]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/ssl_asn1.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
d02b48c6 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
d02b48c6 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
d02b48c6 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
d02b48c6 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
d02b48c6 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
d02b48c6 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
ddac1974 NL |
58 | /* ==================================================================== |
59 | * Copyright 2005 Nokia. All rights reserved. | |
60 | * | |
61 | * The portions of the attached software ("Contribution") is developed by | |
62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | |
63 | * license. | |
64 | * | |
65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | |
66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | |
67 | * support (see RFC 4279) to OpenSSL. | |
68 | * | |
69 | * No patent licenses or other rights except those expressly stated in | |
70 | * the OpenSSL open source license shall be deemed granted or received | |
71 | * expressly, by implication, estoppel, or otherwise. | |
72 | * | |
73 | * No assurances are provided by Nokia that the Contribution does not | |
74 | * infringe the patent or other intellectual property rights of any third | |
75 | * party or that the license provides you with all the necessary rights | |
76 | * to make use of the Contribution. | |
77 | * | |
78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | |
79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | |
80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | |
81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | |
82 | * OTHERWISE. | |
83 | */ | |
d02b48c6 RE |
84 | |
85 | #include <stdio.h> | |
86 | #include <stdlib.h> | |
7b63c0fa | 87 | #include "ssl_locl.h" |
cc5b6a03 | 88 | #include <openssl/asn1t.h> |
b1fe6ca1 | 89 | #include <openssl/x509.h> |
d02b48c6 | 90 | |
cc5b6a03 DSH |
91 | typedef struct { |
92 | long version; | |
93 | long ssl_version; | |
94 | ASN1_OCTET_STRING *cipher; | |
95 | ASN1_OCTET_STRING *comp_id; | |
96 | ASN1_OCTET_STRING *master_key; | |
97 | ASN1_OCTET_STRING *session_id; | |
882e8912 | 98 | #ifndef OPENSSL_NO_KRB5 |
cc5b6a03 DSH |
99 | ASN1_OCTET_STRING *krb5_princ; |
100 | #endif | |
101 | ASN1_OCTET_STRING *key_arg; | |
102 | long time; | |
103 | long timeout; | |
104 | X509 *peer; | |
105 | ASN1_OCTET_STRING *session_id_context; | |
106 | long verify_result; | |
ed3883d2 | 107 | #ifndef OPENSSL_NO_TLSEXT |
cc5b6a03 DSH |
108 | ASN1_OCTET_STRING *tlsext_hostname; |
109 | long tlsext_tick_lifetime_hint; | |
110 | ASN1_OCTET_STRING *tlsext_tick; | |
111 | #endif | |
e2010b20 | 112 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
113 | ASN1_OCTET_STRING *psk_identity_hint; |
114 | ASN1_OCTET_STRING *psk_identity; | |
115 | #endif | |
edc032b5 | 116 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
117 | ASN1_OCTET_STRING *srp_username; |
118 | #endif | |
119 | long flags; | |
0f113f3e | 120 | } SSL_SESSION_ASN1; |
d02b48c6 | 121 | |
cc5b6a03 DSH |
122 | ASN1_SEQUENCE(SSL_SESSION_ASN1) = { |
123 | ASN1_SIMPLE(SSL_SESSION_ASN1, version, LONG), | |
124 | ASN1_SIMPLE(SSL_SESSION_ASN1, ssl_version, LONG), | |
125 | ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), | |
126 | ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), | |
127 | ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), | |
128 | #ifndef OPENSSL_NO_KRB5 | |
129 | ASN1_OPT(SSL_SESSION_ASN1, krb5_princ, ASN1_OCTET_STRING), | |
130 | #endif | |
131 | ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), | |
132 | ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1), | |
133 | ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2), | |
134 | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), | |
