summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_asn1.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_asn1.c')
-rw-r--r--src/lib/libssl/ssl_asn1.c692
1 files changed, 0 insertions, 692 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index b60b3ea3f8..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,692 +0,0 @@
1/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67/* XXX - these are here to avoid including asn1_mac.h */
68int asn1_GetSequence(ASN1_const_CTX *c, long *length);
69void asn1_add_error(const unsigned char *address, int offset);
70
71typedef struct ssl_session_asn1_st {
72 ASN1_INTEGER version;
73 ASN1_INTEGER ssl_version;
74 ASN1_OCTET_STRING cipher;
75 ASN1_OCTET_STRING master_key;
76 ASN1_OCTET_STRING session_id;
77 ASN1_OCTET_STRING session_id_context;
78 ASN1_INTEGER time;
79 ASN1_INTEGER timeout;
80 ASN1_INTEGER verify_result;
81 ASN1_OCTET_STRING tlsext_hostname;
82 ASN1_INTEGER tlsext_tick_lifetime;
83 ASN1_OCTET_STRING tlsext_tick;
84} SSL_SESSION_ASN1;
85
86int
87i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
88{
89#define LSIZE2 (sizeof(long)*2)
90 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
91 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
92 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
93 unsigned char ibuf6[LSIZE2];
94 SSL_SESSION_ASN1 a;
95 unsigned char *p;
96 int len = 0, ret;
97 long l;
98
99 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
100 return (0);
101
102 /*
103 * Note that I cheat in the following 2 assignments.
104 * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
105 * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
106 * This is a bit evil but makes things simple, no dynamic allocation
107 * to clean up :-)
108 */
109 a.version.length = LSIZE2;
110 a.version.type = V_ASN1_INTEGER;
111 a.version.data = ibuf1;
112 ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
113 len += i2d_ASN1_INTEGER(&(a.version), NULL);
114
115 a.ssl_version.length = LSIZE2;
116 a.ssl_version.type = V_ASN1_INTEGER;
117 a.ssl_version.data = ibuf2;
118 ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
119 len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
120
121 a.cipher.length = 2;
122 a.cipher.type = V_ASN1_OCTET_STRING;
123 l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
124 buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
125 buf[1] = ((unsigned char)(l)) & 0xff;
126 a.cipher.data = buf;
127 len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
128
129 a.master_key.length = in->master_key_length;
130 a.master_key.type = V_ASN1_OCTET_STRING;
131 a.master_key.data = in->master_key;
132 len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
133
134 a.session_id.length = in->session_id_length;
135 a.session_id.type = V_ASN1_OCTET_STRING;
136 a.session_id.data = in->session_id;
137 len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
138
139 if (in->time != 0L) {
140 a.time.length = LSIZE2;
141 a.time.type = V_ASN1_INTEGER;
142 a.time.data = ibuf3;
143 ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
144 v1 = i2d_ASN1_INTEGER(&(a.time), NULL);
145 len += ASN1_object_size(1, v1, 1);
146 }
147
148 if (in->timeout != 0L) {
149 a.timeout.length = LSIZE2;
150 a.timeout.type = V_ASN1_INTEGER;
151 a.timeout.data = ibuf4;
152 ASN1_INTEGER_set(&(a.timeout), in->timeout);
153 v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL);
154 len += ASN1_object_size(1, v2, 2);
155 }
156
157 if (in->peer != NULL) {
158 v3 = i2d_X509(in->peer, NULL);
159 len += ASN1_object_size(1, v3, 3);
160 }
161
162 a.session_id_context.length = in->sid_ctx_length;
163 a.session_id_context.type = V_ASN1_OCTET_STRING;
164 a.session_id_context.data = in->sid_ctx;
165 v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL);
166 len += ASN1_object_size(1, v4, 4);
167
168 if (in->verify_result != X509_V_OK) {
169 a.verify_result.length = LSIZE2;
170 a.verify_result.type = V_ASN1_INTEGER;
171 a.verify_result.data = ibuf5;
172 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
173 v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL);
174 len += ASN1_object_size(1, v5, 5);
175 }
176
177 if (in->tlsext_hostname) {
178 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
179 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
180 a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
181 v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL);
182 len += ASN1_object_size(1, v6, 6);
183 }
184
185 /* 7 - PSK identity hint. */
186 /* 8 - PSK identity. */
187
188 if (in->tlsext_tick_lifetime_hint > 0) {
189 a.tlsext_tick_lifetime.length = LSIZE2;
190 a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
191 a.tlsext_tick_lifetime.data = ibuf6;
192 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
