Reimplement d2i_SSL_SESSION with CBS.
Do away with all those unreadable macros. Also fix many many memory leaks in
the SSL_SESSION reuse case. Add a number of helper functions in CBS to help
with parsing optional fields.
Change-Id: I2ce8fd0d5b060a1b56e7f99f7780997fabc5ce41
Reviewed-on: https://boringssl-review.googlesource.com/1998
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bytestring/bytestring_test.c b/crypto/bytestring/bytestring_test.c
index 43c99dc..28dfd3a 100644
--- a/crypto/bytestring/bytestring_test.c
+++ b/crypto/bytestring/bytestring_test.c
@@ -105,8 +105,14 @@
static const uint8_t kData3[] = {0x30, 0x80};
static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
static const uint8_t kData5[] = {0x30, 0x82, 0, 1, 1};
+ static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1};
+ static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1};
+ static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1};
+ static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff};
CBS data, contents;
+ int present;
+ uint64_t value;
CBS_init(&data, kData1, sizeof(kData1));
if (CBS_peek_asn1_tag(&data, 0x1) ||
@@ -150,10 +156,69 @@
}
CBS_init(&data, NULL, 0);
+ /* peek at empty data. */
if (CBS_peek_asn1_tag(&data, 0x30)) {
return 0;
}
+ CBS_init(&data, NULL, 0);
+ /* optional elements at empty data. */
+ if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) ||
+ present ||
+ !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) ||
+ present ||
+ CBS_len(&contents) != 0 ||
+ !CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0) ||
+ CBS_len(&contents) != 0 ||
+ !CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) ||
+ value != 42) {
+ return 0;
+ }
+
+ CBS_init(&data, kData6, sizeof(kData6));
+ /* optional element. */
+ if (!CBS_get_optional_asn1(&data, &contents, &present, 0xa0) ||
+ present ||
+ !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) ||
+ !present ||
+ CBS_len(&contents) != 3 ||
+ memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) {
+ return 0;
+ }
+
+ CBS_init(&data, kData6, sizeof(kData6));
+ /* optional octet string. */
+ if (!CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa0) ||
+ present ||
+ CBS_len(&contents) != 0 ||
+ !CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1) ||
+ !present ||
+ CBS_len(&contents) != 1 ||
+ CBS_data(&contents)[0] != 1) {
+ return 0;
+ }
+
+ CBS_init(&data, kData7, sizeof(kData7));
+ /* invalid optional octet string. */
+ if (CBS_get_optional_asn1_octet_string(&data, &contents, &present, 0xa1)) {
+ return 0;
+ }
+
+ CBS_init(&data, kData8, sizeof(kData8));
+ /* optional octet string. */
+ if (!CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42) ||
+ value != 42 ||
+ !CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42) ||
+ value != 1) {
+ return 0;
+ }
+
+ CBS_init(&data, kData9, sizeof(kData9));
+ /* invalid optional integer. */
+ if (CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42)) {
+ return 0;
+ }
+
return 1;
}
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 1d1da88..ae66120 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -305,3 +305,54 @@
return 1;
}
+
+int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) {
+ if (CBS_peek_asn1_tag(cbs, tag)) {
+ if (!CBS_get_asn1(cbs, out, tag)) {
+ return 0;
+ }
+ *out_present = 1;
+ } else {
+ *out_present = 0;
+ }
+ return 1;
+}
+
+int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
+ unsigned tag) {
+ CBS child;
+ int present;
+ if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
+ return 0;
+ }
+ if (present) {
+ if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
+ CBS_len(&child) != 0) {
+ return 0;
+ }
+ } else {
+ CBS_init(out, NULL, 0);
+ }
+ if (out_present) {
+ *out_present = present;
+ }
+ return 1;
+}
+
+int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned tag,
+ uint64_t default_value) {
+ CBS child;
+ int present;
+ if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
+ return 0;
+ }
+ if (present) {
+ if (!CBS_get_asn1_uint64(&child, out) ||
+ CBS_len(&child) != 0) {
+ return 0;
+ }
+ } else {
+ *out = default_value;
+ }
+ return 1;
+}
diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h
index daab7fc..9d2b4a9 100644
--- a/include/openssl/bytestring.h
+++ b/include/openssl/bytestring.h