135 | ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), | |
136 | ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZLONG, 5), | |
137 | #ifndef OPENSSL_NO_TLSEXT | |
138 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), | |
139 | #endif | |
140 | #ifndef OPENSSL_NO_PSK | |
141 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), | |
142 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), | |
143 | #endif | |
144 | #ifndef OPENSSL_NO_TLSEXT | |
145 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZLONG, 9), | |
146 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), | |
147 | #endif | |
148 | ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), | |
149 | #ifndef OPENSSL_NO_SRP | |
150 | ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), | |
151 | #endif | |
152 | ASN1_EXP_OPT(SSL_SESSION_ASN1, flags, ZLONG, 13) | |
153 | } ASN1_SEQUENCE_END(SSL_SESSION_ASN1) | |
154 | ||
155 | IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) | |
156 | ||
157 | /* Utility functions for i2d_SSL_SESSION */ | |
158 | ||
159 | /* Initialise OCTET STRING from buffer and length */ | |
160 | ||
161 | static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
162 | unsigned char *data, size_t len) | |
163 | { | |
164 | os->data = data; | |
165 | os->length = len; | |
166 | os->flags = 0; | |
167 | *dest = os; | |
168 | } | |
169 | ||
170 | /* Initialise OCTET STRING from string */ | |
171 | static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
172 | char *data) | |
173 | { | |
174 | if (data != NULL) | |
175 | ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data)); | |
176 | else | |
177 | *dest = NULL; | |
178 | } | |
179 | ||
6b691a5c | 180 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
0f113f3e | 181 | { |
cc5b6a03 DSH |
182 | |
183 | SSL_SESSION_ASN1 as; | |
184 | ||
185 | ASN1_OCTET_STRING cipher; | |
186 | unsigned char cipher_data[2]; | |
187 | ASN1_OCTET_STRING master_key, session_id, sid_ctx; | |
188 | ||
189 | #ifndef OPENSSL_NO_COMP | |
190 | ASN1_OCTET_STRING comp_id; | |
191 | unsigned char comp_id_data; | |
192 | #endif | |
193 | ||
367eb1f1 | 194 | #ifndef OPENSSL_NO_TLSEXT |
cc5b6a03 | 195 | ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; |
9de014a7 | 196 | #endif |
cc5b6a03 DSH |
197 | |
198 | #ifndef OPENSSL_NO_KRB5 | |
199 | ASN1_OCTET_STRING krb5_princ; | |
edc032b5 | 200 | #endif |
cc5b6a03 | 201 | |
edc032b5 | 202 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
203 | ASN1_OCTET_STRING srp_username; |
204 | #endif | |
205 | ||
206 | #ifndef OPENSSL_NO_PSK | |
207 | ASN1_OCTET_STRING psk_identity, psk_identity_hint; | |
367eb1f1 | 208 | #endif |
cc5b6a03 | 209 | |
0f113f3e | 210 | long l; |
0f113f3e MC |
211 | |
212 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | |
cc5b6a03 DSH |
213 | return 0; |
214 | ||
215 | memset(&as, 0, sizeof(as)); | |
216 | ||
217 | as.version = SSL_SESSION_ASN1_VERSION; | |
218 | as.ssl_version = in->ssl_version; | |
0f113f3e MC |
219 | |
220 | if (in->cipher == NULL) | |
221 | l = in->cipher_id; | |
222 | else | |
223 | l = in->cipher->id; | |
cc5b6a03 DSH |
224 | cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; |
225 | cipher_data[1] = ((unsigned char)(l)) & 0xff; | |
226 | ||
227 | ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); | |
d02b48c6 | 228 | |
9de014a7 | 229 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 230 | if (in->compress_meth) { |
cc5b6a03 DSH |
231 | comp_id_data = (unsigned char)in->compress_meth; |
232 | ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); | |
0f113f3e | 233 | } |
9de014a7 DSH |
234 | #endif |
235 | ||
cc5b6a03 DSH |
236 | ssl_session_oinit(&as.master_key, &master_key, |
237 | in->master_key, in->master_key_length); | |
d02b48c6 | 238 | |
cc5b6a03 DSH |
239 | ssl_session_oinit(&as.session_id, &session_id, |
240 | in->session_id, in->session_id_length); | |
b4cadc6e | 241 | |
cc5b6a03 DSH |
