1 files changed, 101 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 116a83de64..c5eeeb6bc5 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -58,8 +58,9 @@
 #include <stdio.h>
 #include <stdlib.h>
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
-#include "objects.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 #include "ssl_locl.h"
 typedef struct ssl_session_asn1_st
@@ -69,24 +70,22 @@ typedef struct ssl_session_asn1_st
        ASN1_OCTET_STRING cipher;
        ASN1_OCTET_STRING master_key;
        ASN1_OCTET_STRING session_id;
+        ASN1_OCTET_STRING session_id_context;
        ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+        ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
        ASN1_INTEGER time;
        ASN1_INTEGER timeout;
+        ASN1_INTEGER verify_result;
        } SSL_SESSION_ASN1;
-/*
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH);
- * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER);
- */
-int i2d_SSL_SESSION(in,pp)
-SSL_SESSION *in;
-unsigned char **pp;
        {
 #define LSIZE2 (sizeof(long)*2)
-        int v1=0,v2=0,v3=0;
+        int v1=0,v2=0,v3=0,v4=0,v5=0;
        unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
-        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
+        unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
@@ -95,8 +94,8 @@ unsigned char **pp;
                return(0);
        /* Note that I cheat in the following 2 assignments.  I know
-         * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
+         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
-         * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+         * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
         * This is a bit evil but makes things simple, no dynamic allocation
         * to clean up :-) */
        a.version.length=LSIZE2;
@@ -138,10 +137,23 @@ unsigned char **pp;
        a.session_id.type=V_ASN1_OCTET_STRING;
        a.session_id.data=in->session_id;
+        a.session_id_context.length=in->sid_ctx_length;
+        a.session_id_context.type=V_ASN1_OCTET_STRING;
+        a.session_id_context.data=in->sid_ctx;
        a.key_arg.length=in->key_arg_length;
        a.key_arg.type=V_ASN1_OCTET_STRING;
        a.key_arg.data=in->key_arg;
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                {
+                a.krb5_princ.length=in->krb5_client_princ_len;
+                a.krb5_princ.type=V_ASN1_OCTET_STRING;
+                a.krb5_princ.data=in->krb5_client_princ;
+                }
+#endif /* OPENSSL_NO_KRB5 */
+ 
        if (in->time != 0L)
                {
                a.time.length=LSIZE2;
@@ -158,11 +170,24 @@ unsigned char **pp;
                ASN1_INTEGER_set(&(a.timeout),in->timeout);
                }
+        if (in->verify_result != X509_V_OK)
+                {
+                a.verify_result.length=LSIZE2;
+                a.verify_result.type=V_ASN1_INTEGER;
+                a.verify_result.data=ibuf5;
+                ASN1_INTEGER_set(&a.verify_result,in->verify_result);
+                }
        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
        if (in->key_arg_length > 0)
                M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
@@ -171,6 +196,9 @@ unsigned char **pp;
                M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
        if (in->peer != NULL)
                M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
        M_ASN1_I2D_seq_total();
@@ -179,6 +207,10 @@ unsigned char **pp;
        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
        if (in->key_arg_length > 0)
                M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
        if (in->time != 0L)
@@ -187,14 +219,15 @@ unsigned char **pp;
                M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
        if (in->peer != NULL)
                M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
+        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
+                               v4);
+        if (in->verify_result != X509_V_OK)
+                M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
        M_ASN1_I2D_finish();
        }
-SSL_SESSION *d2i_SSL_SESSION(a,pp,length)
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
-SSL_SESSION **a;
+             long length)
-unsigned char **pp;
-long length;
        {
        int version,ssl_version=0,i;
        long id;
@@ -211,13 +244,13 @@ long length;
        ai.data=NULL; ai.length=0;
        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
        version=(int)ASN1_INTEGER_get(aip);
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
        /* we don't care about the version right now :-) */
        M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
        ssl_version=(int)ASN1_INTEGER_get(aip);
