yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reimplement d2i_SSL_SESSION with CBS.

Browse Source 
Do away with all those unreadable macros. Also fix many many memory leaks in
the SSL_SESSION reuse case. Add a number of helper functions in CBS to help
with parsing optional fields.

Change-Id: I2ce8fd0d5b060a1b56e7f99f7780997fabc5ce41
Reviewed-on: https://boringssl-review.googlesource.com/1998
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2014-10-19 04:33:38 -04:00 committed by Adam Langley
parent fbe6f498cd
commit 83fd6b686f
6 changed files with 422 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
crypto/bytestring/bytestring_test.c
View File

@ -105,8 +105,14 @@ static int test_get_asn1(void) {
static const uint8_t kData3[] = {0x30, 0x80};
static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
static const uint8_t kData5[] = {0x30, 0x82, 0, 1, 1};
static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1};
static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1};
static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1};
static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff};
CBS data, contents;
int present;
uint64_t value;
CBS_init(&data, kData1, sizeof(kData1));
if (CBS_peek_asn1_tag(&data, 0x1) ||
@ -150,10 +156,69 @@ static int test_get_asn1(void) {
}
CBS_init(&data, NULL, 0);
/* peek at empty data. */
if (CBS_peek_asn1_tag(&data, 0x30)) {
return 0;
}
CBS_init(&data, NULL, 0);
/* optional elements at empty data. */
if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) ||
present ||
!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) ||
present ||
CBS_len(&contents) != 0 ||
!CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0) ||
CBS_len(&contents) != 0 ||
!CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) ||
value != 42) {
return 0;
}
CBS_init(&data, kData6, sizeof(kData6));
/* optional element. */
if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) ||
present ||
!CBS_get_optional_asn1(&data, &contents, &present, 0xa1) ||
!present ||
CBS_len(&contents) != 3 ||
memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) {
return 0;
}
CBS_init(&data, kData6, sizeof(kData6));
/* optional octet string. */
if (!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) ||
present ||
CBS_len(&contents) != 0 ||
!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1) ||
!present ||
CBS_len(&contents) != 1 ||
CBS_data(&contents)[0] != 1) {
return 0;
}
CBS_init(&data, kData7, sizeof(kData7));
/* invalid optional octet string. */
if (CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1)) {
return 0;
}
CBS_init(&data, kData8, sizeof(kData8));
/* optional octet string. */
if (!CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) ||
value != 42 ||
!CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42) ||
value != 1) {
return 0;
}
CBS_init(&data, kData9, sizeof(kData9));
/* invalid optional integer. */
if (CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42)) {
return 0;
}
return 1;
}

51
crypto/bytestring/cbs.c
View File

@ -305,3 +305,54 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
return 1;
}
int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) {
if (CBS_peek_asn1_tag(cbs, tag)) {
if (!CBS_get_asn1(cbs, out, tag)) {
return 0;
}
*out_present = 1;
} else {
*out_present = 0;
}
return 1;
}
int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
unsigned tag) {
CBS child;
int present;
if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
return 0;
}
if (present) {
if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
CBS_len(&child) != 0) {
return 0;
}
} else {
CBS_init(out, NULL, 0);
}
if (out_present) {
*out_present = present;
}
return 1;
}
int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned tag,
uint64_t default_value) {
CBS child;
int present;
if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
return 0;
}
if (present) {
if (!CBS_get_asn1_uint64(&child, out) ||
CBS_len(&child) != 0) {
return 0;
}
} else {
*out = default_value;
}
return 1;
}

27
include/openssl/bytestring.h
View File

@ -166,6 +166,33 @@ OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out,
* in 64 bits. */
OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
/* CBS_get_optional_asn1 gets an optional explicitly-tagged element
* from |cbs| tagged with |tag| and sets |*out| to its contents. If
* present, it sets |*out_present| to one, otherwise zero. It returns
* one on success, whether or not the element was present, and zero on
* decode failure. */
OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
unsigned tag);
/* CBS_get_optional_asn1_octet_string gets an optional
* explicitly-tagged OCTET STRING from |cbs|. If present, it sets
* |*out| to the string and |*out_present| to one. Otherwise, it sets
* |*out| to empty and |*out_present| to zero. |out_present| may be
* NULL. It returns one on success, whether or not the element was
* present, and zero on decode failure. */
OPENSSL_EXPORT int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out,
int *out_present,
unsigned tag);
/* CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
* INTEGER from |cbs|. If present, it sets |*out| to the
* value. Otherwise, it sets |*out| to |default_value|. It returns one
* on success, whether or not the element was present, and zero on
* decode failure. */
OPENSSL_EXPORT int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out,
unsigned tag,
uint64_t default_value);
/* CRYPTO ByteBuilder.
*

