Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 7001a7fce6abe7fa5fc5b9ef52d74851c0db6e24^! / . / ssl / ssl_asn1.c
commit7001a7fce6abe7fa5fc5b9ef52d74851c0db6e24[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Oct 26 00:03:08 2014 -0400
committerAdam Langley <agl@google.com>Mon Oct 27 21:55:26 2014 +0000
tree6c42e138a729d3def3ec9315fbbdf3c3d40ff871
parent3b73c18fca8e5591697e914f0e65ad281d160b27 [diff] [blame]
Don't bother accepting key_arg when parsing SSL_SESSION.

Doing some archeaology, since the initial OpenSSL commit, key_arg has been
omitted from the serialization if key_arg_length was 0. Since this is an
SSLv2-only field and resuming an SSLv2 session with SSLv3+ is not possible,
there is no need to support parsing those sessions.

Interestingly, it is actually not the case that key_arg_length was only ever
set in SSLv2, historically. In the initial commit of OpenSSL, SSLeay 0.8.1b,
key_arg was used to store what appears to be the IV. That was then removed in
the next commit, an import of SSLeay 0.9.0b, at which point key_arg was only
ever set in SSLv3. That is old enough that there is certainly no need to
parse pre-SSLeay-0.9.0b sessions...

Change-Id: Ia768a2d97ddbe60309be20e2efe488640c4776d9
Reviewed-on: https://boringssl-review.googlesource.com/2050
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 53dc996..ee6eee5 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c

@@ -98,8 +98,6 @@
  *     cipher                      OCTET STRING, -- two bytes long
  *     sessionID                   OCTET STRING,
  *     masterKey                   OCTET STRING,
- *     keyArg                  [0] IMPLICIT OCTET STRING OPTIONAL,
- *                                 -- ignored: legacy SSLv2-only field.
  *     time                    [1] INTEGER OPTIONAL, -- seconds since UNIX epoch
  *     timeout                 [2] INTEGER OPTIONAL, -- in seconds
  *     peer                    [3] Certificate OPTIONAL,
@@ -410,8 +408,8 @@
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
   SSL_SESSION *ret = NULL;
   CBS cbs, session, cipher, session_id, master_key;
-  CBS key_arg, peer, sid_ctx, peer_sha256, original_handshake_hash;
-  int has_key_arg, has_peer, has_peer_sha256, extended_master_secret;
+  CBS peer, sid_ctx, peer_sha256, original_handshake_hash;
+  int has_peer, has_peer_sha256, extended_master_secret;
   uint64_t version, ssl_version;
   uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;
 
@@ -431,7 +429,6 @@
       !CBS_get_asn1(&session, &cipher, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||
-      !CBS_get_optional_asn1(&session, &key_arg, &has_key_arg, kKeyArgTag) ||
       !CBS_get_optional_asn1_uint64(&session, &session_time, kTimeTag,
                                     time(NULL)) ||
       !CBS_get_optional_asn1_uint64(&session, &timeout, kTimeoutTag, 3) ||