Symaptic: os/ossrv/ssl/libssl/src/ssl_asn1.c@bde4ae8d615e (annotated)

sl@0	1	/* ssl/ssl_asn1.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58
sl@0	59	#include <stdio.h>
sl@0	60	#include <stdlib.h>
sl@0	61	#include "ssl_locl.h"
sl@0	62	#include <openssl/asn1_mac.h>
sl@0	63	#include <openssl/objects.h>
sl@0	64	#include <openssl/x509.h>
sl@0	65
sl@0	66	typedef struct ssl_session_asn1_st
sl@0	67	{
sl@0	68	ASN1_INTEGER version;
sl@0	69	ASN1_INTEGER ssl_version;
sl@0	70	ASN1_OCTET_STRING cipher;
sl@0	71	ASN1_OCTET_STRING master_key;
sl@0	72	ASN1_OCTET_STRING session_id;
sl@0	73	ASN1_OCTET_STRING session_id_context;
sl@0	74	ASN1_OCTET_STRING key_arg;
sl@0	75	#ifndef OPENSSL_NO_KRB5
sl@0	76	ASN1_OCTET_STRING krb5_princ;
sl@0	77	#endif /* OPENSSL_NO_KRB5 */
sl@0	78	ASN1_INTEGER time;
sl@0	79	ASN1_INTEGER timeout;
sl@0	80	ASN1_INTEGER verify_result;
sl@0	81	} SSL_SESSION_ASN1;
sl@0	82
sl@0	83	EXPORT_C int i2d_SSL_SESSION(SSL_SESSION in, unsigned char *pp)
sl@0	84	{
sl@0	85	#define LSIZE2 (sizeof(long)*2)
sl@0	86	int v1=0,v2=0,v3=0,v4=0,v5=0;
sl@0	87	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
sl@0	88	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
sl@0	89	long l;
sl@0	90	SSL_SESSION_ASN1 a;
sl@0	91	M_ASN1_I2D_vars(in);
sl@0	92
sl@0	93	if ((in == NULL) \|\| ((in->cipher == NULL) && (in->cipher_id == 0)))
sl@0	94	return(0);
sl@0	95
sl@0	96	/* Note that I cheat in the following 2 assignments. I know
sl@0	97	* that if the ASN1_INTEGER passed to ASN1_INTEGER_set
sl@0	98	* is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
sl@0	99	* This is a bit evil but makes things simple, no dynamic allocation
sl@0	100	* to clean up :-) */
sl@0	101	a.version.length=LSIZE2;
sl@0	102	a.version.type=V_ASN1_INTEGER;
sl@0	103	a.version.data=ibuf1;
sl@0	104	ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
sl@0	105
sl@0	106	a.ssl_version.length=LSIZE2;
sl@0	107	a.ssl_version.type=V_ASN1_INTEGER;
sl@0	108	a.ssl_version.data=ibuf2;
sl@0	109	ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
sl@0	110
sl@0	111	a.cipher.type=V_ASN1_OCTET_STRING;
sl@0	112	a.cipher.data=buf;
sl@0	113
sl@0	114	if (in->cipher == NULL)
sl@0	115	l=in->cipher_id;
sl@0	116	else
sl@0	117	l=in->cipher->id;
sl@0	118	if (in->ssl_version == SSL2_VERSION)
sl@0	119	{
sl@0	120	a.cipher.length=3;
sl@0	121	buf[0]=((unsigned char)(l>>16L))&0xff;
sl@0	122	buf[1]=((unsigned char)(l>> 8L))&0xff;
sl@0	123	buf[2]=((unsigned char)(l ))&0xff;
sl@0	124	}
sl@0	125	else
sl@0	126	{
sl@0	127	a.cipher.length=2;
sl@0	128	buf[0]=((unsigned char)(l>>8L))&0xff;
sl@0	129	buf[1]=((unsigned char)(l ))&0xff;
sl@0	130	}
sl@0	131
sl@0	132	a.master_key.length=in->master_key_length;
sl@0	133	a.master_key.type=V_ASN1_OCTET_STRING;
sl@0	134	a.master_key.data=in->master_key;
sl@0	135
sl@0	136	a.session_id.length=in->session_id_length;
sl@0	137	a.session_id.type=V_ASN1_OCTET_STRING;
sl@0	138	a.session_id.data=in->session_id;
sl@0	139
sl@0	140	a.session_id_context.length=in->sid_ctx_length;
sl@0	141	a.session_id_context.type=V_ASN1_OCTET_STRING;
sl@0	142	a.session_id_context.data=in->sid_ctx;
sl@0	143
sl@0	144	a.key_arg.length=in->key_arg_length;
sl@0	145	a.key_arg.type=V_ASN1_OCTET_STRING;
sl@0	146	a.key_arg.data=in->key_arg;
sl@0	147
sl@0	148	#ifndef OPENSSL_NO_KRB5
sl@0	149	if (in->krb5_client_princ_len)
sl@0	150	{
sl@0	151	a.krb5_princ.length=in->krb5_client_princ_len;
sl@0	152	a.krb5_princ.type=V_ASN1_OCTET_STRING;
sl@0	153	a.krb5_princ.data=in->krb5_client_princ;
sl@0	154	}
sl@0	155	#endif /* OPENSSL_NO_KRB5 */
sl@0	156
sl@0	157	if (in->time != 0L)
sl@0	158	{
sl@0	159	a.time.length=LSIZE2;
sl@0	160	a.time.type=V_ASN1_INTEGER;
sl@0	161	a.time.data=ibuf3;
sl@0	162	ASN1_INTEGER_set(&(a.time),in->time);
sl@0	163	}
sl@0	164
sl@0	165	if (in->timeout != 0L)
sl@0	166	{
sl@0	167	a.timeout.length=LSIZE2;
sl@0	168	a.timeout.type=V_ASN1_INTEGER;
sl@0	169	a.timeout.data=ibuf4;
sl@0	170	ASN1_INTEGER_set(&(a.timeout),in->timeout);
sl@0	171	}
sl@0	172
sl@0	173	if (in->verify_result != X509_V_OK)
sl@0	174	{
sl@0	175	a.verify_result.length=LSIZE2;
