
  208. SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
  209. long length)
  210. {
  211. int version,ssl_version=0,i;
  212. long id;
  213. ASN1_INTEGER ai,*aip;
  214. ASN1_OCTET_STRING os,*osp;
  215. M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
  216. aip= &ai;
  217. osp= &os;
  218. M_ASN1_D2I_Init();
  219. M_ASN1_D2I_start_sequence();
  220. ai.data=NULL; ai.length=0;
  221. M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
  222. version=(int)ASN1_INTEGER_get(aip);
  223. if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
  224. /* we don't care about the version right now :-) */
  225. M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
  226. ssl_version=(int)ASN1_INTEGER_get(aip);
  227. ret->ssl_version=ssl_version;
  228. if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
  229. os.data=NULL; os.length=0;
  230. M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
  231. if (ssl_version == SSL2_VERSION)
  232. {
  233. if (os.length != 3)
  234. {
  235. c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
  236. goto err;
  237. }
  238. id=0x02000000L|
  239. ((unsigned long)os.data[0]<<16L)|
  240. ((unsigned long)os.data[1]<< 8L)|
  241. (unsigned long)os.data[2];
  242. }
  243. else if ((ssl_version>>8) == 3)
  244. {
  245. if (os.length != 2)
  246. {
  247. c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
  248. goto err;
  249. }
  250. id=0x03000000L|
  251. ((unsigned long)os.data[0]<<8L)|
  252. (unsigned long)os.data[1];
  253. }
  254. else
  255. {
  256. SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
  257. return(NULL);
  258. }
  259. ret->cipher=NULL;
  260. ret->cipher_id=id;
  261. M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
  262. if ((ssl_version>>8) == SSL3_VERSION)
  263. i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
  264. else /* if (ssl_version == SSL2_VERSION) */
  265. i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
  266. if (os.length > i)
  267. os.length = i;
  268. if (os.length > sizeof ret->session_id) /* can't happen */
  269. os.length = sizeof ret->session_id;
  270. ret->session_id_length=os.length;
  271. OPENSSL_assert(os.length <= sizeof ret->session_id);
  272. memcpy(ret->session_id,os.data,os.length);
  273. M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
  274. if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
  275. ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
  276. else
  277. ret->master_key_length=os.length;
  278. memcpy(ret->master_key,os.data,ret->master_key_length);
  279. os.length=0;
  280. #ifndef OPENSSL_NO_KRB5
  281. os.length=0;
  282. M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
  283. if (os.data)
  284. {
  285. if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
  286. ret->krb5_client_princ_len=0;
  287. else
  288. ret->krb5_client_princ_len=os.length;
  289. memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
  290. OPENSSL_free(os.data);
  291. os.data = NULL;
  292. os.length = 0;
  293. }
  294. else
  295. ret->krb5_client_princ_len=0;
  296. #endif /* OPENSSL_NO_KRB5 */
  297. M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
  298. if (os.length > SSL_MAX_KEY_ARG_LENGTH)
  299. ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
  300. else
  301. ret->key_arg_length=os.length;
  302. memcpy(ret->key_arg,os.data,ret->key_arg_length);
  303. if (os.data != NULL) OPENSSL_free(os.data);
  304. ai.length=0;
  305. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
  306. if (ai.data != NULL)
  307. {
  308. ret->time=ASN1_INTEGER_get(aip);
  309. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  310. }
  311. else
  312. ret->time=time(NULL);
  313. ai.length=0;
  314. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
  315. if (ai.data != NULL)
  316. {
  317. ret->timeout=ASN1_INTEGER_get(aip);
  318. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  319. }
  320. else
  321. ret->timeout=3;
  322. if (ret->peer != NULL)
  323. {
  324. X509_free(ret->peer);
  325. ret->peer=NULL;
  326. }
  327. M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
  328. os.length=0;
  329. os.data=NULL;
  330. M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
  331. if(os.data != NULL)
  332. {
  333. if (os.length > SSL_MAX_SID_CTX_LENGTH)
  334. {
  335. ret->sid_ctx_length=os.length;
  336. SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
  337. }
  338. else
  339. {
  340. ret->sid_ctx_length=os.length;
  341. memcpy(ret->sid_ctx,os.data,os.length);
  342. }
  343. OPENSSL_free(os.data); os.data=NULL; os.length=0;
  344. }
  345. else
  346. ret->sid_ctx_length=0;
  347. ai.length=0;
  348. M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
  349. if (ai.data != NULL)
  350. {
  351. ret->verify_result=ASN1_INTEGER_get(aip);
  352. OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
  353. }
  354. else
  355. ret->verify_result=X509_V_OK;
  356. M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
  357. }