        ret->ssl_version=ssl_version;
-        if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+        if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
        os.data=NULL; os.length=0;
        M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -273,20 +306,39 @@ long length;
        memcpy(ret->master_key,os.data,ret->master_key_length);
        os.length=0;
+#ifndef OPENSSL_NO_KRB5
+        os.length=0;
+        M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
+        if (os.data)
+                {
+                if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+                        ret->krb5_client_princ_len=0;
+                else
+                        ret->krb5_client_princ_len=os.length;
+                memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                os.length = 0;
+                }
+        else
+                ret->krb5_client_princ_len=0;
+#endif /* OPENSSL_NO_KRB5 */
        M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
        if (os.length > SSL_MAX_KEY_ARG_LENGTH)
                ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
        else
                ret->key_arg_length=os.length;
        memcpy(ret->key_arg,os.data,ret->key_arg_length);
-        if (os.data != NULL) Free(os.data);
+        if (os.data != NULL) OPENSSL_free(os.data);
        ai.length=0;
        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
        if (ai.data != NULL)
                {
                ret->time=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                }
        else
                ret->time=time(NULL);
@@ -296,7 +348,7 @@ long length;
        if (ai.data != NULL)
                {
                ret->timeout=ASN1_INTEGER_get(aip);
-                Free(ai.data); ai.data=NULL; ai.length=0;
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
                }
        else
                ret->timeout=3;
@@ -308,6 +360,30 @@ long length;
                }
        M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
+        os.length=0;
+        os.data=NULL;
+        M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+        if(os.data != NULL)
+            {
+            if (os.length > SSL_MAX_SID_CTX_LENGTH)
+                SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+            ret->sid_ctx_length=os.length;
+            memcpy(ret->sid_ctx,os.data,os.length);
+            OPENSSL_free(os.data); os.data=NULL; os.length=0;
+            }
+        else
+            ret->sid_ctx_length=0;
+        ai.length=0;
+        M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
+        if (ai.data != NULL)
+                {
+                ret->verify_result=ASN1_INTEGER_get(aip);
+                OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+                }
+        else
+                ret->verify_result=X509_V_OK;
        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
        }

diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 116a83de64..c5eeeb6bc5 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c
@@ -58,8 +58,9 @@
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include <stdlib.h>	60	#include <stdlib.h>
61	#include "asn1_mac.h"	61	#include <openssl/asn1_mac.h>
62	#include "objects.h"	62	#include <openssl/objects.h>
		63	#include <openssl/x509.h>
63	#include "ssl_locl.h"	64	#include "ssl_locl.h"
64		65
65	typedef struct ssl_session_asn1_st	66	typedef struct ssl_session_asn1_st
@@ -69,24 +70,22 @@ typedef struct ssl_session_asn1_st
69	ASN1_OCTET_STRING cipher;	70	ASN1_OCTET_STRING cipher;
70	ASN1_OCTET_STRING master_key;	71	ASN1_OCTET_STRING master_key;
71	ASN1_OCTET_STRING session_id;	72	ASN1_OCTET_STRING session_id;
		73	ASN1_OCTET_STRING session_id_context;
72	ASN1_OCTET_STRING key_arg;	74	ASN1_OCTET_STRING key_arg;
		75	#ifndef OPENSSL_NO_KRB5
		76	ASN1_OCTET_STRING krb5_princ;
		77	#endif /* OPENSSL_NO_KRB5 */
73	ASN1_INTEGER time;	78	ASN1_INTEGER time;
74	ASN1_INTEGER timeout;	79	ASN1_INTEGER timeout;
		80	ASN1_INTEGER verify_result;
75	} SSL_SESSION_ASN1;	81	} SSL_SESSION_ASN1;
76		82
77	/*	83	int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
78	* SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH);
79	* SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER);
80	*/
81
82	int i2d_SSL_SESSION(in,pp)
83	SSL_SESSION *in;
84	unsigned char **pp;
85	{	84	{
86	#define LSIZE2 (sizeof(long)*2)	85	#define LSIZE2 (sizeof(long)*2)
87	int v1=0,v2=0,v3=0;	86	int v1=0,v2=0,v3=0,v4=0,v5=0;
88	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];	87	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
89	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];	88	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
90	long l;	89	long l;
91	SSL_SESSION_ASN1 a;	90	SSL_SESSION_ASN1 a;
