summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_asn1.c
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
committercvs2svn <admin@example.com>2016-07-23 19:31:36 +0000
commit86c49b31af735796dfde37aa29473a30d36367db (patch)
treee9a354a92a348338fe2b361e2eda703cae23cfab /src/lib/libssl/ssl_asn1.c
parent19d5fe348e8926bac4521c5807aa64c45b8f7a41 (diff)
downloadopenbsd-OPENBSD_6_0_BASE.tar.gz
openbsd-OPENBSD_6_0_BASE.tar.bz2
openbsd-OPENBSD_6_0_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_6_0_BASE'.OPENBSD_6_0_BASE
Diffstat (limited to 'src/lib/libssl/ssl_asn1.c')
-rw-r--r--src/lib/libssl/ssl_asn1.c691
1 files changed, 0 insertions, 691 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index ee00cb286d..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,691 +0,0 @@
1/* $OpenBSD: ssl_asn1.c,v 1.41 2016/03/11 07:08:45 mmcc Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67/* XXX - these are here to avoid including asn1_mac.h */
68int asn1_GetSequence(ASN1_const_CTX *c, long *length);
69void asn1_add_error(const unsigned char *address, int offset);
70
71typedef struct ssl_session_asn1_st {
72 ASN1_INTEGER version;
73 ASN1_INTEGER ssl_version;
74 ASN1_OCTET_STRING cipher;
75 ASN1_OCTET_STRING master_key;
76 ASN1_OCTET_STRING session_id;
77 ASN1_OCTET_STRING session_id_context;
78 ASN1_INTEGER time;
79 ASN1_INTEGER timeout;
80 ASN1_INTEGER verify_result;
81 ASN1_OCTET_STRING tlsext_hostname;
82 ASN1_INTEGER tlsext_tick_lifetime;
83 ASN1_OCTET_STRING tlsext_tick;
84} SSL_SESSION_ASN1;
85
86int
87i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
88{
89#define LSIZE2 (sizeof(long)*2)
90 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
91 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
92 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
93 unsigned char ibuf6[LSIZE2];
94 SSL_SESSION_ASN1 a;
95 unsigned char *p;
96 int len = 0, ret;
97 long l;
98
99 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
100 return (0);
101
102 /*
103 * Note that I cheat in the following 2 assignments.
104 * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
105 * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
106 * This is a bit evil but makes things simple, no dynamic allocation
107 * to clean up :-)
108 */
109 a.version.length = LSIZE2;
110 a.version.type = V_ASN1_INTEGER;
111 a.version.data = ibuf1;
112 ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
113 len += i2d_ASN1_INTEGER(&(a.version), NULL);
114
115 a.ssl_version.length = LSIZE2;
116 a.ssl_version.type = V_ASN1_INTEGER;
117 a.ssl_version.data = ibuf2;
118 ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
119 len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
120
121 a.cipher.length = 2;
122 a.cipher.type = V_ASN1_OCTET_STRING;
123 l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
124 buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
125 buf[1] = ((unsigned char)(l)) & 0xff;
126 a.cipher.data = buf;
127 len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
128
129 a.master_key.length = in->master_key_length;
130 a.master_key.type = V_ASN1_OCTET_STRING;
131 a.master_key.data = in->master_key;
132 len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
133
134 a.session_id.length = in->session_id_length;
135 a.session_id.type = V_ASN1_OCTET_STRING;
136 a.session_id.data = in->session_id;
137 len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
138
139 if (in->time != 0L) {
140 a.time.length = LSIZE2;
141 a.time.type = V_ASN1_INTEGER;
142 a.time.data = ibuf3;
143 ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
144 v1 = i2d_ASN1_INTEGER(&(a.time), NULL);
145 len += ASN1_object_size(1, v1, 1);
146 }
147
148 if (in->timeout != 0L) {
149 a.timeout.length = LSIZE2;
150 a.timeout.type = V_ASN1_INTEGER;
151 a.timeout.data = ibuf4;
152 ASN1_INTEGER_set(&(a.timeout), in->timeout);
153 v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL);
154 len += ASN1_object_size(1, v2, 2);
155 }
156
157 if (in->peer != NULL) {
158 v3 = i2d_X509(in->peer, NULL);
159 len += ASN1_object_size(1, v3, 3);
160 }
161
162 a.session_id_context.length = in->sid_ctx_length;
163 a.session_id_context.type = V_ASN1_OCTET_STRING;
164 a.session_id_context.data = in->sid_ctx;
165 v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL);
166 len += ASN1_object_size(1, v4, 4);
167
168 if (in->verify_result != X509_V_OK) {
169 a.verify_result.length = LSIZE2;
170 a.verify_result.type = V_ASN1_INTEGER;
171 a.verify_result.data = ibuf5;
172 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
173 v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL);
174 len += ASN1_object_size(1, v5, 5);
175 }
176
177 if (in->tlsext_hostname) {
178 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
179 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
180 a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
