2 files changed, 92 insertions, 72 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index a721612bbc..0c9b4aa6fb 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.29 2014/07/11 12:07:30 miod Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -84,7 +84,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -109,23 +111,24 @@ int
 i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 {
 #define LSIZE2 (sizeof(long)*2)
-        int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
+        int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
        unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
        unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
-        int v6 = 0, v9 = 0, v10 = 0;
        unsigned char ibuf6[LSIZE2];
-        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
+        long l;
        if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
                return (0);
-        /* Note that I cheat in the following 2 assignments.  I know
+        /*
-         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
+         * Note that I cheat in the following 2 assignments.
+         * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
         * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
         * This is a bit evil but makes things simple, no dynamic allocation
-         * to clean up :-) */
+         * to clean up :-)
+         */
        a.version.length = LSIZE2;
        a.version.type = V_ASN1_INTEGER;
        a.version.data = ibuf1;
@@ -147,7 +150,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        buf[0] = ((unsigned char)(l >> 8L))&0xff;
        buf[1] = ((unsigned char)(l    ))&0xff;
        a.master_key.length = in->master_key_length;
        a.master_key.type = V_ASN1_OCTET_STRING;
        a.master_key.data = in->master_key;
@@ -160,7 +162,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        a.session_id_context.type = V_ASN1_OCTET_STRING;
        a.session_id_context.data = in->sid_ctx;
        if (in->time != 0L) {
                a.time.length = LSIZE2;
                a.time.type = V_ASN1_INTEGER;
@@ -196,54 +197,65 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                a.tlsext_tick_lifetime.length = LSIZE2;
                a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
                a.tlsext_tick_lifetime.data = ibuf6;
-                ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);
+                ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
+                    in->tlsext_tick_lifetime_hint);
        }
-        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
                M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
        if (in->timeout != 0L)
                M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
        if (in->peer != NULL)
                M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
-        M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4);
+        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
+            i2d_ASN1_OCTET_STRING, 4, v4);
        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
+                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
+                    i2d_ASN1_INTEGER, 5, v5);
        if (in->tlsext_tick_lifetime_hint > 0)
-                M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
+                M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
+                    i2d_ASN1_INTEGER, 9, v9);
        if (in->tlsext_tick)
-                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
+                    i2d_ASN1_OCTET_STRING, 10, v10);
        if (in->tlsext_hostname)
-                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
+                    i2d_ASN1_OCTET_STRING, 6, v6);
        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
                M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
        if (in->timeout != 0L)
                M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
        if (in->peer != NULL)
                M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
-        M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
+        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
-        v4);
+            i2d_ASN1_OCTET_STRING, 4, v4);
        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
+                M_ASN1_I2D_put_EXP_opt(&a.verify_result,
+                    i2d_ASN1_INTEGER, 5, v5);
        if (in->tlsext_hostname)
-                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
+                    i2d_ASN1_OCTET_STRING, 6, v6);
        if (in->tlsext_tick_lifetime_hint > 0)
-                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
+                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
+                    i2d_ASN1_INTEGER, 9, v9);
        if (in->tlsext_tick)
-                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
+                    i2d_ASN1_OCTET_STRING, 10, v10);
        M_ASN1_I2D_finish();
 }
@@ -290,9 +302,8 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
                        c.line = __LINE__;
                        goto err;
                }
-                id = 0x03000000L|
+                id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
-                ((unsigned long)os.data[0]<<8L)|
+                    (unsigned long)os.data[1];
-                (unsigned long)os.data[1];
        } else {
                c.error = SSL_R_UNKNOWN_SSL_VERSION;
                c.line = __LINE__;
@@ -413,6 +424,5 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
        } else
                ret->tlsext_tick = NULL;
        M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
 }
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index a721612bbc..0c9b4aa6fb 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.29 2014/07/11 12:07:30 miod Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -84,7 +84,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -109,23 +111,24 @@ int
 i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 {
 #define LSIZE2 (sizeof(long)*2)
-        int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
+        int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
        unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
        unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
-        int v6 = 0, v9 = 0, v10 = 0;
        unsigned char ibuf6[LSIZE2];
-        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
+        long l;
        if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
                return (0);
-        /* Note that I cheat in the following 2 assignments.  I know
+        /*
-         * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
+         * Note that I cheat in the following 2 assignments.