32
include/openssl/ssl.h
View File

@ -359,34 +359,8 @@ struct ssl_method_st
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET STRING, -- the 3 byte cipher ID
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
* Peer SHA256 [13] EXPLICIT OCTET STRING, -- optional SHA256 hash of Peer certifiate
* original handshake hash [14] EXPLICIT OCTET STRING, -- optional original handshake hash
* tlsext_signed_cert_timestamp_list [15] EXPLICIT OCTET STRING, -- optional signed cert timestamp list extension
* ocsp_response [16] EXPLICIT OCTET STRING, -- optional saved OCSP response from the server
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
/* An SSL_SESSION represents an SSL session that may be resumed in an
* abbreviated handshake. */
struct ssl_session_st
{
int ssl_version; /* what ssl version session info is
@ -2459,6 +2433,7 @@ OPENSSL_EXPORT void ERR_load_SSL_strings(void);
#define SSL_F_ssl3_cert_verify_hash 284
#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 285
#define SSL_F_ssl_ctx_log_master_secret 286
#define SSL_F_d2i_SSL_SESSION 287
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
#define SSL_R_INVALID_NULL_CMD_NAME 102
@ -2772,6 +2747,7 @@ OPENSSL_EXPORT void ERR_load_SSL_strings(void);
#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 440
#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441
#define SSL_R_SESSION_MAY_NOT_BE_CREATED 442
#define SSL_R_INVALID_SSL_SESSION 443
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020