sl@0	176	a.verify_result.type=V_ASN1_INTEGER;
sl@0	177	a.verify_result.data=ibuf5;
sl@0	178	ASN1_INTEGER_set(&a.verify_result,in->verify_result);
sl@0	179	}
sl@0	180
sl@0	181	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
sl@0	182	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
sl@0	183	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
sl@0	184	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
sl@0	185	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
sl@0	186	#ifndef OPENSSL_NO_KRB5
sl@0	187	if (in->krb5_client_princ_len)
sl@0	188	M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
sl@0	189	#endif /* OPENSSL_NO_KRB5 */
sl@0	190	if (in->key_arg_length > 0)
sl@0	191	M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
sl@0	192	if (in->time != 0L)
sl@0	193	M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
sl@0	194	if (in->timeout != 0L)
sl@0	195	M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
sl@0	196	if (in->peer != NULL)
sl@0	197	M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
sl@0	198	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
sl@0	199	if (in->verify_result != X509_V_OK)
sl@0	200	M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
sl@0	201
sl@0	202	M_ASN1_I2D_seq_total();
sl@0	203
sl@0	204	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
sl@0	205	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
sl@0	206	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
sl@0	207	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
sl@0	208	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
sl@0	209	#ifndef OPENSSL_NO_KRB5
sl@0	210	if (in->krb5_client_princ_len)
sl@0	211	M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
sl@0	212	#endif /* OPENSSL_NO_KRB5 */
sl@0	213	if (in->key_arg_length > 0)
sl@0	214	M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
sl@0	215	if (in->time != 0L)
sl@0	216	M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
sl@0	217	if (in->timeout != 0L)
sl@0	218	M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
sl@0	219	if (in->peer != NULL)
sl@0	220	M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
sl@0	221	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
sl@0	222	v4);
sl@0	223	if (in->verify_result != X509_V_OK)
sl@0	224	M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
sl@0	225	M_ASN1_I2D_finish();
sl@0	226	}
sl@0	227
sl@0	228	EXPORT_C SSL_SESSION d2i_SSL_SESSION(SSL_SESSION a, const unsigned char *pp,
sl@0	229	long length)
sl@0	230	{
sl@0	231	int version,ssl_version=0,i;
sl@0	232	long id;
sl@0	233	ASN1_INTEGER ai,*aip;
sl@0	234	ASN1_OCTET_STRING os,*osp;
sl@0	235	M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
sl@0	236
sl@0	237	aip= &ai;
sl@0	238	osp= &os;
sl@0	239
sl@0	240	M_ASN1_D2I_Init();
sl@0	241	M_ASN1_D2I_start_sequence();
sl@0	242
sl@0	243	ai.data=NULL; ai.length=0;
sl@0	244	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
sl@0	245	version=(int)ASN1_INTEGER_get(aip);
sl@0	246	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
sl@0	247
sl@0	248	/* we don't care about the version right now :-) */
sl@0	249	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
sl@0	250	ssl_version=(int)ASN1_INTEGER_get(aip);
sl@0	251	ret->ssl_version=ssl_version;
sl@0	252	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
sl@0	253
sl@0	254	os.data=NULL; os.length=0;
sl@0	255	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
sl@0	256	if (ssl_version == SSL2_VERSION)
sl@0	257	{
sl@0	258	if (os.length != 3)
sl@0	259	{
sl@0	260	c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
sl@0	261	goto err;
sl@0	262	}
sl@0	263	id=0x02000000L\|
sl@0	264	((unsigned long)os.data[0]<<16L)\|
sl@0	265	((unsigned long)os.data[1]<< 8L)\|
sl@0	266	(unsigned long)os.data[2];
sl@0	267	}
sl@0	268	else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
sl@0	269	{
sl@0	270	if (os.length != 2)
sl@0	271	{
sl@0	272	c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
sl@0	273	goto err;
sl@0	274	}
sl@0	275	id=0x03000000L\|
sl@0	276	((unsigned long)os.data[0]<<8L)\|
