diff options
| author | markus <> | 2002-09-05 12:51:50 +0000 |
|---|---|---|
| committer | markus <> | 2002-09-05 12:51:50 +0000 |
| commit | 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch) | |
| tree | bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libssl/ssl_asn1.c | |
| parent | 027351f729b9e837200dae6e1520cda6577ab930 (diff) | |
| download | openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2 openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip | |
import openssl-0.9.7-beta1
Diffstat (limited to 'src/lib/libssl/ssl_asn1.c')
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 126 |
1 files changed, 101 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 116a83de64..c5eeeb6bc5 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -58,8 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1_mac.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | ||
| 63 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 64 | 65 | ||
| 65 | typedef struct ssl_session_asn1_st | 66 | typedef struct ssl_session_asn1_st |
| @@ -69,24 +70,22 @@ typedef struct ssl_session_asn1_st | |||
| 69 | ASN1_OCTET_STRING cipher; | 70 | ASN1_OCTET_STRING cipher; |
| 70 | ASN1_OCTET_STRING master_key; | 71 | ASN1_OCTET_STRING master_key; |
| 71 | ASN1_OCTET_STRING session_id; | 72 | ASN1_OCTET_STRING session_id; |
| 73 | ASN1_OCTET_STRING session_id_context; | ||
| 72 | ASN1_OCTET_STRING key_arg; | 74 | ASN1_OCTET_STRING key_arg; |
| 75 | #ifndef OPENSSL_NO_KRB5 | ||
| 76 | ASN1_OCTET_STRING krb5_princ; | ||
| 77 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 73 | ASN1_INTEGER time; | 78 | ASN1_INTEGER time; |
| 74 | ASN1_INTEGER timeout; | 79 | ASN1_INTEGER timeout; |
| 80 | ASN1_INTEGER verify_result; | ||
| 75 | } SSL_SESSION_ASN1; | 81 | } SSL_SESSION_ASN1; |
| 76 | 82 | ||
| 77 | /* | 83 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 78 | * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH); | ||
| 79 | * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER); | ||
| 80 | */ | ||
| 81 | |||
| 82 | int i2d_SSL_SESSION(in,pp) | ||
| 83 | SSL_SESSION *in; | ||
| 84 | unsigned char **pp; | ||
| 85 | { | 84 | { |
| 86 | #define LSIZE2 (sizeof(long)*2) | 85 | #define LSIZE2 (sizeof(long)*2) |
| 87 | int v1=0,v2=0,v3=0; | 86 | int v1=0,v2=0,v3=0,v4=0,v5=0; |
| 88 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 87 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; |
| 89 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; | 88 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; |
| 90 | long l; | 89 | long l; |
| 91 | SSL_SESSION_ASN1 a; | 90 | SSL_SESSION_ASN1 a; |
| 92 | M_ASN1_I2D_vars(in); | 91 | M_ASN1_I2D_vars(in); |
| @@ -95,8 +94,8 @@ unsigned char **pp; | |||
| 95 | return(0); | 94 | return(0); |
| 96 | 95 | ||
| 97 | /* Note that I cheat in the following 2 assignments. I know | 96 | /* Note that I cheat in the following 2 assignments. I know |
| 98 | * that if the ASN1_INTERGER passed to ASN1_INTEGER_set | 97 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 99 | * is > sizeof(long)+1, the buffer will not be re-Malloc()ed. | 98 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 100 | * This is a bit evil but makes things simple, no dynamic allocation | 99 | * This is a bit evil but makes things simple, no dynamic allocation |
| 101 | * to clean up :-) */ | 100 | * to clean up :-) */ |
| 102 | a.version.length=LSIZE2; | 101 | a.version.length=LSIZE2; |
| @@ -138,10 +137,23 @@ unsigned char **pp; | |||
| 138 | a.session_id.type=V_ASN1_OCTET_STRING; | 137 | a.session_id.type=V_ASN1_OCTET_STRING; |
| 139 | a.session_id.data=in->session_id; | 138 | a.session_id.data=in->session_id; |
| 140 | 139 | ||
| 140 | a.session_id_context.length=in->sid_ctx_length; | ||
| 141 | a.session_id_context.type=V_ASN1_OCTET_STRING; | ||
| 142 | a.session_id_context.data=in->sid_ctx; | ||
| 143 | |||
| 141 | a.key_arg.length=in->key_arg_length; | 144 | a.key_arg.length=in->key_arg_length; |
| 142 | a.key_arg.type=V_ASN1_OCTET_STRING; | 145 | a.key_arg.type=V_ASN1_OCTET_STRING; |
| 143 | a.key_arg.data=in->key_arg; | 146 | a.key_arg.data=in->key_arg; |
| 144 | 147 | ||
| 148 | #ifndef OPENSSL_NO_KRB5 | ||
| 149 | if (in->krb5_client_princ_len) | ||
| 150 | { | ||
| 151 | a.krb5_princ.length=in->krb5_client_princ_len; | ||
| 152 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | ||
| 153 | a.krb5_princ.data=in->krb5_client_princ; | ||
| 154 | } | ||
| 155 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 156 | |||
| 145 | if (in->time != 0L) | 157 | if (in->time != 0L) |
