kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
752 Incheckningar
12 Grenar
38 MiB
 
 
 
 
 
 
Träd: d3bcf13165
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'd3bcf13165'
${ noResults }
boringssl/ssl/ssl_asn1.c

600 rader
22 KiB
Blame Historik 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright 2005 Nokia. All rights reserved.

  59.  *

  60.  * The portions of the attached software ("Contribution") is developed by

  61.  * Nokia Corporation and is licensed pursuant to the OpenSSL open source

  62.  * license.

  63.  *

  64.  * The Contribution, originally written by Mika Kousa and Pasi Eronen of

  65.  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

  66.  * support (see RFC 4279) to OpenSSL.

  67.  *

  68.  * No patent licenses or other rights except those expressly stated in

  69.  * the OpenSSL open source license shall be deemed granted or received

  70.  * expressly, by implication, estoppel, or otherwise.

  71.  *

  72.  * No assurances are provided by Nokia that the Contribution does not

  73.  * infringe the patent or other intellectual property rights of any third

  74.  * party or that the license provides you with all the necessary rights

  75.  * to make use of the Contribution.

  76.  *

  77.  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

  78.  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

  79.  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

  80.  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

  81.  * OTHERWISE. */

  82. 

  83. #include <limits.h>

  84. #include <string.h>

  85. 

  86. #include <openssl/bytestring.h>

  87. #include <openssl/err.h>

  88. #include <openssl/x509.h>

  89. 

  90. #include "ssl_locl.h"

  91. 

  92. 

  93. /* An SSL_SESSION is serialized as the following ASN.1 structure:

  94.  *

  95.  * SSLSession ::= SEQUENCE {

  96.  *     version                     INTEGER (1),  -- ignored

  97.  *     sslVersion                  INTEGER,      -- protocol version number

  98.  *     cipher                      OCTET STRING, -- two bytes long

  99.  *     sessionID                   OCTET STRING,

  100.  *     masterKey                   OCTET STRING,

  101.  *     time                    [1] INTEGER OPTIONAL, -- seconds since UNIX epoch

  102.  *     timeout                 [2] INTEGER OPTIONAL, -- in seconds

  103.  *     peer                    [3] Certificate OPTIONAL,

  104.  *     sessionIDContext        [4] OCTET STRING OPTIONAL,

  105.  *     verifyResult            [5] INTEGER OPTIONAL,  -- one of X509_V_* codes

  106.  *     hostName                [6] OCTET STRING OPTIONAL,

  107.  *                                 -- from server_name extension

  108.  *     pskIdentity             [8] OCTET STRING OPTIONAL,

  109.  *     ticketLifetimeHint      [9] INTEGER OPTIONAL,       -- client-only

  110.  *     ticket                  [10] OCTET STRING OPTIONAL, -- client-only

  111.  *     peerSHA256              [13] OCTET STRING OPTIONAL,

  112.  *     originalHandshakeHash   [14] OCTET STRING OPTIONAL,

  113.  *     signedCertTimestampList [15] OCTET STRING OPTIONAL,

  114.  *                                  -- contents of SCT extension

  115.  *     ocspResponse            [16] OCTET STRING OPTIONAL,

  116.  *                                   -- stapled OCSP response from the server

  117.  *     extendedMasterSecret    [17] BOOLEAN OPTIONAL,

  118.  * }

  119.  *

  120.  * Note: historically this serialization has included other optional

  121.  * fields. Their presense is currently treated as a parse error:

  122.  *

  123.  *     keyArg                  [0] IMPLICIT OCTET STRING OPTIONAL,

  124.  *     pskIdentityHint         [7] OCTET STRING OPTIONAL,

  125.  *     compressionMethod       [11] OCTET STRING OPTIONAL,

  126.  *     srpUsername             [12] OCTET STRING OPTIONAL, */

  127. 

  128. static const int kTimeTag =

  129.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;

  130. static const int kTimeoutTag =

  131.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;

  132. static const int kPeerTag =

  133.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3;

  134.  static const int kSessionIDContextTag =

  135.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 4;

  136. static const int kVerifyResultTag =

  137.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 5;

  138. static const int kHostNameTag =

  139.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 6;

  140. static const int kPSKIdentityTag =

  141.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 8;

  142. static const int kTicketLifetimeHintTag =

  143.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 9;

  144. static const int kTicketTag =

  145.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 10;

  146. static const int kPeerSHA256Tag =

  147.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 13;

  148. static const int kOriginalHandshakeHashTag =

  149.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 14;

  150. static const int kSignedCertTimestampListTag =

  151.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 15;

  152. static const int kOCSPResponseTag =

  153.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 16;

  154. static const int kExtendedMasterSecretTag =

  155.     CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 17;

  156. 