@@ -166,6 +166,33 @@
* in 64 bits. */
OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
+/* CBS_get_optional_asn1 gets an optional explicitly-tagged element
+ * from |cbs| tagged with |tag| and sets |*out| to its contents. If
+ * present, it sets |*out_present| to one, otherwise zero. It returns
+ * one on success, whether or not the element was present, and zero on
+ * decode failure. */
+OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
+ unsigned tag);
+
+/* CBS_get_optional_asn1_octet_string gets an optional
+ * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
+ * |*out| to the string and |*out_present| to one. Otherwise, it sets
+ * |*out| to empty and |*out_present| to zero. |out_present| may be
+ * NULL. It returns one on success, whether or not the element was
+ * present, and zero on decode failure. */
+OPENSSL_EXPORT int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out,
+ int *out_present,
+ unsigned tag);
+
+/* CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
+ * INTEGER from |cbs|. If present, it sets |*out| to the
+ * value. Otherwise, it sets |*out| to |default_value|. It returns one
+ * on success, whether or not the element was present, and zero on
+ * decode failure. */
+OPENSSL_EXPORT int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out,
+ unsigned tag,
+ uint64_t default_value);
+
/* CRYPTO ByteBuilder.
*
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index f2684f8..f9db5f1 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -359,34 +359,8 @@
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- * version INTEGER, -- structure version number
- * SSLversion INTEGER, -- SSL version number
- * Cipher OCTET STRING, -- the 3 byte cipher ID
- * Session_ID OCTET STRING, -- the Session ID
- * Master_key OCTET STRING, -- the master key
- * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
- * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
- * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
- * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
- * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
- * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- * Peer SHA256 [13] EXPLICIT OCTET STRING, -- optional SHA256 hash of Peer certifiate
- * original handshake hash [14] EXPLICIT OCTET STRING, -- optional original handshake hash
- * tlsext_signed_cert_timestamp_list [15] EXPLICIT OCTET STRING, -- optional signed cert timestamp list extension
- * ocsp_response [16] EXPLICIT OCTET STRING, -- optional saved OCSP response from the server
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
+/* An SSL_SESSION represents an SSL session that may be resumed in an
+ * abbreviated handshake. */
struct ssl_session_st
{
int ssl_version; /* what ssl version session info is
@@ -2459,6 +2433,7 @@
#define SSL_F_ssl3_cert_verify_hash 284
#define SSL_F_ssl_ctx_log_rsa_client_key_exchange 285
#define SSL_F_ssl_ctx_log_master_secret 286
+#define SSL_F_d2i_SSL_SESSION 287
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
#define SSL_R_INVALID_NULL_CMD_NAME 102
@@ -2772,6 +2747,7 @@
#define SSL_R_UNPROCESSED_HANDSHAKE_DATA 440
#define SSL_R_HANDSHAKE_RECORD_BEFORE_CCS 441
#define SSL_R_SESSION_MAY_NOT_BE_CREATED 442
+#define SSL_R_INVALID_SSL_SESSION 443
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 5e86017..08eb251 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -81,23 +81,80 @@
* OTHERWISE. */
#include <assert.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
+#include <openssl/bytestring.h>
#include <openssl/err.h>
-#include <openssl/mem.h>
-#include <openssl/obj.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
-OPENSSL_DECLARE_ERROR_REASON(SSL, CIPHER_CODE_WRONG_LENGTH);
-OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_SSL_VERSION);
-OPENSSL_DECLARE_ERROR_REASON(SSL, BAD_LENGTH);
-OPENSSL_DECLARE_ERROR_FUNCTION(SSL, D2I_SSL_SESSION);
+/* An SSL_SESSION is serialized as the following ASN.1 structure:
+ *
+ * SSLSession ::= SEQUENCE {
+ * version INTEGER (1), -- ignored
+ * sslVersion INTEGER, -- protocol version number
+ * cipher OCTET STRING, -- two bytes long
+ * sessionID OCTET STRING,
+ * masterKey OCTET STRING,
+ * keyArg [0] IMPLICIT OCTET STRING OPTIONAL,
+ * -- ignored: legacy SSLv2-only field.