sl@0	277	(unsigned long)os.data[1];
sl@0	278	}
sl@0	279	else
sl@0	280	{
sl@0	281	SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
sl@0	282	return(NULL);
sl@0	283	}
sl@0	284
sl@0	285	ret->cipher=NULL;
sl@0	286	ret->cipher_id=id;
sl@0	287
sl@0	288	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
sl@0	289	if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
sl@0	290	i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
sl@0	291	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
sl@0	292	i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
sl@0	293
sl@0	294	if (os.length > i)
sl@0	295	os.length = i;
sl@0	296	if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
sl@0	297	os.length = sizeof(ret->session_id);
sl@0	298
sl@0	299	ret->session_id_length=os.length;
sl@0	300	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
sl@0	301	memcpy(ret->session_id,os.data,os.length);
sl@0	302
sl@0	303	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
sl@0	304	if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
sl@0	305	ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
sl@0	306	else
sl@0	307	ret->master_key_length=os.length;
sl@0	308	memcpy(ret->master_key,os.data,ret->master_key_length);
sl@0	309
sl@0	310	os.length=0;
sl@0	311
sl@0	312	#ifndef OPENSSL_NO_KRB5
sl@0	313	os.length=0;
sl@0	314	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
sl@0	315	if (os.data)
sl@0	316	{
sl@0	317	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
sl@0	318	ret->krb5_client_princ_len=0;
sl@0	319	else
sl@0	320	ret->krb5_client_princ_len=os.length;
sl@0	321	memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
sl@0	322	OPENSSL_free(os.data);
sl@0	323	os.data = NULL;
sl@0	324	os.length = 0;
sl@0	325	}
sl@0	326	else
sl@0	327	ret->krb5_client_princ_len=0;
sl@0	328	#endif /* OPENSSL_NO_KRB5 */
sl@0	329
sl@0	330	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
sl@0	331	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
sl@0	332	ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
sl@0	333	else
sl@0	334	ret->key_arg_length=os.length;
sl@0	335	memcpy(ret->key_arg,os.data,ret->key_arg_length);
sl@0	336	if (os.data != NULL) OPENSSL_free(os.data);
sl@0	337
sl@0	338	ai.length=0;
sl@0	339	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
sl@0	340	if (ai.data != NULL)
sl@0	341	{
sl@0	342	ret->time=ASN1_INTEGER_get(aip);
sl@0	343	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
sl@0	344	}
sl@0	345	else
sl@0	346	ret->time=(unsigned long)time(NULL);
sl@0	347
sl@0	348	ai.length=0;
sl@0	349	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
sl@0	350	if (ai.data != NULL)
sl@0	351	{
sl@0	352	ret->timeout=ASN1_INTEGER_get(aip);
sl@0	353	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
sl@0	354	}
sl@0	355	else
sl@0	356	ret->timeout=3;
sl@0	357
sl@0	358	if (ret->peer != NULL)
sl@0	359	{
sl@0	360	X509_free(ret->peer);
sl@0	361	ret->peer=NULL;
sl@0	362	}
sl@0	363	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
sl@0	364
sl@0	365	os.length=0;
sl@0	366	os.data=NULL;
sl@0	367	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
sl@0	368
sl@0	369	if(os.data != NULL)
sl@0	370	{
sl@0	371	if (os.length > SSL_MAX_SID_CTX_LENGTH)
sl@0	372	{
sl@0	373	ret->sid_ctx_length=os.length;
sl@0	374	SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
sl@0	375	}
sl@0	376	else
sl@0	377	{
sl@0	378	ret->sid_ctx_length=os.length;
sl@0	379	memcpy(ret->sid_ctx,os.data,os.length);
sl@0	380	}
sl@0	381	OPENSSL_free(os.data); os.data=NULL; os.length=0;
sl@0	382	}
sl@0	383	else
sl@0	384	ret->sid_ctx_length=0;
sl@0	385
sl@0	386	ai.length=0;
sl@0	387	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
sl@0	388	if (ai.data != NULL)
sl@0	389	{
sl@0	390	ret->verify_result=ASN1_INTEGER_get(aip);
sl@0	391	OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
sl@0	392	}
sl@0	393	else
sl@0	394	ret->verify_result=X509_V_OK;
sl@0	395
sl@0	396
sl@0	397	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
sl@0	398	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--