530
ssl/ssl_asn1.c
View File

@ -81,23 +81,80 @@
* OTHERWISE. */
#include <assert.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/obj.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
OPENSSL_DECLARE_ERROR_REASON(SSL, CIPHER_CODE_WRONG_LENGTH);
OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_SSL_VERSION);
OPENSSL_DECLARE_ERROR_REASON(SSL, BAD_LENGTH);
OPENSSL_DECLARE_ERROR_FUNCTION(SSL, D2I_SSL_SESSION);
/* An SSL_SESSION is serialized as the following ASN.1 structure:
*
* SSLSession ::= SEQUENCE {
* version INTEGER (1), -- ignored
* sslVersion INTEGER, -- protocol version number
* cipher OCTET STRING, -- two bytes long
* sessionID OCTET STRING,
* masterKey OCTET STRING,
* keyArg [0] IMPLICIT OCTET STRING OPTIONAL,
* -- ignored: legacy SSLv2-only field.
* time [1] INTEGER OPTIONAL, -- seconds since UNIX epoch
* timeout [2] INTEGER OPTIONAL, -- in seconds
* peer [3] Certificate OPTIONAL,
* sessionIDContext [4] OCTET STRING OPTIONAL,
* verifyResult [5] INTEGER OPTIONAL, -- one of X509_V_* codes
* hostName [6] OCTET STRING OPTIONAL,
* -- from server_name extension
* pskIdentityHint [7] OCTET STRING OPTIONAL,
* pskIdentity [8] OCTET STRING OPTIONAL,
* ticketLifetimeHint [9] INTEGER OPTIONAL, -- client-only
* ticket [10] OCTET STRING OPTIONAL, -- client-only
* peerSHA256 [13] OCTET STRING OPTIONAL,
* originalHandshakeHash [14] OCTET STRING OPTIONAL,
* signedCertTimestampList [15] OCTET STRING OPTIONAL,
* -- contents of SCT extension
* ocspResponse [16] OCTET STRING OPTIONAL,
* -- stapled OCSP response from the server
* }
*
* Note: When the relevant features were #ifdef'd out, support for
* parsing compressionMethod [11] and srpUsername [12] was lost. */
static const int kKeyArgTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
static const int kTimeTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
static const int kTimeoutTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
static const int kPeerTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3;
static const int kSessionIDContextTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 4;
static const int kVerifyResultTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 5;
static const int kHostNameTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 6;
static const int kPSKIdentityHintTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 7;
static const int kPSKIdentityTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 8;
static const int kTicketLifetimeHintTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 9;
static const int kTicketTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 10;
static const int kPeerSHA256Tag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 13;
static const int kOriginalHandshakeHashTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 14;
static const int kSignedCertTimestampListTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 15;
static const int kOCSPResponseTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 16;
typedef struct ssl_session_asn1_st
{
@ -347,271 +404,230 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_finish();
}
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
long length)
{
int ssl_version=0,i;
long id;
ASN1_INTEGER ai,*aip;
ASN1_OCTET_STRING os,*osp;
M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
* explicitly tagged with |tag| from |cbs| and saves it in |*out|. On
* entry, if |*out| is not NULL, it frees the existing contents. If
* the element was not found, it sets |*out| to NULL. It returns one
* on success, whether or not the element was found, and zero on
* decode error. */
static int d2i_SSL_SESSION_get_string(CBS *cbs, char **out, unsigned tag) {
CBS value;
int present;
if (!CBS_get_optional_asn1_octet_string(cbs, &value, &present, tag)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
return 0;
}
if (present) {
if (CBS_contains_zero_byte(&value)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
return 0;
}
if (!CBS_strdup(&value, out)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
return 0;
}
} else if (*out) {
OPENSSL_free(*out);
*out = NULL;
}
return 1;
}
aip= &ai;
osp= &os;
/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
* explicitly tagged with |tag| from |cbs| and stows it in |*out_ptr|
* and |*out_len|. If |*out_ptr| is not NULL, it frees the existing
* contents. On entry, if the element was not found, it sets
* |*out_ptr| to NULL. It returns one on success, whether or not the
* element was found, and zero on decode error. */
static int d2i_SSL_SESSION_get_octet_string(CBS *cbs, uint8_t **out_ptr,
size_t *out_len, unsigned tag) {
CBS value;
if (!CBS_get_optional_asn1_octet_string(cbs, &value, NULL, tag)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
return 0;
}
if (!CBS_stow(&value, out_ptr, out_len)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
SSL_SESSION *ret = NULL;
CBS cbs, session, cipher, session_id, master_key;
CBS key_arg, peer, sid_ctx, peer_sha256, original_handshake_hash;
int has_key_arg, has_peer, has_peer_sha256;
uint64_t version, ssl_version;
uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;
ai.data=NULL; ai.length=0;
M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
if (a && *a) {
ret = *a;
} else {
ret = SSL_SESSION_new();