+         * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
         * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
         * This is a bit evil but makes things simple, no dynamic allocation
-         * to clean up :-) */
+         * to clean up :-)
+         */
        a.version.length = LSIZE2;
        a.version.type = V_ASN1_INTEGER;
        a.version.data = ibuf1;
@@ -147,7 +150,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        buf[0] = ((unsigned char)(l >> 8L))&0xff;
        buf[1] = ((unsigned char)(l    ))&0xff;
        a.master_key.length = in->master_key_length;
        a.master_key.type = V_ASN1_OCTET_STRING;
        a.master_key.data = in->master_key;
@@ -160,7 +162,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        a.session_id_context.type = V_ASN1_OCTET_STRING;
        a.session_id_context.data = in->sid_ctx;
        if (in->time != 0L) {
                a.time.length = LSIZE2;
                a.time.type = V_ASN1_INTEGER;
@@ -196,54 +197,65 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                a.tlsext_tick_lifetime.length = LSIZE2;
                a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
                a.tlsext_tick_lifetime.data = ibuf6;
-                ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);
+                ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
+                    in->tlsext_tick_lifetime_hint);
        }
-        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_len(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
                M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
        if (in->timeout != 0L)
                M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
        if (in->peer != NULL)
                M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
-        M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4);
+        M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
+            i2d_ASN1_OCTET_STRING, 4, v4);
        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
+                M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
+                    i2d_ASN1_INTEGER, 5, v5);
        if (in->tlsext_tick_lifetime_hint > 0)
-                M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
+                M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
+                    i2d_ASN1_INTEGER, 9, v9);
        if (in->tlsext_tick)
-                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
+                    i2d_ASN1_OCTET_STRING, 10, v10);
        if (in->tlsext_hostname)
-                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
+                M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
+                    i2d_ASN1_OCTET_STRING, 6, v6);
        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(&(a.version),            i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.ssl_version),        i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(&(a.cipher),             i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.session_id),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_put(&(a.master_key),         i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
        if (in->time != 0L)
                M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
        if (in->timeout != 0L)
                M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
        if (in->peer != NULL)
                M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
-        M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
+        M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
-        v4);
+            i2d_ASN1_OCTET_STRING, 4, v4);
        if (in->verify_result != X509_V_OK)
-                M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
+                M_ASN1_I2D_put_EXP_opt(&a.verify_result,
+                    i2d_ASN1_INTEGER, 5, v5);
        if (in->tlsext_hostname)
-                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
+                    i2d_ASN1_OCTET_STRING, 6, v6);
        if (in->tlsext_tick_lifetime_hint > 0)
-                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);
+                M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
+                    i2d_ASN1_INTEGER, 9, v9);
        if (in->tlsext_tick)
-                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);
+                M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
+                    i2d_ASN1_OCTET_STRING, 10, v10);
        M_ASN1_I2D_finish();
 }
@@ -290,9 +302,8 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
                        c.line = __LINE__;