| 146 | { | 158 | { |
| 147 | a.time.length=LSIZE2; | 159 | a.time.length=LSIZE2; |
| @@ -158,11 +170,24 @@ unsigned char **pp; | |||
| 158 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 170 | ASN1_INTEGER_set(&(a.timeout),in->timeout); |
| 159 | } | 171 | } |
| 160 | 172 | ||
| 173 | if (in->verify_result != X509_V_OK) | ||
| 174 | { | ||
| 175 | a.verify_result.length=LSIZE2; | ||
| 176 | a.verify_result.type=V_ASN1_INTEGER; | ||
| 177 | a.verify_result.data=ibuf5; | ||
| 178 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | ||
| 179 | } | ||
| 180 | |||
| 181 | |||
| 161 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 182 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| 162 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | 183 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); |
| 163 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | 184 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| 164 | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | 185 | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); |
| 165 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 186 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 187 | #ifndef OPENSSL_NO_KRB5 | ||
| 188 | if (in->krb5_client_princ_len) | ||
| 189 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
| 190 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 166 | if (in->key_arg_length > 0) | 191 | if (in->key_arg_length > 0) |
| 167 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 192 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); |
| 168 | if (in->time != 0L) | 193 | if (in->time != 0L) |
| @@ -171,6 +196,9 @@ unsigned char **pp; | |||
| 171 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 196 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); |
| 172 | if (in->peer != NULL) | 197 | if (in->peer != NULL) |
| 173 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 198 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); |
| 199 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | ||
| 200 | if (in->verify_result != X509_V_OK) | ||
| 201 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | ||
| 174 | 202 | ||
| 175 | M_ASN1_I2D_seq_total(); | 203 | M_ASN1_I2D_seq_total(); |
| 176 | 204 | ||
| @@ -179,6 +207,10 @@ unsigned char **pp; | |||
| 179 | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | 207 | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| 180 | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | 208 | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); |
| 181 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 209 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 210 | #ifndef OPENSSL_NO_KRB5 | ||
| 211 | if (in->krb5_client_princ_len) | ||
| 212 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
| 213 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 182 | if (in->key_arg_length > 0) | 214 | if (in->key_arg_length > 0) |
| 183 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 215 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); |
| 184 | if (in->time != 0L) | 216 | if (in->time != 0L) |
| @@ -187,14 +219,15 @@ unsigned char **pp; | |||
| 187 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 219 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); |
| 188 | if (in->peer != NULL) | 220 | if (in->peer != NULL) |
| 189 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 221 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); |
| 190 | 222 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | |
| 223 | v4); | ||
| 224 | if (in->verify_result != X509_V_OK) | ||
| 225 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | ||
| 191 | M_ASN1_I2D_finish(); | 226 | M_ASN1_I2D_finish(); |
| 192 | } | 227 | } |
| 193 | 228 | ||
| 194 | SSL_SESSION *d2i_SSL_SESSION(a,pp,length) | 229 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, |
| 195 | SSL_SESSION **a; | 230 | long length) |
| 196 | unsigned char **pp; | ||
| 197 | long length; | ||
| 198 | { | 231 | { |
| 199 | int version,ssl_version=0,i; | 232 | int version,ssl_version=0,i; |
| 200 | long id; | 233 | long id; |
| @@ -211,13 +244,13 @@ long length; | |||
| 211 | ai.data=NULL; ai.length=0; | 244 | ai.data=NULL; ai.length=0; |
| 212 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 245 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); |
| 213 | version=(int)ASN1_INTEGER_get(aip); | 246 | version=(int)ASN1_INTEGER_get(aip); |
| 214 | if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } | 247 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 215 | 248 | ||