193 in->tlsext_tick_lifetime_hint);
194 v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL);
195 len += ASN1_object_size(1, v9, 9);
196 }
197
198 if (in->tlsext_tick) {
199 a.tlsext_tick.length = in->tlsext_ticklen;
200 a.tlsext_tick.type = V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
202 v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL);
203 len += ASN1_object_size(1, v10, 10);
204 }
205
206 /* 11 - Compression method. */
207 /* 12 - SRP username. */
208
209 /* If given a NULL pointer, return the length only. */
210 ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
211 if (pp == NULL)
212 return (ret);
213
214 /* Burp out the ASN1. */
215 p = *pp;
216 ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
217 i2d_ASN1_INTEGER(&(a.version), &p);
218 i2d_ASN1_INTEGER(&(a.ssl_version), &p);
219 i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
220 i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
221 i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
222 if (in->time != 0L) {
223 ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
224 i2d_ASN1_INTEGER(&(a.time), &p);
225 }
226 if (in->timeout != 0L) {
227 ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
228 i2d_ASN1_INTEGER(&(a.timeout), &p);
229 }
230 if (in->peer != NULL) {
231 ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
232 i2d_X509(in->peer, &p);
233 }
234 ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
235 i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
236 if (in->verify_result != X509_V_OK) {
237 ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
238 i2d_ASN1_INTEGER(&(a.verify_result), &p);
239 }
240 if (in->tlsext_hostname) {
241 ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
242 i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
243 }
244 /* 7 - PSK identity hint. */
245 /* 8 - PSK identity. */
246 if (in->tlsext_tick_lifetime_hint > 0) {
247 ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
248 i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
249 }
250 if (in->tlsext_tick) {
251 ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
252 i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
253 }
254 /* 11 - Compression method. */
255 /* 12 - SRP username. */
256
257 *pp = p;
258 return (ret);
259}
260
261SSL_SESSION *
262d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
263{
264 SSL_SESSION *ret = NULL;
265 ASN1_const_CTX c;
266 ASN1_INTEGER ai, *aip;
267 ASN1_OCTET_STRING os, *osp;
268 int ssl_version = 0, i;
269 int Tinf, Ttag, Tclass;
270 long Tlen;
271 long id;
272
273 c.pp = pp;
274 c.p = *pp;
275 c.q = *pp;
276 c.max = (length == 0) ? 0 : (c.p + length);
277 c.slen = length;
278
279 if (a == NULL || *a == NULL) {
280 if ((ret = SSL_SESSION_new()) == NULL) {
281 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
282 goto err;
283 }
284 } else
285 ret = *a;
286
287 aip = &ai;
288 osp = &os;
289
290 if (!asn1_GetSequence(&c, &length)) {
291 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
292 goto err;
293 }
294
295 ai.data = NULL;
296 ai.length = 0;
297 c.q = c.p;
298 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
299 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
300 goto err;
301 }
302 c.slen -= (c.p - c.q);
303
304 if (ai.data != NULL) {
305 free(ai.data);
306 ai.data = NULL;
307 ai.length = 0;
308 }
309
310 /* we don't care about the version right now :-) */
311 c.q = c.p;
312 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
313 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
314 goto err;
315 }
316 c.slen -= (c.p - c.q);
317 ssl_version = (int)ASN1_INTEGER_get(aip);
318 ret->ssl_version = ssl_version;
319 if (ai.data != NULL) {
320 free(ai.data);
321 ai.data = NULL;
322 ai.length = 0;
323 }
324
325 os.data = NULL;
326 os.length = 0;
327 c.q = c.p;
328 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
329 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
330 goto err;
331 }
332 c.slen -= (c.p - c.q);
333 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
334 if (os.length != 2) {
335 SSLerr(SSL_F_D2I_SSL_SESSION,
336 SSL_R_CIPHER_CODE_WRONG_LENGTH);
337 goto err;
338 }
339 id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
340 (unsigned long)os.data[1];
341 } else {
342 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
343 goto err;
344 }
345
346 ret->cipher = NULL;
347 ret->cipher_id = id;
348
349 c.q = c.p;
350 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
351 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
352 goto err;
353 }
354 c.slen -= (c.p - c.q);
355
356 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
357 if (os.length > i)
358 os.length = i;
359 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
