]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
3c95ef22 | 2 | * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. |
c80149d9 | 3 | * Copyright 2005 Nokia. All rights reserved. |
d02b48c6 | 4 | * |
2c18d164 | 5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
d02b48c6 | 9 | */ |
846e33c7 | 10 | |
d02b48c6 RE |
11 | #include <stdio.h> |
12 | #include <stdlib.h> | |
706457b7 | 13 | #include "ssl_local.h" |
64f11ee8 | 14 | #include <openssl/asn1t.h> |
3c95ef22 | 15 | #include <openssl/encoder.h> |
b1fe6ca1 | 16 | #include <openssl/x509.h> |
d02b48c6 | 17 | |
cc5b6a03 | 18 | typedef struct { |
66ecfb54 RL |
19 | uint32_t version; |
20 | int32_t ssl_version; | |
cc5b6a03 DSH |
21 | ASN1_OCTET_STRING *cipher; |
22 | ASN1_OCTET_STRING *comp_id; | |
23 | ASN1_OCTET_STRING *master_key; | |
24 | ASN1_OCTET_STRING *session_id; | |
cc5b6a03 | 25 | ASN1_OCTET_STRING *key_arg; |
66ecfb54 RL |
26 | int64_t time; |
27 | int64_t timeout; | |
cc5b6a03 DSH |
28 | X509 *peer; |
29 | ASN1_OCTET_STRING *session_id_context; | |
66ecfb54 | 30 | int32_t verify_result; |
cc5b6a03 | 31 | ASN1_OCTET_STRING *tlsext_hostname; |
66ecfb54 RL |
32 | uint64_t tlsext_tick_lifetime_hint; |
33 | uint32_t tlsext_tick_age_add; | |
cc5b6a03 | 34 | ASN1_OCTET_STRING *tlsext_tick; |
e2010b20 | 35 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
36 | ASN1_OCTET_STRING *psk_identity_hint; |
37 | ASN1_OCTET_STRING *psk_identity; | |
38 | #endif | |
edc032b5 | 39 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
40 | ASN1_OCTET_STRING *srp_username; |
41 | #endif | |
66ecfb54 | 42 | uint64_t flags; |
5d5b3fba | 43 | uint32_t max_early_data; |
f6370040 | 44 | ASN1_OCTET_STRING *alpn_selected; |
cf72c757 | 45 | uint32_t tlsext_max_fragment_len_mode; |
df0fed9a | 46 | ASN1_OCTET_STRING *ticket_appdata; |
aa6bd216 | 47 | uint32_t kex_group; |
3c95ef22 | 48 | ASN1_OCTET_STRING *peer_rpk; |
0f113f3e | 49 | } SSL_SESSION_ASN1; |
d02b48c6 | 50 | |
cc5b6a03 | 51 | ASN1_SEQUENCE(SSL_SESSION_ASN1) = { |
9612e157 RL |
52 | ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32), |
53 | ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32), | |
cc5b6a03 DSH |
54 | ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), |
55 | ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), | |
56 | ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), | |
cc5b6a03 | 57 | ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), |
9612e157 RL |
58 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1), |
59 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2), | |
cc5b6a03 DSH |
60 | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), |
61 | ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), | |
9612e157 | 62 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5), |
cc5b6a03 | 63 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), |
cc5b6a03 DSH |
64 | #ifndef OPENSSL_NO_PSK |
65 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), | |
66 | ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), | |
67 | #endif | |
9612e157 | 68 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9), |
cc5b6a03 | 69 | ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), |
cc5b6a03 DSH |
70 | ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), |
71 | #ifndef OPENSSL_NO_SRP | |
72 | ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), | |
73 | #endif | |
9612e157 RL |
74 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13), |
75 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), | |
76 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), | |