| 216 | /* we don't care about the version right now :-) */ | 249 | /* we don't care about the version right now :-) */ |
| 217 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 250 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); |
| 218 | ssl_version=(int)ASN1_INTEGER_get(aip); | 251 | ssl_version=(int)ASN1_INTEGER_get(aip); |
| 219 | ret->ssl_version=ssl_version; | 252 | ret->ssl_version=ssl_version; |
| 220 | if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } | 253 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 221 | 254 | ||
| 222 | os.data=NULL; os.length=0; | 255 | os.data=NULL; os.length=0; |
| 223 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 256 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); |
| @@ -273,20 +306,39 @@ long length; | |||
| 273 | memcpy(ret->master_key,os.data,ret->master_key_length); | 306 | memcpy(ret->master_key,os.data,ret->master_key_length); |
| 274 | 307 | ||
| 275 | os.length=0; | 308 | os.length=0; |
| 309 | |||
| 310 | #ifndef OPENSSL_NO_KRB5 | ||
| 311 | os.length=0; | ||
| 312 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | ||
| 313 | if (os.data) | ||
| 314 | { | ||
| 315 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | ||
| 316 | ret->krb5_client_princ_len=0; | ||
| 317 | else | ||
| 318 | ret->krb5_client_princ_len=os.length; | ||
| 319 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | ||
| 320 | OPENSSL_free(os.data); | ||
| 321 | os.data = NULL; | ||
| 322 | os.length = 0; | ||
| 323 | } | ||
| 324 | else | ||
| 325 | ret->krb5_client_princ_len=0; | ||
| 326 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 327 | |||
| 276 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 328 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); |
| 277 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 329 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 278 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 330 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; |
| 279 | else | 331 | else |
| 280 | ret->key_arg_length=os.length; | 332 | ret->key_arg_length=os.length; |
| 281 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 333 | memcpy(ret->key_arg,os.data,ret->key_arg_length); |
| 282 | if (os.data != NULL) Free(os.data); | 334 | if (os.data != NULL) OPENSSL_free(os.data); |
| 283 | 335 | ||
| 284 | ai.length=0; | 336 | ai.length=0; |
| 285 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | 337 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); |
| 286 | if (ai.data != NULL) | 338 | if (ai.data != NULL) |
| 287 | { | 339 | { |
| 288 | ret->time=ASN1_INTEGER_get(aip); | 340 | ret->time=ASN1_INTEGER_get(aip); |
| 289 | Free(ai.data); ai.data=NULL; ai.length=0; | 341 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; |
| 290 | } | 342 | } |
| 291 | else | 343 | else |
| 292 | ret->time=time(NULL); | 344 | ret->time=time(NULL); |
| @@ -296,7 +348,7 @@ long length; | |||
| 296 | if (ai.data != NULL) | 348 | if (ai.data != NULL) |
| 297 | { | 349 | { |
| 298 | ret->timeout=ASN1_INTEGER_get(aip); | 350 | ret->timeout=ASN1_INTEGER_get(aip); |
| 299 | Free(ai.data); ai.data=NULL; ai.length=0; | 351 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; |
| 300 | } | 352 | } |
| 301 | else | 353 | else |
| 302 | ret->timeout=3; | 354 | ret->timeout=3; |
| @@ -308,6 +360,30 @@ long length; | |||
| 308 | } | 360 | } |
| 309 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 361 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); |
| 310 | 362 | ||
| 363 | os.length=0; | ||
| 364 | os.data=NULL; | ||
| 365 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | ||
| 366 | |||
| 367 | if(os.data != NULL) | ||
| 368 | { | ||
| 369 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | ||
| 370 | SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); | ||
| 371 | ret->sid_ctx_length=os.length; | ||
| 372 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 373 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 374 | } | ||
| 375 | else | ||
| 376 | ret->sid_ctx_length=0; | ||
| 377 | |||
| 378 | ai.length=0; | ||
| 379 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 380 | if (ai.data != NULL) | ||
| 381 | { | ||
| 382 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 383 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 384 | } | ||
| 385 | else | ||
| 386 | ret->verify_result=X509_V_OK; | ||
| 387 | |||
| 311 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 388 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); |
| 312 | } | 389 | } |
| 313 | |||