  157. static int SSL_SESSION_to_bytes_full(SSL_SESSION *in, uint8_t **out_data,

  158.                                      size_t *out_len, int for_ticket) {

  159.   CBB cbb, session, child, child2;

  160.   uint16_t cipher_id;

  161. 

  162.   if (in == NULL || (in->cipher == NULL && in->cipher_id == 0)) {

  163.     return 0;

  164.   }

  165. 

  166.   if (!CBB_init(&cbb, 0)) {

  167.     return 0;

  168.   }

  169. 

  170.   if (in->cipher == NULL) {

  171.     cipher_id = in->cipher_id & 0xffff;

  172.   } else {

  173.     cipher_id = in->cipher->id & 0xffff;

  174.   }

  175. 

  176.   if (!CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE) ||

  177.       !CBB_add_asn1_uint64(&session, SSL_SESSION_ASN1_VERSION) ||

  178.       !CBB_add_asn1_uint64(&session, in->ssl_version) ||

  179.       !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||

  180.       !CBB_add_u16(&child, cipher_id) ||

  181.       !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||

  182.       /* The session ID is irrelevant for a session ticket. */

  183.       !CBB_add_bytes(&child, in->session_id,

  184.                      for_ticket ? 0 : in->session_id_length) ||

  185.       !CBB_add_asn1(&session, &child, CBS_ASN1_OCTETSTRING) ||

  186.       !CBB_add_bytes(&child, in->master_key, in->master_key_length)) {

  187.     OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  188.     goto err;

  189.   }

  190. 

  191.   if (in->time != 0) {

  192.     if (!CBB_add_asn1(&session, &child, kTimeTag) ||

  193.         !CBB_add_asn1_uint64(&child, in->time)) {

  194.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  195.       goto err;

  196.     }

  197.   }

  198. 

  199.   if (in->timeout != 0) {

  200.     if (!CBB_add_asn1(&session, &child, kTimeoutTag) ||

  201.         !CBB_add_asn1_uint64(&child, in->timeout)) {

  202.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  203.       goto err;

  204.     }

  205.   }

  206. 

  207.   /* The peer certificate is only serialized if the SHA-256 isn't

  208.    * serialized instead. */

  209.   if (in->peer && !in->peer_sha256_valid) {

  210.     uint8_t *buf;

  211.     int len = i2d_X509(in->peer, NULL);

  212.     if (len < 0) {

  213.       goto err;

  214.     }

  215.     if (!CBB_add_asn1(&session, &child, kPeerTag) ||

  216.         !CBB_add_space(&child, &buf, len)) {

  217.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  218.       goto err;

  219.     }

  220.     if (buf != NULL && i2d_X509(in->peer, &buf) < 0) {

  221.       goto err;

  222.     }

  223.   }

  224. 

  225.   /* Although it is OPTIONAL and usually empty, OpenSSL has

  226.    * historically always encoded the sid_ctx. */

  227.   if (!CBB_add_asn1(&session, &child, kSessionIDContextTag) ||

  228.       !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  229.       !CBB_add_bytes(&child2, in->sid_ctx, in->sid_ctx_length)) {

  230.     OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  231.     goto err;

  232.   }

  233. 

  234.   if (in->verify_result != X509_V_OK) {

  235.     if (!CBB_add_asn1(&session, &child, kVerifyResultTag) ||

  236.         !CBB_add_asn1_uint64(&child, in->verify_result)) {

  237.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  238.       goto err;

  239.     }

  240.   }

  241. 

  242.   if (in->tlsext_hostname) {

  243.     if (!CBB_add_asn1(&session, &child, kHostNameTag) ||

  244.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  245.         !CBB_add_bytes(&child2, (const uint8_t *)in->tlsext_hostname,

  246.                        strlen(in->tlsext_hostname))) {

  247.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  248.       goto err;

  249.     }

  250.   }

  251. 

  252.   if (in->psk_identity) {

  253.     if (!CBB_add_asn1(&session, &child, kPSKIdentityTag) ||

  254.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  255.         !CBB_add_bytes(&child2, (const uint8_t *)in->psk_identity,

  256.                        strlen(in->psk_identity))) {

  257.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  258.       goto err;

  259.     }

  260.   }

  261. 