242 | ssl_session_oinit(&as.session_id_context, &sid_ctx, |
243 | in->sid_ctx, in->sid_ctx_length); | |
882e8912 | 244 | #ifndef OPENSSL_NO_KRB5 |
0f113f3e | 245 | if (in->krb5_client_princ_len) { |
cc5b6a03 DSH |
246 | ssl_session_oinit(&as.krb5_princ, &krb5_princ, |
247 | in->krb5_client_princ, in->krb5_client_princ_len); | |
0f113f3e MC |
248 | } |
249 | #endif /* OPENSSL_NO_KRB5 */ | |
250 | ||
cc5b6a03 DSH |
251 | as.time = in->time; |
252 | as.timeout = in->timeout; | |
253 | as.verify_result = in->verify_result; | |
0f113f3e | 254 | |
cc5b6a03 | 255 | as.peer = in->peer; |
0f113f3e | 256 | |
ed3883d2 | 257 | #ifndef OPENSSL_NO_TLSEXT |
cc5b6a03 DSH |
258 | ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, |
259 | in->tlsext_hostname); | |
0f113f3e | 260 | if (in->tlsext_tick) { |
cc5b6a03 DSH |
261 | ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, |
262 | in->tlsext_tick, in->tlsext_ticklen); | |
0f113f3e | 263 | } |
cc5b6a03 DSH |
264 | if (in->tlsext_tick_lifetime_hint > 0) |
265 | as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint; | |
0f113f3e | 266 | #endif /* OPENSSL_NO_TLSEXT */ |
ddac1974 | 267 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
268 | ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, |
269 | in->psk_identity_hint); | |
270 | ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); | |
0f113f3e | 271 | #endif /* OPENSSL_NO_PSK */ |
edc032b5 | 272 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 | 273 | ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); |
0f113f3e MC |
274 | #endif /* OPENSSL_NO_SRP */ |
275 | ||
cc5b6a03 | 276 | as.flags = in->flags; |
6f152a15 | 277 | |
cc5b6a03 | 278 | return i2d_SSL_SESSION_ASN1(&as, pp); |
d02b48c6 | 279 | |
cc5b6a03 | 280 | } |
0f113f3e | 281 | |
cc5b6a03 | 282 | /* Utility functions for d2i_SSL_SESSION */ |
0f113f3e | 283 | |
cc5b6a03 DSH |
284 | /* BUF_strndup an OCTET STRING */ |
285 | ||
286 | static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) | |
287 | { | |
b548a1f1 RS |
288 | OPENSSL_free(*pdst); |
289 | *pdst = NULL; | |
cc5b6a03 DSH |
290 | if (src == NULL) |
291 | return 1; | |
292 | *pdst = BUF_strndup((char *)src->data, src->length); | |
293 | if (*pdst == NULL) | |
294 | return 0; | |
295 | return 1; | |
296 | } | |
297 | ||
298 | /* Copy an OCTET STRING, return error if it exceeds maximum length */ | |
299 | ||
300 | static int ssl_session_memcpy(unsigned char *dst, unsigned int *pdstlen, | |
301 | ASN1_OCTET_STRING *src, int maxlen) | |
302 | { | |
303 | if (src == NULL) { | |
304 | *pdstlen = 0; | |
305 | return 1; | |
306 | } | |
307 | if (src->length > maxlen) | |
308 | return 0; | |
309 | memcpy(dst, src->data, src->length); | |
310 | *pdstlen = src->length; | |
311 | return 1; | |
0f113f3e | 312 | } |
d02b48c6 | 313 | |
41a15c4f | 314 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
0f113f3e MC |
315 | long length) |
316 | { | |
0f113f3e | 317 | long id; |
cc5b6a03 DSH |
318 | unsigned int tmpl; |
319 | const unsigned char *p = *pp; | |
320 | SSL_SESSION_ASN1 *as = NULL; | |
321 | SSL_SESSION *ret = NULL; | |
322 | ||
323 | as = d2i_SSL_SESSION_ASN1(NULL, &p, length); | |
324 | /* ASN.1 code returns suitable error */ | |
325 | if (as == NULL) | |
326 | goto err; | |
0f113f3e | 327 | |
cc5b6a03 DSH |
328 | if (!a || !*a) { |
329 | ret = SSL_SESSION_new(); | |
330 | if (ret == NULL) | |
0f113f3e | 331 | goto err; |
0f113f3e | 332 | } else { |
cc5b6a03 DSH |
333 | ret = *a; |
334 | } | |
335 | ||
336 | if (as->version != SSL_SESSION_ASN1_VERSION) { | |
337 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION); | |
0f113f3e MC |
338 | goto err; |
339 | } | |
340 | ||
cc5b6a03 DSH |
341 | if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR |
342 | && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR | |
343 | && as->ssl_version != DTLS1_BAD_VER) { | |
344 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); | |