                        goto err;
                }
-                id = 0x03000000L|
+                id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
-                ((unsigned long)os.data[0]<<8L)|
+                    (unsigned long)os.data[1];
-                (unsigned long)os.data[1];
        } else {
                c.error = SSL_R_UNKNOWN_SSL_VERSION;
                c.line = __LINE__;
@@ -413,6 +424,5 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
        } else
                ret->tlsext_tick = NULL;
        M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
 }

diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index a721612bbc..0c9b4aa6fb 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_asn1.c,v 1.29 2014/07/11 12:07:30 miod Exp $ */	1	/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -84,7 +84,9 @@
84		84
85	#include <stdio.h>	85	#include <stdio.h>
86	#include <stdlib.h>	86	#include <stdlib.h>
		87
87	#include "ssl_locl.h"	88	#include "ssl_locl.h"
		89
88	#include <openssl/asn1_mac.h>	90	#include <openssl/asn1_mac.h>
89	#include <openssl/objects.h>	91	#include <openssl/objects.h>
90	#include <openssl/x509.h>	92	#include <openssl/x509.h>
@@ -109,23 +111,24 @@ int
109	i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)	111	i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
110	{	112	{
111	#define LSIZE2 (sizeof(long)*2)	113	#define LSIZE2 (sizeof(long)*2)
112	int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;	114	int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
113	unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];	115	unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
114	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];	116	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
115	int v6 = 0, v9 = 0, v10 = 0;
116	unsigned char ibuf6[LSIZE2];	117	unsigned char ibuf6[LSIZE2];
117	long l;
118	SSL_SESSION_ASN1 a;	118	SSL_SESSION_ASN1 a;
119	M_ASN1_I2D_vars(in);	119	M_ASN1_I2D_vars(in);
		120	long l;
120		121
121	if ((in == NULL) \|\| ((in->cipher == NULL) && (in->cipher_id == 0)))	122	if ((in == NULL) \|\| ((in->cipher == NULL) && (in->cipher_id == 0)))
122	return (0);	123	return (0);
123		124
124	/* Note that I cheat in the following 2 assignments. I know	125	/*
125	* that if the ASN1_INTEGER passed to ASN1_INTEGER_set	126	* Note that I cheat in the following 2 assignments.
		127	* I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
126	* is > sizeof(long)+1, the buffer will not be re-malloc()ed.	128	* is > sizeof(long)+1, the buffer will not be re-malloc()ed.
127	* This is a bit evil but makes things simple, no dynamic allocation	129	* This is a bit evil but makes things simple, no dynamic allocation
128	* to clean up :-) */	130	* to clean up :-)
		131	*/
129	a.version.length = LSIZE2;	132	a.version.length = LSIZE2;
130	a.version.type = V_ASN1_INTEGER;	133	a.version.type = V_ASN1_INTEGER;
131	a.version.data = ibuf1;	134	a.version.data = ibuf1;
@@ -147,7 +150,6 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
147	buf[0] = ((unsigned char)(l >> 8L))&0xff;	150	buf[0] = ((unsigned char)(l >> 8L))&0xff;
148	buf[1] = ((unsigned char)(l ))&0xff;	151	buf[1] = ((unsigned char)(l ))&0xff;
149		152
150
151	a.master_key.length = in->master_key_length;	153	a.master_key.length = in->master_key_length;
152	a.master_key.type = V_ASN1_OCTET_STRING;	154	a.master_key.type = V_ASN1_OCTET_STRING;
153	a.master_key.data = in->master_key;	155	a.master_key.data = in->master_key;
@@ -160,7 +162,6 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
160	a.session_id_context.type = V_ASN1_OCTET_STRING;	162	a.session_id_context.type = V_ASN1_OCTET_STRING;
161	a.session_id_context.data = in->sid_ctx;	163	a.session_id_context.data = in->sid_ctx;
162		164
163
164	if (in->time != 0L) {	165	if (in->time != 0L) {
165	a.time.length = LSIZE2;	166	a.time.length = LSIZE2;
166	a.time.type = V_ASN1_INTEGER;	167	a.time.type = V_ASN1_INTEGER;
@@ -196,54 +197,65 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
196	a.tlsext_tick_lifetime.length = LSIZE2;	197	a.tlsext_tick_lifetime.length = LSIZE2;
197	a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;	198	a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
198	a.tlsext_tick_lifetime.data = ibuf6;	199	a.tlsext_tick_lifetime.data = ibuf6;
199	ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);	200	ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
		201	in->tlsext_tick_lifetime_hint);
200	}	202	}
201		203
202	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);	204	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
203	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);	205	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