9b6a8254 | 77 | ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), |
6cf2dbd9 | 78 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), |
aa6bd216 | 79 | ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18), |
3c95ef22 TS |
80 | ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19), |
81 | ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_rpk, ASN1_OCTET_STRING, 20) | |
df2ee0e2 | 82 | } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) |
cc5b6a03 DSH |
83 | |
84 | IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) | |
85 | ||
86 | /* Utility functions for i2d_SSL_SESSION */ | |
87 | ||
88 | /* Initialise OCTET STRING from buffer and length */ | |
89 | ||
90 | static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
9fdcc21f | 91 | const unsigned char *data, size_t len) |
cc5b6a03 | 92 | { |
9fdcc21f | 93 | os->data = (unsigned char *)data; /* justified cast: data is not modified */ |
348240c6 | 94 | os->length = (int)len; |
cc5b6a03 DSH |
95 | os->flags = 0; |
96 | *dest = os; | |
97 | } | |
98 | ||
99 | /* Initialise OCTET STRING from string */ | |
100 | static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os, | |
9fdcc21f | 101 | const char *data) |
cc5b6a03 DSH |
102 | { |
103 | if (data != NULL) | |
9fdcc21f | 104 | ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data)); |
cc5b6a03 DSH |
105 | else |
106 | *dest = NULL; | |
107 | } | |
108 | ||
9fdcc21f | 109 | int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) |
0f113f3e | 110 | { |
cc5b6a03 DSH |
111 | |
112 | SSL_SESSION_ASN1 as; | |
113 | ||
114 | ASN1_OCTET_STRING cipher; | |
115 | unsigned char cipher_data[2]; | |
116 | ASN1_OCTET_STRING master_key, session_id, sid_ctx; | |
117 | ||
118 | #ifndef OPENSSL_NO_COMP | |
119 | ASN1_OCTET_STRING comp_id; | |
120 | unsigned char comp_id_data; | |
121 | #endif | |
cc5b6a03 | 122 | ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; |
edc032b5 | 123 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
124 | ASN1_OCTET_STRING srp_username; |
125 | #endif | |
cc5b6a03 DSH |
126 | #ifndef OPENSSL_NO_PSK |
127 | ASN1_OCTET_STRING psk_identity, psk_identity_hint; | |
367eb1f1 | 128 | #endif |
f6370040 | 129 | ASN1_OCTET_STRING alpn_selected; |
df0fed9a | 130 | ASN1_OCTET_STRING ticket_appdata; |
3c95ef22 | 131 | ASN1_OCTET_STRING peer_rpk; |
cc5b6a03 | 132 | |
0f113f3e | 133 | long l; |
3c95ef22 | 134 | int ret; |
0f113f3e MC |
135 | |
136 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | |
cc5b6a03 DSH |
137 | return 0; |
138 | ||
139 | memset(&as, 0, sizeof(as)); | |
140 | ||
141 | as.version = SSL_SESSION_ASN1_VERSION; | |
142 | as.ssl_version = in->ssl_version; | |
0f113f3e | 143 | |
aa6bd216 BK |
144 | as.kex_group = in->kex_group; |
145 | ||
0f113f3e MC |
146 | if (in->cipher == NULL) |
147 | l = in->cipher_id; | |
148 | else | |
149 | l = in->cipher->id; | |
cc5b6a03 DSH |
150 | cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff; |
151 | cipher_data[1] = ((unsigned char)(l)) & 0xff; | |
152 | ||
153 | ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2); | |
d02b48c6 | 154 | |
9de014a7 | 155 | #ifndef OPENSSL_NO_COMP |
0f113f3e | 156 | if (in->compress_meth) { |
cc5b6a03 DSH |
157 | comp_id_data = (unsigned char)in->compress_meth; |
158 | ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1); | |
0f113f3e | 159 | } |
9de014a7 DSH |
160 | #endif |
161 | ||
cc5b6a03 DSH |
162 | ssl_session_oinit(&as.master_key, &master_key, |
163 | in->master_key, in->master_key_length); | |
d02b48c6 | 164 | |
cc5b6a03 DSH |
