X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=ssl%2Fssl_asn1.c;h=e77cdddfd3f86d5da4e8fa04185a2b7380548610;hb=93d8bfcdc4aa7f0811b8168456d7eafceaefe593;hp=873497a87748120a5c823aa3e26a12e7741da3f4;hpb=eda1f21f1af8b6f77327e7b37573af9c1ba73726;p=openssl.git diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 873497a877..e77cdddfd3 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -1,5 +1,5 @@ /* ssl/ssl_asn1.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -58,8 +58,9 @@ #include #include -#include "asn1_mac.h" -#include "objects.h" +#include +#include +#include #include "ssl_locl.h" typedef struct ssl_session_asn1_st @@ -69,24 +70,19 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING cipher; ASN1_OCTET_STRING master_key; ASN1_OCTET_STRING session_id; + ASN1_OCTET_STRING session_id_context; ASN1_OCTET_STRING key_arg; ASN1_INTEGER time; ASN1_INTEGER timeout; + ASN1_INTEGER verify_result; } SSL_SESSION_ASN1; -/* - * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH); - * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER); - */ - -int i2d_SSL_SESSION(in,pp) -SSL_SESSION *in; -unsigned char **pp; +int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { #define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0; + int v1=0,v2=0,v3=0,v4=0,v5=0; unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; - unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; + unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -95,7 +91,7 @@ unsigned char **pp; return(0); /* Note that I cheat in the following 2 assignments. I know - * that if the ASN1_INTERGER passed to ASN1_INTEGER_set + * that if the ASN1_INTEGER passed to ASN1_INTEGER_set * is > sizeof(long)+1, the buffer will not be re-Malloc()ed. * This is a bit evil but makes things simple, no dynamic allocation * to clean up :-) */ @@ -116,7 +112,7 @@ unsigned char **pp; l=in->cipher_id; else l=in->cipher->id; - if (in->ssl_version == 2) + if (in->ssl_version == SSL2_VERSION) { a.cipher.length=3; buf[0]=((unsigned char)(l>>16L))&0xff; @@ -138,6 +134,10 @@ unsigned char **pp; a.session_id.type=V_ASN1_OCTET_STRING; a.session_id.data=in->session_id; + a.session_id_context.length=in->sid_ctx_length; + a.session_id_context.type=V_ASN1_OCTET_STRING; + a.session_id_context.data=in->sid_ctx; + a.key_arg.length=in->key_arg_length; a.key_arg.type=V_ASN1_OCTET_STRING; a.key_arg.data=in->key_arg; @@ -158,6 +158,14 @@ unsigned char **pp; ASN1_INTEGER_set(&(a.timeout),in->timeout); } + if (in->verify_result != X509_V_OK) + { + a.verify_result.length=LSIZE2; + a.verify_result.type=V_ASN1_INTEGER; + a.verify_result.data=ibuf5; + ASN1_INTEGER_set(&a.verify_result,in->verify_result); + } + M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); @@ -171,6 +179,9 @@ unsigned char **pp; M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); + if (in->verify_result != X509_V_OK) + M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); M_ASN1_I2D_seq_total(); @@ -187,14 +198,15 @@ unsigned char **pp; M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); - + M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, + v4); + if (in->verify_result != X509_V_OK) + M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); M_ASN1_I2D_finish(); } -SSL_SESSION *d2i_SSL_SESSION(a,pp,length) -SSL_SESSION **a; -unsigned char **pp; -long length; +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, + long length) { int version,ssl_version=0,i; long id; @@ -221,7 +233,7 @@ long length; os.data=NULL; os.length=0; M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); - if (ssl_version == 2) + if (ssl_version == SSL2_VERSION) { if (os.length != 3) { @@ -233,7 +245,7 @@ long length; ((unsigned long)os.data[1]<< 8L)| (unsigned long)os.data[2]; } - else if (ssl_version == 3) + else if ((ssl_version>>8) == 3) { if (os.length != 2) { @@ -254,9 +266,9 @@ long length; ret->cipher_id=id; M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); - if (ssl_version == 3) + if ((ssl_version>>8) == SSL3_VERSION) i=SSL3_MAX_SSL_SESSION_ID_LENGTH; - else /* if (ssl_version == 2) */ + else /* if (ssl_version == SSL2_VERSION) */ i=SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) @@ -308,6 +320,30 @@ long length; } M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); + + if(os.data != NULL) + { + if (os.length > SSL_MAX_SID_CTX_LENGTH) + SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + Free(os.data); os.data=NULL; os.length=0; + } + else + ret->sid_ctx_length=0; + + ai.length=0; + M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); + if (ai.data != NULL) + { + ret->verify_result=ASN1_INTEGER_get(aip); + Free(ai.data); ai.data=NULL; ai.length=0; + } + else + ret->verify_result=X509_V_OK; + M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); } -