diff options
author | guenther <> | 2014-04-20 12:48:19 +0000 |
---|---|---|
committer | guenther <> | 2014-04-20 12:48:19 +0000 |
commit | 71d6ded93deb4d1edc464874b5359ece0ef857d2 (patch) | |
tree | cca6edfc57a2953a5fb440052243f46cd8d7eb12 /src/lib/libssl/ssl_asn1.c | |
parent | 4b4a5d4b04e0ebd28c425210967942e4fa5d834c (diff) | |
download | openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.gz openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.bz2 openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.zip |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
Diffstat (limited to 'src/lib/libssl/ssl_asn1.c')
-rw-r--r-- | src/lib/libssl/ssl_asn1.c | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index c551ec4877..1d2590268c 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
@@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st { | |||
97 | ASN1_OCTET_STRING master_key; | 97 | ASN1_OCTET_STRING master_key; |
98 | ASN1_OCTET_STRING session_id; | 98 | ASN1_OCTET_STRING session_id; |
99 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
100 | ASN1_OCTET_STRING key_arg; | ||
101 | #ifndef OPENSSL_NO_KRB5 | 100 | #ifndef OPENSSL_NO_KRB5 |
102 | ASN1_OCTET_STRING krb5_princ; | 101 | ASN1_OCTET_STRING krb5_princ; |
103 | #endif /* OPENSSL_NO_KRB5 */ | 102 | #endif /* OPENSSL_NO_KRB5 */ |
@@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
190 | a.session_id_context.type = V_ASN1_OCTET_STRING; | 189 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
191 | a.session_id_context.data = in->sid_ctx; | 190 | a.session_id_context.data = in->sid_ctx; |
192 | 191 | ||
193 | a.key_arg.length = in->key_arg_length; | ||
194 | a.key_arg.type = V_ASN1_OCTET_STRING; | ||
195 | a.key_arg.data = in->key_arg; | ||
196 | |||
197 | #ifndef OPENSSL_NO_KRB5 | 192 | #ifndef OPENSSL_NO_KRB5 |
198 | if (in->krb5_client_princ_len) { | 193 | if (in->krb5_client_princ_len) { |
199 | a.krb5_princ.length = in->krb5_client_princ_len; | 194 | a.krb5_princ.length = in->krb5_client_princ_len; |
@@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
206 | a.time.length = LSIZE2; | 201 | a.time.length = LSIZE2; |
207 | a.time.type = V_ASN1_INTEGER; | 202 | a.time.type = V_ASN1_INTEGER; |
208 | a.time.data = ibuf3; | 203 | a.time.data = ibuf3; |
209 | ASN1_INTEGER_set(&(a.time), in->time); | 204 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ |
210 | } | 205 | } |
211 | 206 | ||
212 | if (in->timeout != 0L) { | 207 | if (in->timeout != 0L) { |
@@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
270 | if (in->krb5_client_princ_len) | 265 | if (in->krb5_client_princ_len) |
271 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 266 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
272 | #endif /* OPENSSL_NO_KRB5 */ | 267 | #endif /* OPENSSL_NO_KRB5 */ |
273 | if (in->key_arg_length > 0) | ||
274 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); | ||
275 | if (in->time != 0L) | 268 | if (in->time != 0L) |
276 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 269 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
277 | if (in->timeout != 0L) | 270 | if (in->timeout != 0L) |
@@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
316 | if (in->krb5_client_princ_len) | 309 | if (in->krb5_client_princ_len) |
317 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 310 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
318 | #endif /* OPENSSL_NO_KRB5 */ | 311 | #endif /* OPENSSL_NO_KRB5 */ |
319 | if (in->key_arg_length > 0) | ||
320 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); | ||
321 | if (in->time != 0L) | 312 | if (in->time != 0L) |
322 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); | 313 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
323 | if (in->timeout != 0L) | 314 | if (in->timeout != 0L) |
@@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | |||
445 | ret->krb5_client_princ_len = 0; | 436 | ret->krb5_client_princ_len = 0; |
446 | #endif /* OPENSSL_NO_KRB5 */ | 437 | #endif /* OPENSSL_NO_KRB5 */ |
447 | 438 | ||
448 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); | ||
449 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | ||
450 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; | ||
451 | else | ||
452 | ret->key_arg_length = os.length; | ||
453 | memcpy(ret->key_arg, os.data, ret->key_arg_length); | ||
454 | if (os.data != NULL) | ||
455 | free(os.data); | ||
456 | |||
457 | ai.length = 0; | 439 | ai.length = 0; |
458 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); | 440 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); /* XXX 2038 */ |
459 | if (ai.data != NULL) { | 441 | if (ai.data != NULL) { |
460 | ret->time = ASN1_INTEGER_get(aip); | 442 | ret->time = ASN1_INTEGER_get(aip); |
461 | free(ai.data); | 443 | free(ai.data); |
462 | ai.data = NULL; | 444 | ai.data = NULL; |
463 | ai.length = 0; | 445 | ai.length = 0; |
464 | } else | 446 | } else |
465 | ret->time = (unsigned long)time(NULL); | 447 | ret->time = time(NULL); |
466 | 448 | ||
467 | ai.length = 0; | 449 | ai.length = 0; |
468 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | 450 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); |