1 files changed, 40 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index fa6456e4f5..c5eeeb6bc5 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -72,6 +72,9 @@ typedef struct ssl_session_asn1_st
        ASN1_OCTET_STRING session_id;
        ASN1_OCTET_STRING session_id_context;
        ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+        ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
        ASN1_INTEGER time;
        ASN1_INTEGER timeout;
        ASN1_INTEGER verify_result;
@@ -142,6 +145,15 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        a.key_arg.type=V_ASN1_OCTET_STRING;
        a.key_arg.data=in->key_arg;
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                {
+                a.krb5_princ.length=in->krb5_client_princ_len;
+                a.krb5_princ.type=V_ASN1_OCTET_STRING;
+                a.krb5_princ.data=in->krb5_client_princ;
+                }
+#endif /* OPENSSL_NO_KRB5 */
+ 
        if (in->time != 0L)
                {
                a.time.length=LSIZE2;
@@ -166,11 +178,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                ASN1_INTEGER_set(&a.verify_result,in->verify_result);
                }
        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
        if (in->key_arg_length > 0)
                M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
@@ -190,6 +207,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+        if (in->krb5_client_princ_len)
+                M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
        if (in->key_arg_length > 0)
                M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
        if (in->time != 0L)
@@ -285,6 +306,25 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
        memcpy(ret->master_key,os.data,ret->master_key_length);
        os.length=0;
+#ifndef OPENSSL_NO_KRB5
+        os.length=0;
+        M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
+        if (os.data)
+                {
+                if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+                        ret->krb5_client_princ_len=0;
+                else
+                        ret->krb5_client_princ_len=os.length;
+                memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
+                OPENSSL_free(os.data);
+                os.data = NULL;
+                os.length = 0;
+                }
+        else
+                ret->krb5_client_princ_len=0;
+#endif /* OPENSSL_NO_KRB5 */
        M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
        if (os.length > SSL_MAX_KEY_ARG_LENGTH)
                ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;

diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index fa6456e4f5..c5eeeb6bc5 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c
@@ -72,6 +72,9 @@ typedef struct ssl_session_asn1_st
72	ASN1_OCTET_STRING session_id;	72	ASN1_OCTET_STRING session_id;
73	ASN1_OCTET_STRING session_id_context;	73	ASN1_OCTET_STRING session_id_context;
74	ASN1_OCTET_STRING key_arg;	74	ASN1_OCTET_STRING key_arg;
		75	#ifndef OPENSSL_NO_KRB5
		76	ASN1_OCTET_STRING krb5_princ;
		77	#endif /* OPENSSL_NO_KRB5 */
75	ASN1_INTEGER time;	78	ASN1_INTEGER time;
76	ASN1_INTEGER timeout;	79	ASN1_INTEGER timeout;
77	ASN1_INTEGER verify_result;	80	ASN1_INTEGER verify_result;
@@ -142,6 +145,15 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
142	a.key_arg.type=V_ASN1_OCTET_STRING;	145	a.key_arg.type=V_ASN1_OCTET_STRING;
143	a.key_arg.data=in->key_arg;	146	a.key_arg.data=in->key_arg;
144		147
		148	#ifndef OPENSSL_NO_KRB5
		149	if (in->krb5_client_princ_len)
		150	{
		151	a.krb5_princ.length=in->krb5_client_princ_len;
		152	a.krb5_princ.type=V_ASN1_OCTET_STRING;
		153	a.krb5_princ.data=in->krb5_client_princ;
		154	}
		155	#endif /* OPENSSL_NO_KRB5 */
		156
145	if (in->time != 0L)	157	if (in->time != 0L)
146	{	158	{
147	a.time.length=LSIZE2;	159	a.time.length=LSIZE2;
@@ -166,11 +178,16 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
166	ASN1_INTEGER_set(&a.verify_result,in->verify_result);	178	ASN1_INTEGER_set(&a.verify_result,in->verify_result);
167	}	179	}
168		180
		181
169	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);	182	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
170	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);	183	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
171	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);	184	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
172	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);	185	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
173	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);	186	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
		187	#ifndef OPENSSL_NO_KRB5
		188	if (in->krb5_client_princ_len)
		189	M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
		190	#endif /* OPENSSL_NO_KRB5 */
174	if (in->key_arg_length > 0)	191	if (in->key_arg_length > 0)
175	M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);	192	M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
176	if (in->time != 0L)	193	if (in->time != 0L)
@@ -190,6 +207,10 @@ int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
190	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);	207	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
191	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);	208	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
192	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);	209	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
		210	#ifndef OPENSSL_NO_KRB5
		211	if (in->krb5_client_princ_len)
		212	M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
		213	#endif /* OPENSSL_NO_KRB5 */
193	if (in->key_arg_length > 0)	214	if (in->key_arg_length > 0)
194	M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);	215	M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
195	if (in->time != 0L)	216	if (in->time != 0L)
@@ -285,6 +306,25 @@ SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, unsigned char *pp,
285	memcpy(ret->master_key,os.data,ret->master_key_length);	306	memcpy(ret->master_key,os.data,ret->master_key_length);
286		307
287	os.length=0;	308	os.length=0;
		309
		310	#ifndef OPENSSL_NO_KRB5
		311	os.length=0;
		312	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
		313	if (os.data)
		314	{
		315	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
		316	ret->krb5_client_princ_len=0;
		317	else
		318	ret->krb5_client_princ_len=os.length;
		319	memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
		320	OPENSSL_free(os.data);
		321	os.data = NULL;
		322	os.length = 0;
		323	}
		324	else
		325	ret->krb5_client_princ_len=0;
		326	#endif /* OPENSSL_NO_KRB5 */
		327
288	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);	328	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
289	if (os.length > SSL_MAX_KEY_ARG_LENGTH)	329	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
290	ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;	330	ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;