From 71d6ded93deb4d1edc464874b5359ece0ef857d2 Mon Sep 17 00:00:00 2001
From: guenther <>
Date: Sun, 20 Apr 2014 12:48:19 +0000
Subject: Chop off more SSLv2 tentacles and start fixing and noting y2038
 issues. APIs that pass times as longs will have to change at some point...
 Bump major on both libcrypto and libssl.

ok tedu@
---
 src/lib/libssl/ssl_asn1.c | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

(limited to 'src/lib/libssl/ssl_asn1.c')

diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index c551ec4877..1d2590268c 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -97,7 +97,6 @@ typedef struct ssl_session_asn1_st {
 	ASN1_OCTET_STRING master_key;
 	ASN1_OCTET_STRING session_id;
 	ASN1_OCTET_STRING session_id_context;
-	ASN1_OCTET_STRING key_arg;
 #ifndef OPENSSL_NO_KRB5
 	ASN1_OCTET_STRING krb5_princ;
 #endif /* OPENSSL_NO_KRB5 */
@@ -190,10 +189,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	a.session_id_context.type = V_ASN1_OCTET_STRING;
 	a.session_id_context.data = in->sid_ctx;
 
-	a.key_arg.length = in->key_arg_length;
-	a.key_arg.type = V_ASN1_OCTET_STRING;
-	a.key_arg.data = in->key_arg;
-
 #ifndef OPENSSL_NO_KRB5
 	if (in->krb5_client_princ_len) {
 		a.krb5_princ.length = in->krb5_client_princ_len;
@@ -206,7 +201,7 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		a.time.length = LSIZE2;
 		a.time.type = V_ASN1_INTEGER;
 		a.time.data = ibuf3;
-		ASN1_INTEGER_set(&(a.time), in->time);
+		ASN1_INTEGER_set(&(a.time), in->time);	/* XXX 2038 */
 	}
 
 	if (in->timeout != 0L) {
@@ -270,8 +265,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	if (in->krb5_client_princ_len)
 		M_ASN1_I2D_len(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
 #endif /* OPENSSL_NO_KRB5 */
-	if (in->key_arg_length > 0)
-		M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
 	if (in->time != 0L)
 		M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
 	if (in->timeout != 0L)
@@ -316,8 +309,6 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	if (in->krb5_client_princ_len)
 		M_ASN1_I2D_put(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
 #endif /* OPENSSL_NO_KRB5 */
-	if (in->key_arg_length > 0)
-		M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
 	if (in->time != 0L)
 		M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
 	if (in->timeout != 0L)
@@ -445,24 +436,15 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
 		ret->krb5_client_princ_len = 0;
 #endif /* OPENSSL_NO_KRB5 */
 
-	M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING);
-	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
-		ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
-	else
-		ret->key_arg_length = os.length;
-	memcpy(ret->key_arg, os.data, ret->key_arg_length);
-	if (os.data != NULL)
-		free(os.data);
-
 	ai.length = 0;
-	M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
+	M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);	/* XXX 2038 */
 	if (ai.data != NULL) {
 		ret->time = ASN1_INTEGER_get(aip);
 		free(ai.data);
 		ai.data = NULL;
 		ai.length = 0;
 	} else
-		ret->time = (unsigned long)time(NULL);
+		ret->time = time(NULL);
 
 	ai.length = 0;
 	M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
-- 
cgit v1.2.3-55-g6feb