+ * time [1] INTEGER OPTIONAL, -- seconds since UNIX epoch
+ * timeout [2] INTEGER OPTIONAL, -- in seconds
+ * peer [3] Certificate OPTIONAL,
+ * sessionIDContext [4] OCTET STRING OPTIONAL,
+ * verifyResult [5] INTEGER OPTIONAL, -- one of X509_V_* codes
+ * hostName [6] OCTET STRING OPTIONAL,
+ * -- from server_name extension
+ * pskIdentityHint [7] OCTET STRING OPTIONAL,
+ * pskIdentity [8] OCTET STRING OPTIONAL,
+ * ticketLifetimeHint [9] INTEGER OPTIONAL, -- client-only
+ * ticket [10] OCTET STRING OPTIONAL, -- client-only
+ * peerSHA256 [13] OCTET STRING OPTIONAL,
+ * originalHandshakeHash [14] OCTET STRING OPTIONAL,
+ * signedCertTimestampList [15] OCTET STRING OPTIONAL,
+ * -- contents of SCT extension
+ * ocspResponse [16] OCTET STRING OPTIONAL,
+ * -- stapled OCSP response from the server
+ * }
+ *
+ * Note: When the relevant features were #ifdef'd out, support for
+ * parsing compressionMethod [11] and srpUsername [12] was lost. */
+
+static const int kKeyArgTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
+static const int kTimeTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
+static const int kTimeoutTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
+static const int kPeerTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3;
+static const int kSessionIDContextTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 4;
+static const int kVerifyResultTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 5;
+static const int kHostNameTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 6;
+static const int kPSKIdentityHintTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 7;
+static const int kPSKIdentityTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 8;
+static const int kTicketLifetimeHintTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 9;
+static const int kTicketTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 10;
+static const int kPeerSHA256Tag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 13;
+static const int kOriginalHandshakeHashTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 14;
+static const int kSignedCertTimestampListTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 15;
+static const int kOCSPResponseTag =
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 16;
typedef struct ssl_session_asn1_st
{
@@ -347,271 +404,230 @@
M_ASN1_I2D_finish();
}
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- long length)
- {
- int ssl_version=0,i;
- long id;
- ASN1_INTEGER ai,*aip;
- ASN1_OCTET_STRING os,*osp;
- M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
+/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
+ * explicitly tagged with |tag| from |cbs| and saves it in |*out|. On
+ * entry, if |*out| is not NULL, it frees the existing contents. If
+ * the element was not found, it sets |*out| to NULL. It returns one
+ * on success, whether or not the element was found, and zero on
+ * decode error. */
+static int d2i_SSL_SESSION_get_string(CBS *cbs, char **out, unsigned tag) {
+ CBS value;
+ int present;
+ if (!CBS_get_optional_asn1_octet_string(cbs, &value, &present, tag)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ return 0;
+ }
+ if (present) {
+ if (CBS_contains_zero_byte(&value)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ return 0;
+ }
+ if (!CBS_strdup(&value, out)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else if (*out) {
+ OPENSSL_free(*out);
+ *out = NULL;
+ }
+ return 1;
+}
- aip= &ai;
- osp= &os;
+/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
+ * explicitly tagged with |tag| from |cbs| and stows it in |*out_ptr|
+ * and |*out_len|. If |*out_ptr| is not NULL, it frees the existing
+ * contents. On entry, if the element was not found, it sets
+ * |*out_ptr| to NULL. It returns one on success, whether or not the
+ * element was found, and zero on decode error. */
+static int d2i_SSL_SESSION_get_octet_string(CBS *cbs, uint8_t **out_ptr,