204	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);	206	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
205	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);	207	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
206	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);	208	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
		209
207	if (in->time != 0L)	210	if (in->time != 0L)
208	M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);	211	M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
209	if (in->timeout != 0L)	212	if (in->timeout != 0L)
210	M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);	213	M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
211	if (in->peer != NULL)	214	if (in->peer != NULL)
212	M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);	215	M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
213	M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4);	216	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
		217	i2d_ASN1_OCTET_STRING, 4, v4);
214	if (in->verify_result != X509_V_OK)	218	if (in->verify_result != X509_V_OK)
215	M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);	219	M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
216		220	i2d_ASN1_INTEGER, 5, v5);
217	if (in->tlsext_tick_lifetime_hint > 0)	221	if (in->tlsext_tick_lifetime_hint > 0)
218	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);	222	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
		223	i2d_ASN1_INTEGER, 9, v9);
219	if (in->tlsext_tick)	224	if (in->tlsext_tick)
220	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);	225	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
		226	i2d_ASN1_OCTET_STRING, 10, v10);
221	if (in->tlsext_hostname)	227	if (in->tlsext_hostname)
222	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);	228	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
		229	i2d_ASN1_OCTET_STRING, 6, v6);
223		230
224	M_ASN1_I2D_seq_total();	231	M_ASN1_I2D_seq_total();
225		232
226	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);	233	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
227	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);	234	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
228	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);	235	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
229	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);	236	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
230	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);	237	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
231	if (in->time != 0L)	238	if (in->time != 0L)
232	M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);	239	M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
233	if (in->timeout != 0L)	240	if (in->timeout != 0L)
234	M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);	241	M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
235	if (in->peer != NULL)	242	if (in->peer != NULL)
236	M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);	243	M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
237	M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,	244	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
238	v4);	245	i2d_ASN1_OCTET_STRING, 4, v4);
239	if (in->verify_result != X509_V_OK)	246	if (in->verify_result != X509_V_OK)
240	M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);	247	M_ASN1_I2D_put_EXP_opt(&a.verify_result,
		248	i2d_ASN1_INTEGER, 5, v5);
241	if (in->tlsext_hostname)	249	if (in->tlsext_hostname)
242	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);	250	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
		251	i2d_ASN1_OCTET_STRING, 6, v6);
243	if (in->tlsext_tick_lifetime_hint > 0)	252	if (in->tlsext_tick_lifetime_hint > 0)
244	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);	253	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
		254	i2d_ASN1_INTEGER, 9, v9);
245	if (in->tlsext_tick)	255	if (in->tlsext_tick)
246	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);	256	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
		257	i2d_ASN1_OCTET_STRING, 10, v10);
		258
247	M_ASN1_I2D_finish();	259	M_ASN1_I2D_finish();
248	}	260	}
249		261
@@ -290,9 +302,8 @@ d2i_SSL_SESSION(SSL_SESSION a, const unsigned char pp, long length)
290	c.line = __LINE__;	302	c.line = __LINE__;
291	goto err;	303	goto err;
292	}	304	}
293	id = 0x03000000L\|	305	id = 0x03000000L \| ((unsigned long)os.data[0]<<8L) \|
294	((unsigned long)os.data[0]<<8L)\|	306	(unsigned long)os.data[1];
295	(unsigned long)os.data[1];
296	} else {	307	} else {
297	c.error = SSL_R_UNKNOWN_SSL_VERSION;	308	c.error = SSL_R_UNKNOWN_SSL_VERSION;
298	c.line = __LINE__;	309	c.line = __LINE__;