181 v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL);
182 len += ASN1_object_size(1, v6, 6);
183 }
184
185 /* 7 - PSK identity hint. */
186 /* 8 - PSK identity. */
187
188 if (in->tlsext_tick_lifetime_hint > 0) {
189 a.tlsext_tick_lifetime.length = LSIZE2;
190 a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
191 a.tlsext_tick_lifetime.data = ibuf6;
192 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
193 in->tlsext_tick_lifetime_hint);
194 v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL);
195 len += ASN1_object_size(1, v9, 9);
196 }
197
198 if (in->tlsext_tick) {
199 a.tlsext_tick.length = in->tlsext_ticklen;
200 a.tlsext_tick.type = V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
202 v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL);
203 len += ASN1_object_size(1, v10, 10);
204 }
205
206 /* 11 - Compression method. */
207 /* 12 - SRP username. */
208
209 /* If given a NULL pointer, return the length only. */
210 ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
211 if (pp == NULL)
212 return (ret);
213
214 /* Burp out the ASN1. */
215 p = *pp;
216 ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
217 i2d_ASN1_INTEGER(&(a.version), &p);
218 i2d_ASN1_INTEGER(&(a.ssl_version), &p);
219 i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
220 i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
221 i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
222 if (in->time != 0L) {
223 ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
224 i2d_ASN1_INTEGER(&(a.time), &p);
225 }
226 if (in->timeout != 0L) {
227 ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
228 i2d_ASN1_INTEGER(&(a.timeout), &p);
229 }
230 if (in->peer != NULL) {
231 ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
232 i2d_X509(in->peer, &p);
233 }
234 ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
235 i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
236 if (in->verify_result != X509_V_OK) {
237 ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
238 i2d_ASN1_INTEGER(&(a.verify_result), &p);
239 }
240 if (in->tlsext_hostname) {
241 ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
242 i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
243 }
244 /* 7 - PSK identity hint. */
245 /* 8 - PSK identity. */
246 if (in->tlsext_tick_lifetime_hint > 0) {
247 ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
248 i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
249 }
250 if (in->tlsext_tick) {
251 ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
252 i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
253 }
254 /* 11 - Compression method. */
255 /* 12 - SRP username. */
256
257 *pp = p;
258 return (ret);
259}
260
261SSL_SESSION *
262d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
263{
264 SSL_SESSION *ret = NULL;
265 ASN1_const_CTX c;
266 ASN1_INTEGER ai, *aip;
267 ASN1_OCTET_STRING os, *osp;
268 int ssl_version = 0, i;
269 int Tinf, Ttag, Tclass;
270 long Tlen;
271 long id;
272
273 c.pp = pp;
274 c.p = *pp;
275 c.q = *pp;
276 c.max = (length == 0) ? 0 : (c.p + length);
277 c.slen = length;
278
279 if (a == NULL || *a == NULL) {
280 if ((ret = SSL_SESSION_new()) == NULL) {
281 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
282 goto err;
283 }
284 } else
285 ret = *a;
286
287 aip = &ai;
288 osp = &os;
289
290 if (!asn1_GetSequence(&c, &length)) {
291 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
292 goto err;
293 }
294
295 ai.data = NULL;
296 ai.length = 0;
297 c.q = c.p;
298 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
299 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
300 goto err;
301 }
302 c.slen -= (c.p - c.q);
303
304 if (ai.data != NULL) {
305 free(ai.data);
306 ai.data = NULL;
307 ai.length = 0;
308 }
309
310 /* we don't care about the version right now :-) */
311 c.q = c.p;
312 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
313 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
314 goto err;
315 }
316 c.slen -= (c.p - c.q);
317 ssl_version = (int)ASN1_INTEGER_get(aip);
318 ret->ssl_version = ssl_version;
319 if (ai.data != NULL) {
320 free(ai.data);
321 ai.data = NULL;
322 ai.length = 0;
323 }
324
325 os.data = NULL;
326 os.length = 0;
327 c.q = c.p;
328 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
329 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
330 goto err;
331 }
332 c.slen -= (c.p - c.q);
333 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
334 if (os.length != 2) {
335 SSLerr(SSL_F_D2I_SSL_SESSION,
336 SSL_R_CIPHER_CODE_WRONG_LENGTH);
337 goto err;
338 }
339 id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
340 (unsigned long)os.data[1];
341 } else {
342 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
343 goto err;
344 }
345
346 ret->cipher = NULL;
347 ret->cipher_id = id;
348
349 c.q = c.p;
350 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