+ size_t *out_len, unsigned tag) {
+ CBS value;
+ if (!CBS_get_optional_asn1_octet_string(cbs, &value, NULL, tag)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ return 0;
+ }
+ if (!CBS_stow(&value, out_ptr, out_len)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
+ SSL_SESSION *ret = NULL;
+ CBS cbs, session, cipher, session_id, master_key;
+ CBS key_arg, peer, sid_ctx, peer_sha256, original_handshake_hash;
+ int has_key_arg, has_peer, has_peer_sha256;
+ uint64_t version, ssl_version;
+ uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;
- ai.data=NULL; ai.length=0;
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
+ if (a && *a) {
+ ret = *a;
+ } else {
+ ret = SSL_SESSION_new();
+ if (ret == NULL) {
+ goto err;
+ }
+ }
- /* we don't care about the version right now :-) */
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- ssl_version=(int)ASN1_INTEGER_get(aip);
- ret->ssl_version=ssl_version;
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
+ CBS_init(&cbs, *pp, length);
+ if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE) ||
+ !CBS_get_asn1_uint64(&session, &version) ||
+ !CBS_get_asn1_uint64(&session, &ssl_version) ||
+ !CBS_get_asn1(&session, &cipher, CBS_ASN1_OCTETSTRING) ||
+ !CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
+ !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||
+ !CBS_get_optional_asn1(&session, &key_arg, &has_key_arg, kKeyArgTag) ||
+ !CBS_get_optional_asn1_uint64(&session, &session_time, kTimeTag,
+ time(NULL)) ||
+ !CBS_get_optional_asn1_uint64(&session, &timeout, kTimeoutTag, 3) ||
+ !CBS_get_optional_asn1(&session, &peer, &has_peer, kPeerTag) ||
+ !CBS_get_optional_asn1_octet_string(&session, &sid_ctx, NULL,
+ kSessionIDContextTag) ||
+ !CBS_get_optional_asn1_uint64(&session, &verify_result, kVerifyResultTag,
+ X509_V_OK)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ if (!d2i_SSL_SESSION_get_string(&session, &ret->tlsext_hostname,
+ kHostNameTag) ||
+ !d2i_SSL_SESSION_get_string(&session, &ret->psk_identity_hint,
+ kPSKIdentityHintTag) ||
+ !d2i_SSL_SESSION_get_string(&session, &ret->psk_identity,
+ kPSKIdentityTag)) {
+ goto err;
+ }
+ if (!CBS_get_optional_asn1_uint64(&session, &ticket_lifetime_hint,
+ kTicketLifetimeHintTag, 0)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ if (!d2i_SSL_SESSION_get_octet_string(&session, &ret->tlsext_tick,
+ &ret->tlsext_ticklen, kTicketTag)) {
+ goto err;
+ }
+ if (!CBS_get_optional_asn1_octet_string(&session, &peer_sha256,
+ &has_peer_sha256, kPeerSHA256Tag) ||
+ !CBS_get_optional_asn1_octet_string(&session, &original_handshake_hash,
+ NULL, kOriginalHandshakeHashTag)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ if (!d2i_SSL_SESSION_get_octet_string(
+ &session, &ret->tlsext_signed_cert_timestamp_list,
+ &ret->tlsext_signed_cert_timestamp_list_length,
+ kSignedCertTimestampListTag) ||
+ !d2i_SSL_SESSION_get_octet_string(
+ &session, &ret->ocsp_response, &ret->ocsp_response_length,
+ kOCSPResponseTag)) {
+ goto err;
+ }
- os.data=NULL; os.length=0;
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (ssl_version == SSL2_VERSION)
- {
- if (os.length != 3)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- c.line=__LINE__;
- goto err;
- }
- id=0x02000000L|
- ((unsigned long)os.data[0]<<16L)|
- ((unsigned long)os.data[1]<< 8L)|
- (unsigned long)os.data[2];
- }
- else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
- {
- if (os.length != 2)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- c.line=__LINE__;
- goto err;
- }
- id=0x03000000L|
- ((unsigned long)os.data[0]<<8L)|
- (unsigned long)os.data[1];
- }
- else
- {
- c.error=SSL_R_UNKNOWN_SSL_VERSION;
- c.line=__LINE__;
- goto err;
- }
-
- ret->cipher_id=id;
- ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
- if (ret->cipher == NULL)
- {
- c.error=SSL_R_UNSUPPORTED_CIPHER;
- c.line = __LINE__;
- goto err;
- }
+ /* Ignore |version|. The structure version number is ignored. */