92	M_ASN1_I2D_vars(in);	91	M_ASN1_I2D_vars(in);
@@ -95,8 +94,8 @@ unsigned char **pp;
95	return(0);	94	return(0);
96		95
97	/* Note that I cheat in the following 2 assignments. I know	96	/* Note that I cheat in the following 2 assignments. I know
98	* that if the ASN1_INTERGER passed to ASN1_INTEGER_set	97	* that if the ASN1_INTEGER passed to ASN1_INTEGER_set
99	* is > sizeof(long)+1, the buffer will not be re-Malloc()ed.	98	* is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
100	* This is a bit evil but makes things simple, no dynamic allocation	99	* This is a bit evil but makes things simple, no dynamic allocation
101	* to clean up :-) */	100	* to clean up :-) */
102	a.version.length=LSIZE2;	101	a.version.length=LSIZE2;
@@ -138,10 +137,23 @@ unsigned char **pp;
138	a.session_id.type=V_ASN1_OCTET_STRING;	137	a.session_id.type=V_ASN1_OCTET_STRING;
139	a.session_id.data=in->session_id;	138	a.session_id.data=in->session_id;
140		139
		140	a.session_id_context.length=in->sid_ctx_length;
		141	a.session_id_context.type=V_ASN1_OCTET_STRING;
		142	a.session_id_context.data=in->sid_ctx;
		143
141	a.key_arg.length=in->key_arg_length;	144	a.key_arg.length=in->key_arg_length;
142	a.key_arg.type=V_ASN1_OCTET_STRING;	145	a.key_arg.type=V_ASN1_OCTET_STRING;
143	a.key_arg.data=in->key_arg;	146	a.key_arg.data=in->key_arg;
144		147
		148	#ifndef OPENSSL_NO_KRB5
		149	if (in->krb5_client_princ_len)
		150	{
		151	a.krb5_princ.length=in->krb5_client_princ_len;
		152	a.krb5_princ.type=V_ASN1_OCTET_STRING;
		153	a.krb5_princ.data=in->krb5_client_princ;
		154	}
		155	#endif /* OPENSSL_NO_KRB5 */
		156
145	if (in->time != 0L)	157	if (in->time != 0L)
146	{	158	{
147	a.time.length=LSIZE2;	159	a.time.length=LSIZE2;
@@ -158,11 +170,24 @@ unsigned char **pp;
158	ASN1_INTEGER_set(&(a.timeout),in->timeout);	170	ASN1_INTEGER_set(&(a.timeout),in->timeout);
159	}	171	}
160		172
		173	if (in->verify_result != X509_V_OK)
		174	{
		175	a.verify_result.length=LSIZE2;
		176	a.verify_result.type=V_ASN1_INTEGER;
		177	a.verify_result.data=ibuf5;
		178	ASN1_INTEGER_set(&a.verify_result,in->verify_result);
		179	}
		180
		181
161	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);	182	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
162	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);	183	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
163	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);	184	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
164	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);	185	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
165	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);	186	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
		187	#ifndef OPENSSL_NO_KRB5
		188	if (in->krb5_client_princ_len)
		189	M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
		190	#endif /* OPENSSL_NO_KRB5 */
166	if (in->key_arg_length > 0)	191	if (in->key_arg_length > 0)
167	M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);	192	M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
168	if (in->time != 0L)	193	if (in->time != 0L)
@@ -171,6 +196,9 @@ unsigned char **pp;
171	M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);	196	M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
172	if (in->peer != NULL)	197	if (in->peer != NULL)
173	M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);	198	M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
		199	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
		200	if (in->verify_result != X509_V_OK)
		201	M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
174		202
175	M_ASN1_I2D_seq_total();	203	M_ASN1_I2D_seq_total();
176		204
@@ -179,6 +207,10 @@ unsigned char **pp;
179	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);	207	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
180	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);	208	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
181	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);	209	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
		210	#ifndef OPENSSL_NO_KRB5
		211	if (in->krb5_client_princ_len)
		212	M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
		213	#endif /* OPENSSL_NO_KRB5 */
182	if (in->key_arg_length > 0)	214	if (in->key_arg_length > 0)
183	M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);	215	M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
184	if (in->time != 0L)	216	if (in->time != 0L)
@@ -187,14 +219,15 @@ unsigned char **pp;
187	M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);	219	M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
188	if (in->peer != NULL)	220	if (in->peer != NULL)
189	M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);	221	M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