351 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
352 goto err;
353 }
354 c.slen -= (c.p - c.q);
355
356 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
357 if (os.length > i)
358 os.length = i;
359 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
360 os.length = sizeof(ret->session_id);
361
362 ret->session_id_length = os.length;
363 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
364 memcpy(ret->session_id, os.data, os.length);
365
366 c.q = c.p;
367 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
368 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
369 goto err;
370 }
371 c.slen -= (c.p - c.q);
372 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
373 ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
374 else
375 ret->master_key_length = os.length;
376 memcpy(ret->master_key, os.data, ret->master_key_length);
377
378 os.length = 0;
379
380 /* 1 - Time (INTEGER). */
381 /* XXX 2038 */
382 ai.length = 0;
383 if (c.slen != 0L &&
384 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) {
385 c.q = c.p;
386 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
387 if (Tinf & 0x80) {
388 SSLerr(SSL_F_D2I_SSL_SESSION,
389 ERR_R_BAD_ASN1_OBJECT_HEADER);
390 goto err;
391 }
392 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
393 Tlen = c.slen - (c.p - c.q) - 2;
394 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
395 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
396 goto err;
397 }
398 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
399 Tlen = c.slen - (c.p - c.q);
400 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
401 SSLerr(SSL_F_D2I_SSL_SESSION,
402 ERR_R_MISSING_ASN1_EOS);
403 goto err;
404 }
405 }
406 c.slen -= (c.p - c.q);
407 }
408 if (ai.data != NULL) {
409 ret->time = ASN1_INTEGER_get(aip);
410 free(ai.data);
411 ai.data = NULL;
412 ai.length = 0;
413 } else
414 ret->time = time(NULL);
415
416 /* 2 - Timeout (INTEGER). */
417 ai.length = 0;
418 if (c.slen != 0L &&
419 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) {
420 c.q = c.p;
421 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
422 if (Tinf & 0x80) {
423 SSLerr(SSL_F_D2I_SSL_SESSION,
424 ERR_R_BAD_ASN1_OBJECT_HEADER);
425 goto err;
426 }
427 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
428 Tlen = c.slen - (c.p - c.q) - 2;
429 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
430 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
431 goto err;
432 }
433 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
434 Tlen = c.slen - (c.p - c.q);
435 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
436 SSLerr(SSL_F_D2I_SSL_SESSION,
437 ERR_R_MISSING_ASN1_EOS);
438 goto err;
439 }
440 }
441 c.slen -= (c.p - c.q);
442 }
443 if (ai.data != NULL) {
444 ret->timeout = ASN1_INTEGER_get(aip);
445 free(ai.data);
446 ai.data = NULL;
447 ai.length = 0;
448 } else
449 ret->timeout = 3;
450
451 /* 3 - Peer (X509). */
452 X509_free(ret->peer);
453 ret->peer = NULL;
454
455 if (c.slen != 0L &&
456 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
457 c.q = c.p;
458 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
459 if (Tinf & 0x80) {
460 SSLerr(SSL_F_D2I_SSL_SESSION,
461 ERR_R_BAD_ASN1_OBJECT_HEADER);
462 goto err;
463 }
464 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
465 Tlen = c.slen - (c.p - c.q) - 2;
466 if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) {
467 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
468 goto err;
469 }
470 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
471 Tlen = c.slen - (c.p - c.q);
472 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
473 SSLerr(SSL_F_D2I_SSL_SESSION,
474 ERR_R_MISSING_ASN1_EOS);
475 goto err;
476 }
477 }
478 c.slen -= (c.p - c.q);
479 }
480
481 /* 4 - Session ID (OCTET STRING). */
482 os.length = 0;
483 free(os.data);
484 os.data = NULL;
485 if (c.slen != 0L &&
486 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) {
487 c.q = c.p;
488 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
489 if (Tinf & 0x80) {
490 SSLerr(SSL_F_D2I_SSL_SESSION,
491 ERR_R_BAD_ASN1_OBJECT_HEADER);
492 goto err;
493 }
494 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
495 Tlen = c.slen - (c.p - c.q) - 2;
496 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
497 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
498 goto err;
499 }
500 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
501 Tlen = c.slen - (c.p - c.q);
502 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
503 SSLerr(SSL_F_D2I_SSL_SESSION,
504 ERR_R_MISSING_ASN1_EOS);
505 goto err;
506 }
507 }
508 c.slen -= (c.p - c.q);
509 }
510 if (os.data != NULL) {
511 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
512 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
513 goto err;
514 } else {
515 ret->sid_ctx_length = os.length;
516 memcpy(ret->sid_ctx, os.data, os.length);
517 }
518 free(os.data);