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
- i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
- else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
- i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+ /* Only support SSLv3/TLS and DTLS. */
+ if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&
+ (ssl_version >> 8) != (DTLS1_VERSION >> 8)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
+ goto err;
+ }
+ ret->ssl_version = ssl_version;
- if (os.length > i)
- os.length = i;
- if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
- os.length = sizeof(ret->session_id);
+ if (CBS_len(&cipher) != 2) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
+ goto err;
+ }
+ ret->cipher_id =
+ 0x03000000L | (CBS_data(&cipher)[0] << 8L) | CBS_data(&cipher)[1];
+ ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
+ if (ret->cipher == NULL) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER);
+ goto err;
+ }
- ret->session_id_length=os.length;
- assert(os.length <= (int)sizeof(ret->session_id));
- memcpy(ret->session_id,os.data,os.length);
+ if (CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
+ ret->session_id_length = CBS_len(&session_id);
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
- ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
- else
- ret->master_key_length=os.length;
- memcpy(ret->master_key,os.data,ret->master_key_length);
+ if (CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
+ ret->master_key_length = CBS_len(&master_key);
- os.length=0;
+ if (session_time > LONG_MAX ||
+ timeout > LONG_MAX) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ ret->time = session_time;
+ ret->timeout = timeout;
- /* [0] is the tag for key_arg, a no longer used remnant of
- * SSLv2. */
- M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
- if (os.data != NULL) OPENSSL_free(os.data);
+ if (ret->peer != NULL) {
+ X509_free(ret->peer);
+ ret->peer = NULL;
+ }
+ if (has_peer) {
+ const uint8_t *ptr;
+ ptr = CBS_data(&peer);
+ ret->peer = d2i_X509(NULL, &ptr, CBS_len(&peer));
+ if (ret->peer == NULL) {
+ goto err;
+ }
+ if (ptr != CBS_data(&peer) + CBS_len(&peer)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ }
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
- if (ai.data != NULL)
- {
- ret->time=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->time=(unsigned long)time(NULL);
+ if (CBS_len(&sid_ctx) > sizeof(ret->sid_ctx)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ memcpy(ret->sid_ctx, CBS_data(&sid_ctx), CBS_len(&sid_ctx));
+ ret->sid_ctx_length = CBS_len(&sid_ctx);
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
- if (ai.data != NULL)
- {
- ret->timeout=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->timeout=3;
+ if (verify_result > LONG_MAX ||
+ ticket_lifetime_hint > 0xffffffff) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ ret->verify_result = verify_result;
+ ret->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
- if (ret->peer != NULL)
- {
- X509_free(ret->peer);
- ret->peer=NULL;
- }
- M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
+ if (has_peer_sha256) {
+ if (CBS_len(&peer_sha256) != sizeof(ret->peer_sha256)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256));
+ ret->peer_sha256_valid = 1;
+ } else {
+ ret->peer_sha256_valid = 0;
+ }
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+ if (CBS_len(&original_handshake_hash) >
+ sizeof(ret->original_handshake_hash)) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
+ memcpy(ret->original_handshake_hash, CBS_data(&original_handshake_hash),
+ CBS_len(&original_handshake_hash));
+ ret->original_handshake_hash_len = CBS_len(&original_handshake_hash);
- if(os.data != NULL)
- {
- if (os.length > SSL_MAX_SID_CTX_LENGTH)
- {
- c.error=SSL_R_BAD_LENGTH;
- c.line=__LINE__;
- goto err;
- }
- else
- {
- ret->sid_ctx_length=os.length;
- memcpy(ret->sid_ctx,os.data,os.length);
- }
- OPENSSL_free(os.data); os.data=NULL; os.length=0;