165 | ssl_session_oinit(&as.session_id, &session_id, |
166 | in->session_id, in->session_id_length); | |
b4cadc6e | 167 | |
cc5b6a03 DSH |
168 | ssl_session_oinit(&as.session_id_context, &sid_ctx, |
169 | in->sid_ctx, in->sid_ctx_length); | |
0f113f3e | 170 | |
f0131dc0 P |
171 | as.time = (int64_t)ossl_time_to_time_t(in->time); |
172 | as.timeout = (int64_t)ossl_time2seconds(in->timeout); | |
cc5b6a03 | 173 | as.verify_result = in->verify_result; |
0f113f3e | 174 | |
cc5b6a03 | 175 | as.peer = in->peer; |
0f113f3e | 176 | |
3c95ef22 TS |
177 | as.peer_rpk = NULL; |
178 | peer_rpk.data = NULL; | |
179 | if (in->peer_rpk != NULL) { | |
180 | peer_rpk.length = i2d_PUBKEY(in->peer_rpk, &peer_rpk.data); | |
181 | if (peer_rpk.length > 0 && peer_rpk.data != NULL) | |
182 | as.peer_rpk = &peer_rpk; | |
183 | } | |
184 | ||
cc5b6a03 | 185 | ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, |
aff8c126 RS |
186 | in->ext.hostname); |
187 | if (in->ext.tick) { | |
cc5b6a03 | 188 | ssl_session_oinit(&as.tlsext_tick, &tlsext_tick, |
aff8c126 | 189 | in->ext.tick, in->ext.ticklen); |
0f113f3e | 190 | } |
aff8c126 RS |
191 | if (in->ext.tick_lifetime_hint > 0) |
192 | as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint; | |
fc24f0bf | 193 | as.tlsext_tick_age_add = in->ext.tick_age_add; |
ddac1974 | 194 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
195 | ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, |
196 | in->psk_identity_hint); | |
197 | ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity); | |
0f113f3e | 198 | #endif /* OPENSSL_NO_PSK */ |
edc032b5 | 199 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 | 200 | ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username); |
0f113f3e MC |
201 | #endif /* OPENSSL_NO_SRP */ |
202 | ||
cc5b6a03 | 203 | as.flags = in->flags; |
5d5b3fba | 204 | as.max_early_data = in->ext.max_early_data; |
6f152a15 | 205 | |
f6370040 MC |
206 | if (in->ext.alpn_selected == NULL) |
207 | as.alpn_selected = NULL; | |
208 | else | |
209 | ssl_session_oinit(&as.alpn_selected, &alpn_selected, | |
210 | in->ext.alpn_selected, in->ext.alpn_selected_len); | |
211 | ||
cf72c757 F |
212 | as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; |
213 | ||
df0fed9a TS |
214 | if (in->ticket_appdata == NULL) |
215 | as.ticket_appdata = NULL; | |
216 | else | |
217 | ssl_session_oinit(&as.ticket_appdata, &ticket_appdata, | |
218 | in->ticket_appdata, in->ticket_appdata_len); | |
219 | ||
3c95ef22 TS |
220 | ret = i2d_SSL_SESSION_ASN1(&as, pp); |
221 | OPENSSL_free(peer_rpk.data); | |
222 | return ret; | |
cc5b6a03 | 223 | } |
0f113f3e | 224 | |
cc5b6a03 | 225 | /* Utility functions for d2i_SSL_SESSION */ |
0f113f3e | 226 | |
7644a9ae | 227 | /* OPENSSL_strndup an OCTET STRING */ |
cc5b6a03 DSH |
228 | |
229 | static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) | |
230 | { | |
b548a1f1 RS |
231 | OPENSSL_free(*pdst); |
232 | *pdst = NULL; | |
cc5b6a03 DSH |
233 | if (src == NULL) |
234 | return 1; | |
7644a9ae | 235 | *pdst = OPENSSL_strndup((char *)src->data, src->length); |
cc5b6a03 DSH |
236 | if (*pdst == NULL) |
237 | return 0; | |
238 | return 1; | |
239 | } | |
240 | ||
241 | /* Copy an OCTET STRING, return error if it exceeds maximum length */ | |
242 | ||
ec60ccc1 MC |
243 | static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, |
244 | ASN1_OCTET_STRING *src, size_t maxlen) | |
cc5b6a03 | 245 | { |
72a509f9 | 246 | if (src == NULL || src->length == 0) { |
cc5b6a03 DSH |
247 | *pdstlen = 0; |
248 | return 1; | |
249 | } | |