360 os.length = sizeof(ret->session_id);
361
362 ret->session_id_length = os.length;
363 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
364 memcpy(ret->session_id, os.data, os.length);
365
366 c.q = c.p;
367 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
368 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
369 goto err;
370 }
371 c.slen -= (c.p - c.q);
372 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
373 ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
374 else
375 ret->master_key_length = os.length;
376 memcpy(ret->master_key, os.data, ret->master_key_length);
377
378 os.length = 0;
379
380 /* 1 - Time (INTEGER). */
381 /* XXX 2038 */
382 ai.length = 0;
383 if (c.slen != 0L &&
384 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) {
385 c.q = c.p;
386 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
387 if (Tinf & 0x80) {
388 SSLerr(SSL_F_D2I_SSL_SESSION,
389 ERR_R_BAD_ASN1_OBJECT_HEADER);
390 goto err;
391 }
392 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
393 Tlen = c.slen - (c.p - c.q) - 2;
394 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
395 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
396 goto err;
397 }
398 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
399 Tlen = c.slen - (c.p - c.q);
400 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
401 SSLerr(SSL_F_D2I_SSL_SESSION,
402 ERR_R_MISSING_ASN1_EOS);
403 goto err;
404 }
405 }
406 c.slen -= (c.p - c.q);
407 }
408 if (ai.data != NULL) {
409 ret->time = ASN1_INTEGER_get(aip);
410 free(ai.data);
411 ai.data = NULL;
412 ai.length = 0;
413 } else
414 ret->time = time(NULL);
415
416 /* 2 - Timeout (INTEGER). */
417 ai.length = 0;
418 if (c.slen != 0L &&
419 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) {
420 c.q = c.p;
421 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
422 if (Tinf & 0x80) {
423 SSLerr(SSL_F_D2I_SSL_SESSION,
424 ERR_R_BAD_ASN1_OBJECT_HEADER);
425 goto err;
426 }
427 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
428 Tlen = c.slen - (c.p - c.q) - 2;
429 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
430 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
431 goto err;
432 }
433 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
434 Tlen = c.slen - (c.p - c.q);
435 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
436 SSLerr(SSL_F_D2I_SSL_SESSION,
437 ERR_R_MISSING_ASN1_EOS);
438 goto err;
439 }
440 }
441 c.slen -= (c.p - c.q);
442 }
443 if (ai.data != NULL) {
444 ret->timeout = ASN1_INTEGER_get(aip);
445 free(ai.data);
446 ai.data = NULL;
447 ai.length = 0;
448 } else
449 ret->timeout = 3;
450
451 /* 3 - Peer (X509). */
452 if (ret->peer != NULL) {
453 X509_free(ret->peer);
454 ret->peer = NULL;
455 }
456 if (c.slen != 0L &&
457 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
458 c.q = c.p;
459 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
460 if (Tinf & 0x80) {
461 SSLerr(SSL_F_D2I_SSL_SESSION,
462 ERR_R_BAD_ASN1_OBJECT_HEADER);
463 goto err;
464 }
465 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
466 Tlen = c.slen - (c.p - c.q) - 2;
467 if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) {
468 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
469 goto err;
470 }
471 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
472 Tlen = c.slen - (c.p - c.q);
473 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
474 SSLerr(SSL_F_D2I_SSL_SESSION,
475 ERR_R_MISSING_ASN1_EOS);
476 goto err;
477 }
478 }
479 c.slen -= (c.p - c.q);
480 }
481
482 /* 4 - Session ID (OCTET STRING). */
483 os.length = 0;
484 free(os.data);
485 os.data = NULL;
486 if (c.slen != 0L &&
487 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) {
488 c.q = c.p;
489 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
490 if (Tinf & 0x80) {
491 SSLerr(SSL_F_D2I_SSL_SESSION,
492 ERR_R_BAD_ASN1_OBJECT_HEADER);
493 goto err;
494 }
495 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
496 Tlen = c.slen - (c.p - c.q) - 2;
497 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
498 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
499 goto err;
500 }
501 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
502 Tlen = c.slen - (c.p - c.q);
503 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
504 SSLerr(SSL_F_D2I_SSL_SESSION,
505 ERR_R_MISSING_ASN1_EOS);
506 goto err;
507 }
508 }
509 c.slen -= (c.p - c.q);
510 }
511 if (os.data != NULL) {
512 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
513 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
514 goto err;
515 } else {
516 ret->sid_ctx_length = os.length;
517 memcpy(ret->sid_ctx, os.data, os.length);
518 }
519 free(os.data);
520 os.data = NULL;
521 os.length = 0;
522 } else
523 ret->sid_ctx_length = 0;
524
525 /* 5 - Verify_result. */
526 ai.length = 0;