  262.   if (in->tlsext_tick_lifetime_hint > 0) {

  263.     if (!CBB_add_asn1(&session, &child, kTicketLifetimeHintTag) ||

  264.         !CBB_add_asn1_uint64(&child, in->tlsext_tick_lifetime_hint)) {

  265.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  266.       goto err;

  267.     }

  268.   }

  269. 

  270.   if (in->tlsext_tick) {

  271.     if (!CBB_add_asn1(&session, &child, kTicketTag) ||

  272.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  273.         !CBB_add_bytes(&child2, in->tlsext_tick, in->tlsext_ticklen)) {

  274.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  275.       goto err;

  276.     }

  277.   }

  278. 

  279.   if (in->peer_sha256_valid) {

  280.     if (!CBB_add_asn1(&session, &child, kPeerSHA256Tag) ||

  281.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  282.         !CBB_add_bytes(&child2, in->peer_sha256, sizeof(in->peer_sha256))) {

  283.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  284.       goto err;

  285.     }

  286.   }

  287. 

  288.   if (in->original_handshake_hash_len > 0) {

  289.     if (!CBB_add_asn1(&session, &child, kOriginalHandshakeHashTag) ||

  290.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  291.         !CBB_add_bytes(&child2, in->original_handshake_hash,

  292.                        in->original_handshake_hash_len)) {

  293.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  294.       goto err;

  295.     }

  296.   }

  297. 

  298.   if (in->tlsext_signed_cert_timestamp_list_length > 0) {

  299.     if (!CBB_add_asn1(&session, &child, kSignedCertTimestampListTag) ||

  300.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  301.         !CBB_add_bytes(&child2, in->tlsext_signed_cert_timestamp_list,

  302.                        in->tlsext_signed_cert_timestamp_list_length)) {

  303.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  304.       goto err;

  305.     }

  306.   }

  307. 

  308.   if (in->ocsp_response_length > 0) {

  309.     if (!CBB_add_asn1(&session, &child, kOCSPResponseTag) ||

  310.         !CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||

  311.         !CBB_add_bytes(&child2, in->ocsp_response, in->ocsp_response_length)) {

  312.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  313.       goto err;

  314.     }

  315.   }

  316. 

  317.   if (in->extended_master_secret) {

  318.     if (!CBB_add_asn1(&session, &child, kExtendedMasterSecretTag) ||

  319.         !CBB_add_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||

  320.         !CBB_add_u8(&child2, 0xff)) {

  321.       OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  322.       goto err;

  323.     }

  324.   }

  325. 

  326.   if (!CBB_finish(&cbb, out_data, out_len)) {

  327.     OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  328.     goto err;

  329.   }

  330.   return 1;

  331. 

  332.  err:

  333.   CBB_cleanup(&cbb);

  334.   return 0;

  335. }

  336. 

  337. int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data, size_t *out_len) {

  338.   return SSL_SESSION_to_bytes_full(in, out_data, out_len, 0);

  339. }

  340. 

  341. int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in, uint8_t **out_data,

  342.                                     size_t *out_len) {

  343.   return SSL_SESSION_to_bytes_full(in, out_data, out_len, 1);

  344. }

  345. 

  346. int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp) {

  347.   uint8_t *out;

  348.   size_t len;

  349. 

  350.   if (!SSL_SESSION_to_bytes(in, &out, &len)) {

  351.     return -1;

  352.   }

  353. 

  354.   if (len > INT_MAX) {

  355.     OPENSSL_free(out);

  356.     OPENSSL_PUT_ERROR(SSL, i2d_SSL_SESSION, ERR_R_OVERFLOW);

  357.     return -1;

  358.   }

  359. 

  360.   if (pp) {

  361.     memcpy(*pp, out, len);

  362.     *pp += len;

  363.   }

  364.   OPENSSL_free(out);

  365. 

  366.   return len;

  367. }

  368. 