345 | goto err; | |
346 | } | |
0f113f3e | 347 | |
cc5b6a03 | 348 | ret->ssl_version = (int)as->ssl_version; |
0f113f3e | 349 | |
cc5b6a03 DSH |
350 | if (as->cipher->length != 2) { |
351 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH); | |
352 | goto err; | |
353 | } | |
0f113f3e | 354 | |
cc5b6a03 DSH |
355 | p = as->cipher->data; |
356 | id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; | |
0f113f3e | 357 | |
cc5b6a03 DSH |
358 | ret->cipher = NULL; |
359 | ret->cipher_id = id; | |
0f113f3e | 360 | |
cc5b6a03 DSH |
361 | if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, |
362 | as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) | |
363 | goto err; | |
364 | ||
365 | if (!ssl_session_memcpy(ret->master_key, &tmpl, | |
366 | as->master_key, SSL_MAX_MASTER_KEY_LENGTH)) | |
367 | goto err; | |
368 | ||
369 | ret->master_key_length = tmpl; | |
98fa4fe8 DSH |
370 | |
371 | #ifndef OPENSSL_NO_KRB5 | |
cc5b6a03 DSH |
372 | if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len, |
373 | as->krb5_princ, SSL_MAX_PRINCIPAL_LENGTH)) | |
374 | goto err; | |
0f113f3e MC |
375 | #endif /* OPENSSL_NO_KRB5 */ |
376 | ||
cc5b6a03 DSH |
377 | if (as->time != 0) |
378 | ret->time = as->time; | |
379 | else | |
0f113f3e MC |
380 | ret->time = (unsigned long)time(NULL); |
381 | ||
cc5b6a03 DSH |
382 | if (as->timeout != 0) |
383 | ret->timeout = as->timeout; | |
384 | else | |
0f113f3e MC |
385 | ret->timeout = 3; |
386 | ||
cc5b6a03 DSH |
387 | X509_free(ret->peer); |
388 | ret->peer = as->peer; | |
389 | as->peer = NULL; | |
0f113f3e | 390 | |
cc5b6a03 DSH |
391 | if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, |
392 | as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) | |
393 | goto err; | |
0f113f3e | 394 | |
cc5b6a03 DSH |
395 | /* NB: this defaults to zero which is X509_V_OK */ |
396 | ret->verify_result = as->verify_result; | |
b1fe6ca1 | 397 | |
ed3883d2 | 398 | #ifndef OPENSSL_NO_TLSEXT |
cc5b6a03 DSH |
399 | if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname)) |
400 | goto err; | |
0f113f3e | 401 | #endif /* OPENSSL_NO_TLSEXT */ |
ed3883d2 | 402 | |
ddac1974 | 403 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
404 | if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) |
405 | goto err; | |
406 | if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) | |
407 | goto err; | |
408 | #endif | |
ddac1974 | 409 | |
6434abbf | 410 | #ifndef OPENSSL_NO_TLSEXT |
cc5b6a03 DSH |
411 | ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint; |
412 | if (as->tlsext_tick) { | |
413 | ret->tlsext_tick = as->tlsext_tick->data; | |
414 | ret->tlsext_ticklen = as->tlsext_tick->length; | |
415 | as->tlsext_tick->data = NULL; | |
416 | } else { | |
0f113f3e | 417 | ret->tlsext_tick = NULL; |
cc5b6a03 | 418 | } |
0f113f3e | 419 | #endif /* OPENSSL_NO_TLSEXT */ |
9de014a7 | 420 | #ifndef OPENSSL_NO_COMP |
cc5b6a03 DSH |
421 | if (as->comp_id) { |
422 | if (as->comp_id->length != 1) { | |
423 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH); | |
424 | goto err; | |
425 | } | |
426 | ret->compress_meth = as->comp_id->data[0]; | |
427 | } else { | |
428 | ret->compress_meth = 0; | |
0f113f3e | 429 | } |
9de014a7 | 430 | #endif |
ddac1974 | 431 | |
edc032b5 | 432 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
433 | if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) |
434 | goto err; | |
0f113f3e | 435 | #endif /* OPENSSL_NO_SRP */ |
cc5b6a03 DSH |
436 | /* Flags defaults to zero which is fine */ |
437 | ret->flags = as->flags; | |
438 | ||
439 | M_ASN1_free_of(as, SSL_SESSION_ASN1); | |
440 | ||
441 | if ((a != NULL) && (*a == NULL)) | |
442 | *a = ret; | |
443 | *pp = p; | |
444 | return ret; | |
445 | ||
446 | err: | |
447 | M_ASN1_free_of(as, SSL_SESSION_ASN1); | |
448 | if ((a == NULL) || (*a != ret)) | |
449 | SSL_SESSION_free(ret); | |
450 | return NULL; | |
0f113f3e | 451 | } |