527 if (c.slen != 0L &&
528 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) {
529 c.q = c.p;
530 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
531 if (Tinf & 0x80) {
532 SSLerr(SSL_F_D2I_SSL_SESSION,
533 ERR_R_BAD_ASN1_OBJECT_HEADER);
534 goto err;
535 }
536 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
537 Tlen = c.slen - (c.p - c.q) - 2;
538 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
539 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
540 goto err;
541 }
542 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
543 Tlen = c.slen - (c.p - c.q);
544 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
545 SSLerr(SSL_F_D2I_SSL_SESSION,
546 ERR_R_MISSING_ASN1_EOS);
547 goto err;
548 }
549 }
550 c.slen -= (c.p - c.q);
551 }
552 if (ai.data != NULL) {
553 ret->verify_result = ASN1_INTEGER_get(aip);
554 free(ai.data);
555 ai.data = NULL;
556 ai.length = 0;
557 } else
558 ret->verify_result = X509_V_OK;
559
560 /* 6 - HostName (OCTET STRING). */
561 os.length = 0;
562 os.data = NULL;
563 if (c.slen != 0L &&
564 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) {
565 c.q = c.p;
566 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
567 if (Tinf & 0x80) {
568 SSLerr(SSL_F_D2I_SSL_SESSION,
569 ERR_R_BAD_ASN1_OBJECT_HEADER);
570 goto err;
571 }
572 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
573 Tlen = c.slen - (c.p - c.q) - 2;
574 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
575 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
576 goto err;
577 }
578 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
579 Tlen = c.slen - (c.p - c.q);
580 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
581 SSLerr(SSL_F_D2I_SSL_SESSION,
582 ERR_R_MISSING_ASN1_EOS);
583 goto err;
584 }
585 }
586 c.slen -= (c.p - c.q);
587 }
588 if (os.data) {
589 ret->tlsext_hostname = strndup((char *)os.data, os.length);
590 free(os.data);
591 os.data = NULL;
592 os.length = 0;
593 } else
594 ret->tlsext_hostname = NULL;
595
596 /* 7 - PSK identity hint (OCTET STRING). */
597 /* 8 - PSK identity (OCTET STRING). */
598
599 /* 9 - Ticket lifetime. */
600 ai.length = 0;
601 if (c.slen != 0L &&
602 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) {
603 c.q = c.p;
604 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
605 if (Tinf & 0x80) {
606 SSLerr(SSL_F_D2I_SSL_SESSION,
607 ERR_R_BAD_ASN1_OBJECT_HEADER);
608 goto err;
609 }
610 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
611 Tlen = c.slen - (c.p - c.q) - 2;
612 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
613 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
614 goto err;
615 }
616 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
617 Tlen = c.slen - (c.p - c.q);
618 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
619 SSLerr(SSL_F_D2I_SSL_SESSION,
620 ERR_R_MISSING_ASN1_EOS);
621 goto err;
622 }
623 }
624 c.slen -= (c.p - c.q);
625 }
626 if (ai.data != NULL) {
627 ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
628 free(ai.data);
629 ai.data = NULL;
630 ai.length = 0;
631 } else if (ret->tlsext_ticklen && ret->session_id_length)
632 ret->tlsext_tick_lifetime_hint = -1;
633 else
634 ret->tlsext_tick_lifetime_hint = 0;
635 os.length = 0;
636 os.data = NULL;
637
638 /* 10 - Ticket (OCTET STRING). */
639 if (c.slen != 0L &&
640 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) {
641 c.q = c.p;
642 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
643 if (Tinf & 0x80) {
644 SSLerr(SSL_F_D2I_SSL_SESSION,
645 ERR_R_BAD_ASN1_OBJECT_HEADER);
646 goto err;
647 }
648 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
649 Tlen = c.slen - (c.p - c.q) - 2;
650 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
651 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
652 goto err;
653 }
654 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
655 Tlen = c.slen - (c.p - c.q);
656 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
657 SSLerr(SSL_F_D2I_SSL_SESSION,
658 ERR_R_MISSING_ASN1_EOS);
659 goto err;
660 }
661 }
662 c.slen -= (c.p - c.q);
663 }
664 if (os.data) {
665 ret->tlsext_tick = os.data;
666 ret->tlsext_ticklen = os.length;
667 os.data = NULL;
668 os.length = 0;
669 } else
670 ret->tlsext_tick = NULL;
671
672 /* 11 - Compression method (OCTET STRING). */
673 /* 12 - SRP username (OCTET STRING). */
674
675 if (!asn1_const_Finish(&c)) {
676 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
677 goto err;
678 }
679
680 *pp = c.p;
681 if (a != NULL)
682 *a = ret;
683
684 return (ret);
685
686err:
687 ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp));
688 if (ret != NULL && (a == NULL || *a != ret))
689 SSL_SESSION_free(ret);
690
691 return (NULL);
692}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 01:58:14 +0000