if (ret == NULL) {
goto err;
}
}
/* we don't care about the version right now :-) */
M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
ssl_version=(int)ASN1_INTEGER_get(aip);
ret->ssl_version=ssl_version;
if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
CBS_init(&cbs, *pp, length);
if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1_uint64(&session, &version) ||
!CBS_get_asn1_uint64(&session, &ssl_version) ||
!CBS_get_asn1(&session, &cipher, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||
!CBS_get_optional_asn1(&session, &key_arg, &has_key_arg, kKeyArgTag) ||
!CBS_get_optional_asn1_uint64(&session, &session_time, kTimeTag,
time(NULL)) ||
!CBS_get_optional_asn1_uint64(&session, &timeout, kTimeoutTag, 3) ||
!CBS_get_optional_asn1(&session, &peer, &has_peer, kPeerTag) ||
!CBS_get_optional_asn1_octet_string(&session, &sid_ctx, NULL,
kSessionIDContextTag) ||
!CBS_get_optional_asn1_uint64(&session, &verify_result, kVerifyResultTag,
X509_V_OK)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
if (!d2i_SSL_SESSION_get_string(&session, &ret->tlsext_hostname,
kHostNameTag) ||
!d2i_SSL_SESSION_get_string(&session, &ret->psk_identity_hint,
kPSKIdentityHintTag) ||
!d2i_SSL_SESSION_get_string(&session, &ret->psk_identity,
kPSKIdentityTag)) {
goto err;
}
if (!CBS_get_optional_asn1_uint64(&session, &ticket_lifetime_hint,
kTicketLifetimeHintTag, 0)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
if (!d2i_SSL_SESSION_get_octet_string(&session, &ret->tlsext_tick,
&ret->tlsext_ticklen, kTicketTag)) {
goto err;
}
if (!CBS_get_optional_asn1_octet_string(&session, &peer_sha256,
&has_peer_sha256, kPeerSHA256Tag) ||
!CBS_get_optional_asn1_octet_string(&session, &original_handshake_hash,
NULL, kOriginalHandshakeHashTag)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
if (!d2i_SSL_SESSION_get_octet_string(
&session, &ret->tlsext_signed_cert_timestamp_list,
&ret->tlsext_signed_cert_timestamp_list_length,
kSignedCertTimestampListTag) ||
!d2i_SSL_SESSION_get_octet_string(
&session, &ret->ocsp_response, &ret->ocsp_response_length,
kOCSPResponseTag)) {
goto err;
}
os.data=NULL; os.length=0;
M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if (ssl_version == SSL2_VERSION)
{
if (os.length != 3)
{
c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
c.line=__LINE__;
goto err;
}
id=0x02000000L|
((unsigned long)os.data[0]<<16L)|
((unsigned long)os.data[1]<< 8L)|
(unsigned long)os.data[2];
}
else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
{
if (os.length != 2)
{
c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
c.line=__LINE__;
goto err;
}
id=0x03000000L|
((unsigned long)os.data[0]<<8L)|
(unsigned long)os.data[1];
}
else
{
c.error=SSL_R_UNKNOWN_SSL_VERSION;
c.line=__LINE__;
goto err;
}
ret->cipher_id=id;
ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
if (ret->cipher == NULL)
{
c.error=SSL_R_UNSUPPORTED_CIPHER;
c.line = __LINE__;
goto err;
}
/* Ignore |version|. The structure version number is ignored. */
M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
/* Only support SSLv3/TLS and DTLS. */
if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&
(ssl_version >> 8) != (DTLS1_VERSION >> 8)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
goto err;
}
ret->ssl_version = ssl_version;
if (os.length > i)
os.length = i;
if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
os.length = sizeof(ret->session_id);
if (CBS_len(&cipher) != 2) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
goto err;
}
ret->cipher_id =
0x03000000L | (CBS_data(&cipher)[0] << 8L) | CBS_data(&cipher)[1];
ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
if (ret->cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER);
goto err;
}
ret->session_id_length=os.length;
assert(os.length <= (int)sizeof(ret->session_id));
memcpy(ret->session_id,os.data,os.length);
if (CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
ret->session_id_length = CBS_len(&session_id);
M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
else
ret->master_key_length=os.length;
memcpy(ret->master_key,os.data,ret->master_key_length);
if (CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
ret->master_key_length = CBS_len(&master_key);
os.length=0;
if (session_time > LONG_MAX ||
timeout > LONG_MAX) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
ret->time = session_time;
ret->timeout = timeout;
/* [0] is the tag for key_arg, a no longer used remnant of
* SSLv2. */
M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
if (os.data != NULL) OPENSSL_free(os.data);
if (ret->peer != NULL) {
X509_free(ret->peer);
ret->peer = NULL;
}
if (has_peer) {
const uint8_t *ptr;
ptr = CBS_data(&peer);
ret->peer = d2i_X509(NULL, &ptr, CBS_len(&peer));
if (ret->peer == NULL) {
goto err;
}
if (ptr != CBS_data(&peer) + CBS_len(&peer)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
}
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
if (ai.data != NULL)
{
ret->time=ASN1_INTEGER_get(aip);
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
}
else
ret->time=(unsigned long)time(NULL);
if (CBS_len(&sid_ctx) > sizeof(ret->sid_ctx)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
memcpy(ret->sid_ctx, CBS_data(&sid_ctx), CBS_len(&sid_ctx));
ret->sid_ctx_length = CBS_len(&sid_ctx);