- }
- else
- ret->sid_ctx_length=0;
+ if (a) {
+ *a = ret;
+ }
+ *pp = CBS_data(&cbs);
+ return ret;
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
- if (ai.data != NULL)
- {
- ret->verify_result=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->verify_result=X509_V_OK;
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
- if (os.data)
- {
- ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->tlsext_hostname=NULL;
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
- if (os.data)
- {
- ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->psk_identity_hint=NULL;
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
- if (os.data)
- {
- ret->psk_identity = BUF_strndup((char *)os.data, os.length);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->psk_identity=NULL;
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
- if (ai.data != NULL)
- {
- ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else if (ret->tlsext_ticklen && ret->session_id_length)
- ret->tlsext_tick_lifetime_hint = -1;
- else
- ret->tlsext_tick_lifetime_hint=0;
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
- if (os.data)
- {
- ret->tlsext_tick = os.data;
- ret->tlsext_ticklen = os.length;
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->tlsext_tick=NULL;
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,13);
- if (os.data && os.length == sizeof(ret->peer_sha256))
- {
- memcpy(ret->peer_sha256, os.data, sizeof(ret->peer_sha256));
- ret->peer_sha256_valid = 1;
- OPENSSL_free(os.data);
- os.data = NULL;
- }
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
- if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
- {
- memcpy(ret->original_handshake_hash, os.data, os.length);
- ret->original_handshake_hash_len = os.length;
- OPENSSL_free(os.data);
- os.data = NULL;
- }
-
- os.length = 0;
- os.data = NULL;
- M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 15);
- if (os.data)
- {
- if (ret->tlsext_signed_cert_timestamp_list)
- OPENSSL_free(ret->tlsext_signed_cert_timestamp_list);
- ret->tlsext_signed_cert_timestamp_list = os.data;
- ret->tlsext_signed_cert_timestamp_list_length = os.length;
- os.data = NULL;
- }
-
- os.length = 0;
- os.data = NULL;
- M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 16);
- if (os.data)
- {
- if (ret->ocsp_response)
- OPENSSL_free(ret->ocsp_response);
- ret->ocsp_response = os.data;
- ret->ocsp_response_length = os.length;
- os.data = NULL;
- }
-
-
- M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
- }
+err:
+ if (a && *a != ret) {
+ SSL_SESSION_free(ret);
+ }
+ return NULL;
+}
diff --git a/ssl/ssl_error.c b/ssl/ssl_error.c
index 0ba125b..c0dac58 100644
--- a/ssl/ssl_error.c
+++ b/ssl/ssl_error.c
@@ -70,6 +70,7 @@
{ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_write, 0), "SSL_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_authz_find_data, 0), "authz_find_data"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_check_suiteb_cipher_list, 0), "check_suiteb_cipher_list"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_d2i_SSL_SESSION, 0), "d2i_SSL_SESSION"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_do_dtls1_write, 0), "do_dtls1_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_do_ssl3_write, 0), "do_ssl3_write"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_dtls1_accept, 0), "dtls1_accept"},
@@ -320,6 +321,7 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_PURPOSE), "INVALID_PURPOSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), "INVALID_SERVERINFO_DATA"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME), "INVALID_SRP_USERNAME"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SSL_SESSION), "INVALID_SSL_SESSION"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE), "INVALID_STATUS_RESPONSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), "INVALID_TICKET_KEYS_LENGTH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TRUST), "INVALID_TRUST"},