519 os.data = NULL;
520 os.length = 0;
521 } else
522 ret->sid_ctx_length = 0;
523
524 /* 5 - Verify_result. */
525 ai.length = 0;
526 if (c.slen != 0L &&
527 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) {
528 c.q = c.p;
529 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
530 if (Tinf & 0x80) {
531 SSLerr(SSL_F_D2I_SSL_SESSION,
532 ERR_R_BAD_ASN1_OBJECT_HEADER);
533 goto err;
534 }
535 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
536 Tlen = c.slen - (c.p - c.q) - 2;
537 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
538 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
539 goto err;
540 }
541 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
542 Tlen = c.slen - (c.p - c.q);
543 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
544 SSLerr(SSL_F_D2I_SSL_SESSION,
545 ERR_R_MISSING_ASN1_EOS);
546 goto err;
547 }
548 }
549 c.slen -= (c.p - c.q);
550 }
551 if (ai.data != NULL) {
552 ret->verify_result = ASN1_INTEGER_get(aip);
553 free(ai.data);
554 ai.data = NULL;
555 ai.length = 0;
556 } else
557 ret->verify_result = X509_V_OK;
558
559 /* 6 - HostName (OCTET STRING). */
560 os.length = 0;
561 os.data = NULL;
562 if (c.slen != 0L &&
563 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) {
564 c.q = c.p;
565 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
566 if (Tinf & 0x80) {
567 SSLerr(SSL_F_D2I_SSL_SESSION,
568 ERR_R_BAD_ASN1_OBJECT_HEADER);
569 goto err;
570 }
571 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
572 Tlen = c.slen - (c.p - c.q) - 2;
573 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
574 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
575 goto err;
576 }
577 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
578 Tlen = c.slen - (c.p - c.q);
579 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
580 SSLerr(SSL_F_D2I_SSL_SESSION,
581 ERR_R_MISSING_ASN1_EOS);
582 goto err;
583 }
584 }
585 c.slen -= (c.p - c.q);
586 }
587 if (os.data) {
588 ret->tlsext_hostname = strndup((char *)os.data, os.length);
589 free(os.data);
590 os.data = NULL;
591 os.length = 0;
592 } else
593 ret->tlsext_hostname = NULL;
594
595 /* 7 - PSK identity hint (OCTET STRING). */
596 /* 8 - PSK identity (OCTET STRING). */
597
598 /* 9 - Ticket lifetime. */
599 ai.length = 0;
600 if (c.slen != 0L &&
601 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) {
602 c.q = c.p;
603 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
604 if (Tinf & 0x80) {
605 SSLerr(SSL_F_D2I_SSL_SESSION,
606 ERR_R_BAD_ASN1_OBJECT_HEADER);
607 goto err;
608 }
609 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
610 Tlen = c.slen - (c.p - c.q) - 2;
611 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
612 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
613 goto err;
614 }
615 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
616 Tlen = c.slen - (c.p - c.q);
617 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
618 SSLerr(SSL_F_D2I_SSL_SESSION,
619 ERR_R_MISSING_ASN1_EOS);
620 goto err;
621 }
622 }
623 c.slen -= (c.p - c.q);
624 }
625 if (ai.data != NULL) {
626 ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
627 free(ai.data);
628 ai.data = NULL;
629 ai.length = 0;
630 } else if (ret->tlsext_ticklen && ret->session_id_length)
631 ret->tlsext_tick_lifetime_hint = -1;
632 else
633 ret->tlsext_tick_lifetime_hint = 0;
634 os.length = 0;
635 os.data = NULL;
636
637 /* 10 - Ticket (OCTET STRING). */
638 if (c.slen != 0L &&
639 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) {
640 c.q = c.p;
641 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
642 if (Tinf & 0x80) {
643 SSLerr(SSL_F_D2I_SSL_SESSION,
644 ERR_R_BAD_ASN1_OBJECT_HEADER);
645 goto err;
646 }
647 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
648 Tlen = c.slen - (c.p - c.q) - 2;
649 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
650 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
651 goto err;
652 }
653 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
654 Tlen = c.slen - (c.p - c.q);
655 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
656 SSLerr(SSL_F_D2I_SSL_SESSION,
657 ERR_R_MISSING_ASN1_EOS);
658 goto err;
659 }
660 }
661 c.slen -= (c.p - c.q);
662 }
663 if (os.data) {
664 ret->tlsext_tick = os.data;
665 ret->tlsext_ticklen = os.length;
666 os.data = NULL;
667 os.length = 0;
668 } else
669 ret->tlsext_tick = NULL;
670
671 /* 11 - Compression method (OCTET STRING). */
672 /* 12 - SRP username (OCTET STRING). */
673
674 if (!asn1_const_Finish(&c)) {
675 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
676 goto err;
677 }
678
679 *pp = c.p;
680 if (a != NULL)
681 *a = ret;
682
683 return (ret);
684
685err:
686 ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp));
687 if (ret != NULL && (a == NULL || *a != ret))
688 SSL_SESSION_free(ret);
689
690 return (NULL);
691}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-09 13:59:51 +0000