X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_asn1.c;h=7d39ba15c0eb2bbda7629d5aa9a91b26daa49427;hp=b4eb98eea6611bd5035d9069f5cdf047e95fb08c;hb=df0fed9aab239e2e9a269d06637a6442051dee3b;hpb=64f11ee88883af8995d2991307ff3fb560a96fa6 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b4eb98eea6..7d39ba15c0 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,6 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ - #include #include #include "ssl_locl.h" @@ -67,35 +41,41 @@ typedef struct { uint64_t flags; uint32_t max_early_data; ASN1_OCTET_STRING *alpn_selected; + ASN1_OCTET_STRING *tick_nonce; + uint32_t tlsext_max_fragment_len_mode; + ASN1_OCTET_STRING *ticket_appdata; } SSL_SESSION_ASN1; ASN1_SEQUENCE(SSL_SESSION_ASN1) = { - ASN1_SIMPLE(SSL_SESSION_ASN1, version, UINT32), - ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, INT32), + ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32), + ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32), ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), - ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZINT64, 1), - ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZINT64, 2), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2), ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), - ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZINT32, 5), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5), ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), #ifndef OPENSSL_NO_PSK ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), #endif - ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), #ifndef OPENSSL_NO_SRP ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), #endif - ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZUINT64, 13), - ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), - ASN1_EXP_OPT(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), - ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16) + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), + ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), + ASN1_EXP_OPT(SSL_SESSION_ASN1, tick_nonce, ASN1_OCTET_STRING, 17), + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 18), + ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 19) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -144,6 +124,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING psk_identity, psk_identity_hint; #endif ASN1_OCTET_STRING alpn_selected; + ASN1_OCTET_STRING tick_nonce; + ASN1_OCTET_STRING ticket_appdata; long l; @@ -213,6 +195,20 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.alpn_selected, &alpn_selected, in->ext.alpn_selected, in->ext.alpn_selected_len); + if (in->ext.tick_nonce == NULL) + as.tick_nonce = NULL; + else + ssl_session_oinit(&as.tick_nonce, &tick_nonce, + in->ext.tick_nonce, in->ext.tick_nonce_len); + + as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; + + if (in->ticket_appdata == NULL) + as.ticket_appdata = NULL; + else + ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, + in->ticket_appdata, in->ticket_appdata_len); + return i2d_SSL_SESSION_ASN1(&as, pp); } @@ -309,12 +305,12 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->master_key_length = tmpl; if (as->time != 0) - ret->time = as->time; + ret->time = (long)as->time; else - ret->time = (unsigned long)time(NULL); + ret->time = (long)time(NULL); if (as->timeout != 0) - ret->timeout = as->timeout; + ret->timeout = (long)as->timeout; else ret->timeout = 3; @@ -339,7 +335,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif - ret->ext.tick_lifetime_hint = as->tlsext_tick_lifetime_hint; + ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; ret->ext.tick_age_add = as->tlsext_tick_age_add; if (as->tlsext_tick) { ret->ext.tick = as->tlsext_tick->data; @@ -365,7 +361,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif /* OPENSSL_NO_SRP */ /* Flags defaults to zero which is fine */ - ret->flags = as->flags; + ret->flags = (int32_t)as->flags; ret->ext.max_early_data = as->max_early_data; if (as->alpn_selected != NULL) { @@ -378,6 +374,26 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.alpn_selected_len = 0; } + if (as->tick_nonce != NULL) { + ret->ext.tick_nonce = as->tick_nonce->data; + ret->ext.tick_nonce_len = as->tick_nonce->length; + as->tick_nonce->data = NULL; + } else { + ret->ext.tick_nonce = NULL; + ret->ext.tick_nonce_len = 0; + } + + ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; + + if (as->ticket_appdata != NULL) { + ret->ticket_appdata = as->ticket_appdata->data; + ret->ticket_appdata_len = as->ticket_appdata->length; + as->ticket_appdata->data = NULL; + } else { + ret->ticket_appdata = NULL; + ret->ticket_appdata_len = 0; + } + M_ASN1_free_of(as, SSL_SESSION_ASN1); if ((a != NULL) && (*a == NULL))