ec60ccc1 | 250 | if (src->length < 0 || src->length > (int)maxlen) |
cc5b6a03 DSH |
251 | return 0; |
252 | memcpy(dst, src->data, src->length); | |
253 | *pdstlen = src->length; | |
254 | return 1; | |
0f113f3e | 255 | } |
d02b48c6 | 256 | |
41a15c4f | 257 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
0f113f3e | 258 | long length) |
3c95ef22 TS |
259 | { |
260 | return d2i_SSL_SESSION_ex(a, pp, length, NULL, NULL); | |
261 | } | |
262 | SSL_SESSION *d2i_SSL_SESSION_ex(SSL_SESSION **a, const unsigned char **pp, | |
263 | long length, OSSL_LIB_CTX *libctx, | |
264 | const char *propq) | |
0f113f3e | 265 | { |
0f113f3e | 266 | long id; |
ec60ccc1 | 267 | size_t tmpl; |
cc5b6a03 DSH |
268 | const unsigned char *p = *pp; |
269 | SSL_SESSION_ASN1 *as = NULL; | |
270 | SSL_SESSION *ret = NULL; | |
271 | ||
272 | as = d2i_SSL_SESSION_ASN1(NULL, &p, length); | |
273 | /* ASN.1 code returns suitable error */ | |
274 | if (as == NULL) | |
275 | goto err; | |
0f113f3e | 276 | |
12a765a5 | 277 | if (a == NULL || *a == NULL) { |
cc5b6a03 DSH |
278 | ret = SSL_SESSION_new(); |
279 | if (ret == NULL) | |
0f113f3e | 280 | goto err; |
0f113f3e | 281 | } else { |
cc5b6a03 DSH |
282 | ret = *a; |
283 | } | |
284 | ||
285 | if (as->version != SSL_SESSION_ASN1_VERSION) { | |
6849b73c | 286 | ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION); |
0f113f3e MC |
287 | goto err; |
288 | } | |
289 | ||
cc5b6a03 DSH |
290 | if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR |
291 | && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR | |
292 | && as->ssl_version != DTLS1_BAD_VER) { | |
6849b73c | 293 | ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION); |
cc5b6a03 DSH |
294 | goto err; |
295 | } | |
0f113f3e | 296 | |
cc5b6a03 | 297 | ret->ssl_version = (int)as->ssl_version; |
0f113f3e | 298 | |
aa6bd216 BK |
299 | ret->kex_group = as->kex_group; |
300 | ||
cc5b6a03 | 301 | if (as->cipher->length != 2) { |
6849b73c | 302 | ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH); |
cc5b6a03 DSH |
303 | goto err; |
304 | } | |
0f113f3e | 305 | |
a0179d0a BE |
306 | id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L) |
307 | | (unsigned long)as->cipher->data[1]; | |
0f113f3e | 308 | |
cc5b6a03 | 309 | ret->cipher_id = id; |
534a43ff MC |
310 | ret->cipher = ssl3_get_cipher_by_id(id); |
311 | if (ret->cipher == NULL) | |
312 | goto err; | |
0f113f3e | 313 | |
cc5b6a03 DSH |
314 | if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length, |
315 | as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH)) | |
316 | goto err; | |
317 | ||
318 | if (!ssl_session_memcpy(ret->master_key, &tmpl, | |
4ff1a526 | 319 | as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) |
cc5b6a03 DSH |
320 | goto err; |
321 | ||
322 | ret->master_key_length = tmpl; | |
98fa4fe8 | 323 | |
cc5b6a03 | 324 | if (as->time != 0) |
f0131dc0 | 325 | ret->time = ossl_time_from_time_t(as->time); |
cc5b6a03 | 326 | else |
f0131dc0 | 327 | ret->time = ossl_time_now(); |
0f113f3e | 328 | |
cc5b6a03 | 329 | if (as->timeout != 0) |
f0131dc0 | 330 | ret->timeout = ossl_seconds2time(as->timeout); |
cc5b6a03 | 331 | else |
f0131dc0 | 332 | ret->timeout = ossl_seconds2time(3); |
25959e04 | 333 | ssl_session_calculate_timeout(ret); |
0f113f3e | 334 | |
cc5b6a03 DSH |
335 | X509_free(ret->peer); |
336 | ret->peer = as->peer; | |
337 | as->peer = NULL; | |
0f113f3e | 338 | |
3c95ef22 TS |
339 | EVP_PKEY_free(ret->peer_rpk); |
340 | ret->peer_rpk = NULL; | |
341 | if (as->peer_rpk != NULL) { | |
342 | const unsigned char *data = as->peer_rpk->data; | |
343 | ||
344 | /* | |