190		222	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
		223	v4);
		224	if (in->verify_result != X509_V_OK)
		225	M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
191	M_ASN1_I2D_finish();	226	M_ASN1_I2D_finish();
192	}	227	}
193		228
194	SSL_SESSION *d2i_SSL_SESSION(a,pp,length)	229	SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, unsigned char *pp,
195	SSL_SESSION **a;	230	long length)
196	unsigned char **pp;
197	long length;
198	{	231	{
199	int version,ssl_version=0,i;	232	int version,ssl_version=0,i;
200	long id;	233	long id;
@@ -211,13 +244,13 @@ long length;
211	ai.data=NULL; ai.length=0;	244	ai.data=NULL; ai.length=0;
212	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);	245	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
213	version=(int)ASN1_INTEGER_get(aip);	246	version=(int)ASN1_INTEGER_get(aip);
214	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }	247	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
215		248
216	/* we don't care about the version right now :-) */	249	/* we don't care about the version right now :-) */
217	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);	250	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
218	ssl_version=(int)ASN1_INTEGER_get(aip);	251	ssl_version=(int)ASN1_INTEGER_get(aip);
219	ret->ssl_version=ssl_version;	252	ret->ssl_version=ssl_version;
220	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }	253	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
221		254
222	os.data=NULL; os.length=0;	255	os.data=NULL; os.length=0;
223	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);	256	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -273,20 +306,39 @@ long length;
273	memcpy(ret->master_key,os.data,ret->master_key_length);	306	memcpy(ret->master_key,os.data,ret->master_key_length);
274		307
275	os.length=0;	308	os.length=0;
		309
		310	#ifndef OPENSSL_NO_KRB5
		311	os.length=0;
		312	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
		313	if (os.data)
		314	{
		315	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
		316	ret->krb5_client_princ_len=0;
		317	else
		318	ret->krb5_client_princ_len=os.length;
		319	memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
		320	OPENSSL_free(os.data);
		321	os.data = NULL;
		322	os.length = 0;
		323	}
		324	else
		325	ret->krb5_client_princ_len=0;
		326	#endif /* OPENSSL_NO_KRB5 */
		327
276	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);	328	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
277	if (os.length > SSL_MAX_KEY_ARG_LENGTH)	329	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
278	ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;	330	ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
279	else	331	else
280	ret->key_arg_length=os.length;	332	ret->key_arg_length=os.length;
281	memcpy(ret->key_arg,os.data,ret->key_arg_length);	333	memcpy(ret->key_arg,os.data,ret->key_arg_length);
282	if (os.data != NULL) Free(os.data);	334	if (os.data != NULL) OPENSSL_free(os.data);
283		335
284	ai.length=0;	336	ai.length=0;
285	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);	337	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
286	if (ai.data != NULL)	338	if (ai.data != NULL)
287	{	339	{
288	ret->time=ASN1_INTEGER_get(aip);	340	ret->time=ASN1_INTEGER_get(aip);
289	Free(ai.data); ai.data=NULL; ai.length=0;	341	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
290	}	342	}
291	else	343	else
292	ret->time=time(NULL);	344	ret->time=time(NULL);
@@ -296,7 +348,7 @@ long length;
296	if (ai.data != NULL)	348	if (ai.data != NULL)
297	{	349	{
298	ret->timeout=ASN1_INTEGER_get(aip);	350	ret->timeout=ASN1_INTEGER_get(aip);
299	Free(ai.data); ai.data=NULL; ai.length=0;	351	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
300	}	352	}
301	else	353	else
302	ret->timeout=3;	354	ret->timeout=3;
@@ -308,6 +360,30 @@ long length;
308	}	360	}
309	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);	361	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
310		362
		363	os.length=0;
		364	os.data=NULL;
		365	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
		366
		367	if(os.data != NULL)
		368	{
		369	if (os.length > SSL_MAX_SID_CTX_LENGTH)
		370	SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
		371	ret->sid_ctx_length=os.length;
		372	memcpy(ret->sid_ctx,os.data,os.length);
		373	OPENSSL_free(os.data); os.data=NULL; os.length=0;
		374	}
		375	else
		376	ret->sid_ctx_length=0;
		377
		378	ai.length=0;
		379	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
		380	if (ai.data != NULL)
		381	{
		382	ret->verify_result=ASN1_INTEGER_get(aip);
		383	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
		384	}
		385	else
		386	ret->verify_result=X509_V_OK;
		387
311	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);	388	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
312	}	389	}
313