  369. /* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING

  370.  * explicitly tagged with |tag| from |cbs| and saves it in |*out|. On

  371.  * entry, if |*out| is not NULL, it frees the existing contents. If

  372.  * the element was not found, it sets |*out| to NULL. It returns one

  373.  * on success, whether or not the element was found, and zero on

  374.  * decode error. */

  375. static int d2i_SSL_SESSION_get_string(CBS *cbs, char **out, unsigned tag) {

  376.   CBS value;

  377.   int present;

  378.   if (!CBS_get_optional_asn1_octet_string(cbs, &value, &present, tag)) {

  379.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  380.     return 0;

  381.   }

  382.   if (present) {

  383.     if (CBS_contains_zero_byte(&value)) {

  384.       OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  385.       return 0;

  386.     }

  387.     if (!CBS_strdup(&value, out)) {

  388.       OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  389.       return 0;

  390.     }

  391.   } else if (*out) {

  392.     OPENSSL_free(*out);

  393.     *out = NULL;

  394.   }

  395.   return 1;

  396. }

  397. 

  398. /* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING

  399.  * explicitly tagged with |tag| from |cbs| and stows it in |*out_ptr|

  400.  * and |*out_len|. If |*out_ptr| is not NULL, it frees the existing

  401.  * contents. On entry, if the element was not found, it sets

  402.  * |*out_ptr| to NULL. It returns one on success, whether or not the

  403.  * element was found, and zero on decode error. */

  404. static int d2i_SSL_SESSION_get_octet_string(CBS *cbs, uint8_t **out_ptr,

  405.                                             size_t *out_len, unsigned tag) {

  406.   CBS value;

  407.   if (!CBS_get_optional_asn1_octet_string(cbs, &value, NULL, tag)) {

  408.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  409.     return 0;

  410.   }

  411.   if (!CBS_stow(&value, out_ptr, out_len)) {

  412.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);

  413.     return 0;

  414.   }

  415.   return 1;

  416. }

  417. 

  418. SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {

  419.   SSL_SESSION *ret = NULL;

  420.   CBS cbs, session, cipher, session_id, master_key;

  421.   CBS peer, sid_ctx, peer_sha256, original_handshake_hash;

  422.   int has_peer, has_peer_sha256, extended_master_secret;

  423.   uint64_t version, ssl_version;

  424.   uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;

  425. 

  426.   if (a && *a) {

  427.     ret = *a;

  428.   } else {

  429.     ret = SSL_SESSION_new();

  430.     if (ret == NULL) {

  431.       goto err;

  432.     }

  433.   }

  434. 

  435.   CBS_init(&cbs, *pp, length);

  436.   if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE) ||

  437.       !CBS_get_asn1_uint64(&session, &version) ||

  438.       !CBS_get_asn1_uint64(&session, &ssl_version) ||

  439.       !CBS_get_asn1(&session, &cipher, CBS_ASN1_OCTETSTRING) ||

  440.       !CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||

  441.       !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||

  442.       !CBS_get_optional_asn1_uint64(&session, &session_time, kTimeTag,

  443.                                     time(NULL)) ||

  444.       !CBS_get_optional_asn1_uint64(&session, &timeout, kTimeoutTag, 3) ||

  445.       !CBS_get_optional_asn1(&session, &peer, &has_peer, kPeerTag) ||

  446.       !CBS_get_optional_asn1_octet_string(&session, &sid_ctx, NULL,

  447.                                           kSessionIDContextTag) ||

  448.       !CBS_get_optional_asn1_uint64(&session, &verify_result, kVerifyResultTag,

  449.                                     X509_V_OK)) {

  450.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  451.     goto err;

  452.   }

  453.   if (!d2i_SSL_SESSION_get_string(&session, &ret->tlsext_hostname,

  454.                                   kHostNameTag) ||

  455.       !d2i_SSL_SESSION_get_string(&session, &ret->psk_identity,

  456.                                   kPSKIdentityTag)) {

  457.     goto err;

  458.   }

  459.   if (!CBS_get_optional_asn1_uint64(&session, &ticket_lifetime_hint,

  460.                                     kTicketLifetimeHintTag, 0)) {

  461.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  462.     goto err;

  463.   }

  464.   if (!d2i_SSL_SESSION_get_octet_string(&session, &ret->tlsext_tick,

  465.                                         &ret->tlsext_ticklen, kTicketTag)) {

  466.     goto err;

  467.   }

  468.   if (!CBS_get_optional_asn1_octet_string(&session, &peer_sha256,

  469.                                           &has_peer_sha256, kPeerSHA256Tag) ||

  470.       !CBS_get_optional_asn1_octet_string(&session, &original_handshake_hash,

  471.                                           NULL, kOriginalHandshakeHashTag)) {

  472.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  473.     goto err;