@@ -413,6 +424,5 @@ d2i_SSL_SESSION(SSL_SESSION a, const unsigned char pp, long length)
413	} else	424	} else
414	ret->tlsext_tick = NULL;	425	ret->tlsext_tick = NULL;
415		426
416
417	M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);	427	M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
418	}	428	}


diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index a721612bbc..0c9b4aa6fb 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_asn1.c,v 1.29 2014/07/11 12:07:30 miod Exp $ */	1	/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -84,7 +84,9 @@
84		84
85	#include <stdio.h>	85	#include <stdio.h>
86	#include <stdlib.h>	86	#include <stdlib.h>
		87
87	#include "ssl_locl.h"	88	#include "ssl_locl.h"
		89
88	#include <openssl/asn1_mac.h>	90	#include <openssl/asn1_mac.h>
89	#include <openssl/objects.h>	91	#include <openssl/objects.h>
90	#include <openssl/x509.h>	92	#include <openssl/x509.h>
@@ -109,23 +111,24 @@ int
109	i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)	111	i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
110	{	112	{
111	#define LSIZE2 (sizeof(long)*2)	113	#define LSIZE2 (sizeof(long)*2)
112	int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;	114	int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
113	unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];	115	unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
114	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];	116	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
115	int v6 = 0, v9 = 0, v10 = 0;
116	unsigned char ibuf6[LSIZE2];	117	unsigned char ibuf6[LSIZE2];
117	long l;
118	SSL_SESSION_ASN1 a;	118	SSL_SESSION_ASN1 a;
119	M_ASN1_I2D_vars(in);	119	M_ASN1_I2D_vars(in);
		120	long l;
120		121
121	if ((in == NULL) \|\| ((in->cipher == NULL) && (in->cipher_id == 0)))	122	if ((in == NULL) \|\| ((in->cipher == NULL) && (in->cipher_id == 0)))
122	return (0);	123	return (0);
123		124
124	/* Note that I cheat in the following 2 assignments. I know	125	/*
125	* that if the ASN1_INTEGER passed to ASN1_INTEGER_set	126	* Note that I cheat in the following 2 assignments.
		127	* I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
126	* is > sizeof(long)+1, the buffer will not be re-malloc()ed.	128	* is > sizeof(long)+1, the buffer will not be re-malloc()ed.
127	* This is a bit evil but makes things simple, no dynamic allocation	129	* This is a bit evil but makes things simple, no dynamic allocation
128	* to clean up :-) */	130	* to clean up :-)
		131	*/
129	a.version.length = LSIZE2;	132	a.version.length = LSIZE2;
130	a.version.type = V_ASN1_INTEGER;	133	a.version.type = V_ASN1_INTEGER;
131	a.version.data = ibuf1;	134	a.version.data = ibuf1;
@@ -147,7 +150,6 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
147	buf[0] = ((unsigned char)(l >> 8L))&0xff;	150	buf[0] = ((unsigned char)(l >> 8L))&0xff;
148	buf[1] = ((unsigned char)(l ))&0xff;	151	buf[1] = ((unsigned char)(l ))&0xff;
149		152
150
151	a.master_key.length = in->master_key_length;	153	a.master_key.length = in->master_key_length;
152	a.master_key.type = V_ASN1_OCTET_STRING;	154	a.master_key.type = V_ASN1_OCTET_STRING;
153	a.master_key.data = in->master_key;	155	a.master_key.data = in->master_key;
@@ -160,7 +162,6 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
160	a.session_id_context.type = V_ASN1_OCTET_STRING;	162	a.session_id_context.type = V_ASN1_OCTET_STRING;
161	a.session_id_context.data = in->sid_ctx;	163	a.session_id_context.data = in->sid_ctx;
162		164
163
164	if (in->time != 0L) {	165	if (in->time != 0L) {
165	a.time.length = LSIZE2;	166	a.time.length = LSIZE2;
166	a.time.type = V_ASN1_INTEGER;	167	a.time.type = V_ASN1_INTEGER;
@@ -196,54 +197,65 @@ i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
196	a.tlsext_tick_lifetime.length = LSIZE2;	197	a.tlsext_tick_lifetime.length = LSIZE2;
197	a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;	198	a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
198	a.tlsext_tick_lifetime.data = ibuf6;	199	a.tlsext_tick_lifetime.data = ibuf6;
199	ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint);	200	ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
		201	in->tlsext_tick_lifetime_hint);
200	}	202	}
201		203
202	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);	204	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
203	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);	205	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
204	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);	206	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
205	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);	207	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
206	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);	208	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