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
if (ai.data != NULL)
{
ret->timeout=ASN1_INTEGER_get(aip);
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
}
else
ret->timeout=3;
if (verify_result > LONG_MAX ||
ticket_lifetime_hint > 0xffffffff) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
ret->verify_result = verify_result;
ret->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
if (ret->peer != NULL)
{
X509_free(ret->peer);
ret->peer=NULL;
}
M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
if (has_peer_sha256) {
if (CBS_len(&peer_sha256) != sizeof(ret->peer_sha256)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256));
ret->peer_sha256_valid = 1;
} else {
ret->peer_sha256_valid = 0;
}
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
if (CBS_len(&original_handshake_hash) >
sizeof(ret->original_handshake_hash)) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
memcpy(ret->original_handshake_hash, CBS_data(&original_handshake_hash),
CBS_len(&original_handshake_hash));
ret->original_handshake_hash_len = CBS_len(&original_handshake_hash);
if(os.data != NULL)
{
if (os.length > SSL_MAX_SID_CTX_LENGTH)
{
c.error=SSL_R_BAD_LENGTH;
c.line=__LINE__;
goto err;
}
else
{
ret->sid_ctx_length=os.length;
memcpy(ret->sid_ctx,os.data,os.length);
}
OPENSSL_free(os.data); os.data=NULL; os.length=0;
}
else
ret->sid_ctx_length=0;
if (a) {
*a = ret;
}
*pp = CBS_data(&cbs);
return ret;
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
if (ai.data != NULL)
{
ret->verify_result=ASN1_INTEGER_get(aip);
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
}
else
ret->verify_result=X509_V_OK;
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
if (os.data)
{
ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
OPENSSL_free(os.data);
os.data = NULL;
os.length = 0;
}
else
ret->tlsext_hostname=NULL;
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
if (os.data)
{
ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
OPENSSL_free(os.data);
os.data = NULL;
os.length = 0;
}
else
ret->psk_identity_hint=NULL;
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
if (os.data)
{
ret->psk_identity = BUF_strndup((char *)os.data, os.length);
OPENSSL_free(os.data);
os.data = NULL;
os.length = 0;
}
else
ret->psk_identity=NULL;
ai.length=0;
M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
if (ai.data != NULL)
{
ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
}
else if (ret->tlsext_ticklen && ret->session_id_length)
ret->tlsext_tick_lifetime_hint = -1;
else
ret->tlsext_tick_lifetime_hint=0;
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
if (os.data)
{
ret->tlsext_tick = os.data;
ret->tlsext_ticklen = os.length;
os.data = NULL;
os.length = 0;
}
else
ret->tlsext_tick=NULL;
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,13);
if (os.data && os.length == sizeof(ret->peer_sha256))
{
memcpy(ret->peer_sha256, os.data, sizeof(ret->peer_sha256));
ret->peer_sha256_valid = 1;
OPENSSL_free(os.data);
os.data = NULL;
}
os.length=0;
os.data=NULL;
M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
{
memcpy(ret->original_handshake_hash, os.data, os.length);
ret->original_handshake_hash_len = os.length;
OPENSSL_free(os.data);
os.data = NULL;
}
os.length = 0;
os.data = NULL;
M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 15);
if (os.data)
{
if (ret->tlsext_signed_cert_timestamp_list)
OPENSSL_free(ret->tlsext_signed_cert_timestamp_list);
ret->tlsext_signed_cert_timestamp_list = os.data;
ret->tlsext_signed_cert_timestamp_list_length = os.length;
os.data = NULL;
}
os.length = 0;
os.data = NULL;
M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 16);
if (os.data)
{
if (ret->ocsp_response)
OPENSSL_free(ret->ocsp_response);
ret->ocsp_response = os.data;
ret->ocsp_response_length = os.length;
os.data = NULL;
}
M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
}
err:
if (a && *a != ret) {
SSL_SESSION_free(ret);
}
return NULL;
}

2
ssl/ssl_error.c
View File

@ -70,6 +70,7 @@ const ERR_STRING_DATA SSL_error_string_data[] = {
{ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_write, 0), "SSL_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_authz_find_data, 0), "authz_find_data"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_check_suiteb_cipher_list, 0), "check_suiteb_cipher_list"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_d2i_SSL_SESSION, 0), "d2i_SSL_SESSION"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_do_dtls1_write, 0), "do_dtls1_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_do_ssl3_write, 0), "do_ssl3_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_accept, 0), "dtls1_accept"},
@ -320,6 +321,7 @@ const ERR_STRING_DATA SSL_error_string_data[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_PURPOSE), "INVALID_PURPOSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), "INVALID_SERVERINFO_DATA"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), "INVALID_SRP_USERNAME"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SSL_SESSION), "INVALID_SSL_SESSION"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), "INVALID_STATUS_RESPONSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), "INVALID_TICKET_KEYS_LENGTH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TRUST), "INVALID_TRUST"},