  474.   }

  475.   if (!d2i_SSL_SESSION_get_octet_string(

  476.           &session, &ret->tlsext_signed_cert_timestamp_list,

  477.           &ret->tlsext_signed_cert_timestamp_list_length,

  478.           kSignedCertTimestampListTag) ||

  479.       !d2i_SSL_SESSION_get_octet_string(

  480.           &session, &ret->ocsp_response, &ret->ocsp_response_length,

  481.           kOCSPResponseTag)) {

  482.     goto err;

  483.   }

  484.   if (!CBS_get_optional_asn1_bool(&session, &extended_master_secret,

  485.                                   kExtendedMasterSecretTag,

  486.                                   0 /* default to false */)) {

  487.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  488.     goto err;

  489.   }

  490.   ret->extended_master_secret = extended_master_secret;

  491. 

  492.   /* Ignore |version|. The structure version number is ignored. */

  493. 

  494.   /* Only support SSLv3/TLS and DTLS. */

  495.   if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&

  496.       (ssl_version >> 8) != (DTLS1_VERSION >> 8)) {

  497.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);

  498.     goto err;

  499.   }

  500.   ret->ssl_version = ssl_version;

  501. 

  502.   if (CBS_len(&cipher) != 2) {

  503.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);

  504.     goto err;

  505.   }

  506.   ret->cipher_id =

  507.       0x03000000L | (CBS_data(&cipher)[0] << 8L) | CBS_data(&cipher)[1];

  508.   ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);

  509.   if (ret->cipher == NULL) {

  510.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER);

  511.     goto err;

  512.   }

  513. 

  514.   if (CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH) {

  515.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  516.     goto err;

  517.   }

  518.   memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));

  519.   ret->session_id_length = CBS_len(&session_id);

  520. 

  521.   if (CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) {

  522.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  523.     goto err;

  524.   }

  525.   memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));

  526.   ret->master_key_length = CBS_len(&master_key);

  527. 

  528.   if (session_time > LONG_MAX ||

  529.       timeout > LONG_MAX) {

  530.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  531.     goto err;

  532.   }

  533.   ret->time = session_time;

  534.   ret->timeout = timeout;

  535. 

  536.   if (ret->peer != NULL) {

  537.     X509_free(ret->peer);

  538.     ret->peer = NULL;

  539.   }

  540.   if (has_peer) {

  541.     const uint8_t *ptr;

  542.     ptr = CBS_data(&peer);

  543.     ret->peer = d2i_X509(NULL, &ptr, CBS_len(&peer));

  544.     if (ret->peer == NULL) {

  545.       goto err;

  546.     }

  547.     if (ptr != CBS_data(&peer) + CBS_len(&peer)) {

  548.       OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  549.       goto err;

  550.     }

  551.   }

  552. 

  553.   if (CBS_len(&sid_ctx) > sizeof(ret->sid_ctx)) {

  554.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  555.     goto err;

  556.   }

  557.   memcpy(ret->sid_ctx, CBS_data(&sid_ctx), CBS_len(&sid_ctx));

  558.   ret->sid_ctx_length = CBS_len(&sid_ctx);

  559. 

  560.   if (verify_result > LONG_MAX ||

  561.       ticket_lifetime_hint > 0xffffffff) {

  562.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  563.     goto err;

  564.   }

  565.   ret->verify_result = verify_result;

  566.   ret->tlsext_tick_lifetime_hint = ticket_lifetime_hint;

  567. 

  568.   if (has_peer_sha256) {

  569.     if (CBS_len(&peer_sha256) != sizeof(ret->peer_sha256)) {

  570.       OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  571.       goto err;

  572.     }

  573.     memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256));

  574.     ret->peer_sha256_valid = 1;

  575.   } else {

  576.     ret->peer_sha256_valid = 0;

  577.   }

  578. 

  579.   if (CBS_len(&original_handshake_hash) >

  580.       sizeof(ret->original_handshake_hash)) {

  581.     OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);

  582.     goto err;

  583.   }

  584.   memcpy(ret->original_handshake_hash, CBS_data(&original_handshake_hash),

  585.          CBS_len(&original_handshake_hash));

  586.   ret->original_handshake_hash_len = CBS_len(&original_handshake_hash);

  587. 

  588.   if (a) {

  589.     *a = ret;

  590.   }

  591.   *pp = CBS_data(&cbs);

  592.   return ret;

  593. 

  594. err:

  595.   if (a && *a != ret) {

  596.     SSL_SESSION_free(ret);

  597.   }

  598.   return NULL;

  599. }