		209
207	if (in->time != 0L)	210	if (in->time != 0L)
208	M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);	211	M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
209	if (in->timeout != 0L)	212	if (in->timeout != 0L)
210	M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);	213	M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
211	if (in->peer != NULL)	214	if (in->peer != NULL)
212	M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);	215	M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
213	M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4);	216	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
		217	i2d_ASN1_OCTET_STRING, 4, v4);
214	if (in->verify_result != X509_V_OK)	218	if (in->verify_result != X509_V_OK)
215	M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);	219	M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
216		220	i2d_ASN1_INTEGER, 5, v5);
217	if (in->tlsext_tick_lifetime_hint > 0)	221	if (in->tlsext_tick_lifetime_hint > 0)
218	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);	222	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
		223	i2d_ASN1_INTEGER, 9, v9);
219	if (in->tlsext_tick)	224	if (in->tlsext_tick)
220	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);	225	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
		226	i2d_ASN1_OCTET_STRING, 10, v10);
221	if (in->tlsext_hostname)	227	if (in->tlsext_hostname)
222	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);	228	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
		229	i2d_ASN1_OCTET_STRING, 6, v6);
223		230
224	M_ASN1_I2D_seq_total();	231	M_ASN1_I2D_seq_total();
225		232
226	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);	233	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
227	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);	234	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
228	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);	235	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
229	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);	236	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
230	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);	237	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
231	if (in->time != 0L)	238	if (in->time != 0L)
232	M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);	239	M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
233	if (in->timeout != 0L)	240	if (in->timeout != 0L)
234	M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);	241	M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
235	if (in->peer != NULL)	242	if (in->peer != NULL)
236	M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);	243	M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
237	M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,	244	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
238	v4);	245	i2d_ASN1_OCTET_STRING, 4, v4);
239	if (in->verify_result != X509_V_OK)	246	if (in->verify_result != X509_V_OK)
240	M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);	247	M_ASN1_I2D_put_EXP_opt(&a.verify_result,
		248	i2d_ASN1_INTEGER, 5, v5);
241	if (in->tlsext_hostname)	249	if (in->tlsext_hostname)
242	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6);	250	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
		251	i2d_ASN1_OCTET_STRING, 6, v6);
243	if (in->tlsext_tick_lifetime_hint > 0)	252	if (in->tlsext_tick_lifetime_hint > 0)
244	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9);	253	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
		254	i2d_ASN1_INTEGER, 9, v9);
245	if (in->tlsext_tick)	255	if (in->tlsext_tick)
246	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10);	256	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
		257	i2d_ASN1_OCTET_STRING, 10, v10);
		258
247	M_ASN1_I2D_finish();	259	M_ASN1_I2D_finish();
248	}	260	}
249		261
@@ -290,9 +302,8 @@ d2i_SSL_SESSION(SSL_SESSION a, const unsigned char pp, long length)
290	c.line = __LINE__;	302	c.line = __LINE__;
291	goto err;	303	goto err;
292	}	304	}
293	id = 0x03000000L\|	305	id = 0x03000000L \| ((unsigned long)os.data[0]<<8L) \|
294	((unsigned long)os.data[0]<<8L)\|	306	(unsigned long)os.data[1];
295	(unsigned long)os.data[1];
296	} else {	307	} else {
297	c.error = SSL_R_UNKNOWN_SSL_VERSION;	308	c.error = SSL_R_UNKNOWN_SSL_VERSION;
298	c.line = __LINE__;	309	c.line = __LINE__;
@@ -413,6 +424,5 @@ d2i_SSL_SESSION(SSL_SESSION a, const unsigned char pp, long length)
413	} else	424	} else
414	ret->tlsext_tick = NULL;	425	ret->tlsext_tick = NULL;
415		426
416
417	M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);	427	M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
418	}	428	}