345 | * |data| is incremented; we don't want to lose original ptr | |
346 | */ | |
347 | ret->peer_rpk = d2i_PUBKEY_ex(NULL, &data, as->peer_rpk->length, libctx, propq); | |
348 | if (ret->peer_rpk == NULL) | |
349 | goto err; | |
350 | } | |
351 | ||
cc5b6a03 DSH |
352 | if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length, |
353 | as->session_id_context, SSL_MAX_SID_CTX_LENGTH)) | |
354 | goto err; | |
0f113f3e | 355 | |
cc5b6a03 DSH |
356 | /* NB: this defaults to zero which is X509_V_OK */ |
357 | ret->verify_result = as->verify_result; | |
b1fe6ca1 | 358 | |
aff8c126 | 359 | if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname)) |
cc5b6a03 | 360 | goto err; |
ed3883d2 | 361 | |
ddac1974 | 362 | #ifndef OPENSSL_NO_PSK |
cc5b6a03 DSH |
363 | if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) |
364 | goto err; | |
365 | if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity)) | |
366 | goto err; | |
367 | #endif | |
ddac1974 | 368 | |
802127e8 | 369 | ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; |
fc24f0bf | 370 | ret->ext.tick_age_add = as->tlsext_tick_age_add; |
27232cc3 MC |
371 | OPENSSL_free(ret->ext.tick); |
372 | if (as->tlsext_tick != NULL) { | |
aff8c126 RS |
373 | ret->ext.tick = as->tlsext_tick->data; |
374 | ret->ext.ticklen = as->tlsext_tick->length; | |
cc5b6a03 DSH |
375 | as->tlsext_tick->data = NULL; |
376 | } else { | |
aff8c126 | 377 | ret->ext.tick = NULL; |
cc5b6a03 | 378 | } |
9de014a7 | 379 | #ifndef OPENSSL_NO_COMP |
cc5b6a03 DSH |
380 | if (as->comp_id) { |
381 | if (as->comp_id->length != 1) { | |
6849b73c | 382 | ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH); |
cc5b6a03 DSH |
383 | goto err; |
384 | } | |
385 | ret->compress_meth = as->comp_id->data[0]; | |
386 | } else { | |
387 | ret->compress_meth = 0; | |
0f113f3e | 388 | } |
9de014a7 | 389 | #endif |
ddac1974 | 390 | |
edc032b5 | 391 | #ifndef OPENSSL_NO_SRP |
cc5b6a03 DSH |
392 | if (!ssl_session_strndup(&ret->srp_username, as->srp_username)) |
393 | goto err; | |
0f113f3e | 394 | #endif /* OPENSSL_NO_SRP */ |
cc5b6a03 | 395 | /* Flags defaults to zero which is fine */ |
802127e8 | 396 | ret->flags = (int32_t)as->flags; |
5d5b3fba | 397 | ret->ext.max_early_data = as->max_early_data; |
cc5b6a03 | 398 | |
27232cc3 | 399 | OPENSSL_free(ret->ext.alpn_selected); |
f6370040 | 400 | if (as->alpn_selected != NULL) { |
27232cc3 | 401 | ret->ext.alpn_selected = as->alpn_selected->data; |
f6370040 | 402 | ret->ext.alpn_selected_len = as->alpn_selected->length; |
27232cc3 | 403 | as->alpn_selected->data = NULL; |
f6370040 MC |
404 | } else { |
405 | ret->ext.alpn_selected = NULL; | |
406 | ret->ext.alpn_selected_len = 0; | |
407 | } | |
408 | ||
cf72c757 F |
409 | ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; |
410 | ||
27232cc3 | 411 | OPENSSL_free(ret->ticket_appdata); |
df0fed9a TS |
412 | if (as->ticket_appdata != NULL) { |
413 | ret->ticket_appdata = as->ticket_appdata->data; | |
414 | ret->ticket_appdata_len = as->ticket_appdata->length; | |
415 | as->ticket_appdata->data = NULL; | |
416 | } else { | |
417 | ret->ticket_appdata = NULL; | |
418 | ret->ticket_appdata_len = 0; | |
419 | } | |
420 | ||
cc5b6a03 DSH |
421 | M_ASN1_free_of(as, SSL_SESSION_ASN1); |
422 | ||
423 | if ((a != NULL) && (*a == NULL)) | |
424 | *a = ret; | |
425 | *pp = p; | |
426 | return ret; | |
427 | ||
a230b26e | 428 | err: |
cc5b6a03 DSH |
429 | M_ASN1_free_of(as, SSL_SESSION_ASN1); |
430 | if ((a == NULL) || (*a != ret)) | |
431 | SSL_SESSION_free(ret); | |
432 | return NULL; | |
0f113f3e | 433 | } |