10Sstevel@tonic-gate /* ssl/ssl_asn1.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate * All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * This package is an SSL implementation written
60Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
110Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
130Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate * the code are not to be removed.
180Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate * as the author of the parts of the library used.
200Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate *
230Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate * are met:
260Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate * must display the following acknowledgement:
330Sstevel@tonic-gate * "This product includes cryptographic software written by
340Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate * being used are not cryptographic related :-).
370Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate *
410Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate * SUCH DAMAGE.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
550Sstevel@tonic-gate * copied and put under another distribution licence
560Sstevel@tonic-gate * [including the GNU Public Licence.]
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include <stdio.h>
600Sstevel@tonic-gate #include <stdlib.h>
610Sstevel@tonic-gate #include "ssl_locl.h"
620Sstevel@tonic-gate #include <openssl/asn1_mac.h>
630Sstevel@tonic-gate #include <openssl/objects.h>
640Sstevel@tonic-gate #include <openssl/x509.h>
650Sstevel@tonic-gate
660Sstevel@tonic-gate typedef struct ssl_session_asn1_st
670Sstevel@tonic-gate {
680Sstevel@tonic-gate ASN1_INTEGER version;
690Sstevel@tonic-gate ASN1_INTEGER ssl_version;
700Sstevel@tonic-gate ASN1_OCTET_STRING cipher;
710Sstevel@tonic-gate ASN1_OCTET_STRING master_key;
720Sstevel@tonic-gate ASN1_OCTET_STRING session_id;
730Sstevel@tonic-gate ASN1_OCTET_STRING session_id_context;
740Sstevel@tonic-gate ASN1_OCTET_STRING key_arg;
750Sstevel@tonic-gate #ifndef OPENSSL_NO_KRB5
760Sstevel@tonic-gate ASN1_OCTET_STRING krb5_princ;
770Sstevel@tonic-gate #endif /* OPENSSL_NO_KRB5 */
780Sstevel@tonic-gate ASN1_INTEGER time;
790Sstevel@tonic-gate ASN1_INTEGER timeout;
800Sstevel@tonic-gate ASN1_INTEGER verify_result;
810Sstevel@tonic-gate } SSL_SESSION_ASN1;
820Sstevel@tonic-gate
i2d_SSL_SESSION(SSL_SESSION * in,unsigned char ** pp)830Sstevel@tonic-gate int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
840Sstevel@tonic-gate {
850Sstevel@tonic-gate #define LSIZE2 (sizeof(long)*2)
860Sstevel@tonic-gate int v1=0,v2=0,v3=0,v4=0,v5=0;
870Sstevel@tonic-gate unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
880Sstevel@tonic-gate unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
890Sstevel@tonic-gate long l;
900Sstevel@tonic-gate SSL_SESSION_ASN1 a;
910Sstevel@tonic-gate M_ASN1_I2D_vars(in);
920Sstevel@tonic-gate
930Sstevel@tonic-gate if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
940Sstevel@tonic-gate return(0);
950Sstevel@tonic-gate
960Sstevel@tonic-gate /* Note that I cheat in the following 2 assignments. I know
970Sstevel@tonic-gate * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
980Sstevel@tonic-gate * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
990Sstevel@tonic-gate * This is a bit evil but makes things simple, no dynamic allocation
1000Sstevel@tonic-gate * to clean up :-) */
1010Sstevel@tonic-gate a.version.length=LSIZE2;
1020Sstevel@tonic-gate a.version.type=V_ASN1_INTEGER;
1030Sstevel@tonic-gate a.version.data=ibuf1;
1040Sstevel@tonic-gate ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
1050Sstevel@tonic-gate
1060Sstevel@tonic-gate a.ssl_version.length=LSIZE2;
1070Sstevel@tonic-gate a.ssl_version.type=V_ASN1_INTEGER;
1080Sstevel@tonic-gate a.ssl_version.data=ibuf2;
1090Sstevel@tonic-gate ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
1100Sstevel@tonic-gate
1110Sstevel@tonic-gate a.cipher.type=V_ASN1_OCTET_STRING;
1120Sstevel@tonic-gate a.cipher.data=buf;
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate if (in->cipher == NULL)
1150Sstevel@tonic-gate l=in->cipher_id;
1160Sstevel@tonic-gate else
1170Sstevel@tonic-gate l=in->cipher->id;
1180Sstevel@tonic-gate if (in->ssl_version == SSL2_VERSION)
1190Sstevel@tonic-gate {
1200Sstevel@tonic-gate a.cipher.length=3;
1210Sstevel@tonic-gate buf[0]=((unsigned char)(l>>16L))&0xff;
1220Sstevel@tonic-gate buf[1]=((unsigned char)(l>> 8L))&0xff;
1230Sstevel@tonic-gate buf[2]=((unsigned char)(l ))&0xff;
1240Sstevel@tonic-gate }
1250Sstevel@tonic-gate else
1260Sstevel@tonic-gate {
1270Sstevel@tonic-gate a.cipher.length=2;
1280Sstevel@tonic-gate buf[0]=((unsigned char)(l>>8L))&0xff;
1290Sstevel@tonic-gate buf[1]=((unsigned char)(l ))&0xff;
1300Sstevel@tonic-gate }
1310Sstevel@tonic-gate
1320Sstevel@tonic-gate a.master_key.length=in->master_key_length;
1330Sstevel@tonic-gate a.master_key.type=V_ASN1_OCTET_STRING;
1340Sstevel@tonic-gate a.master_key.data=in->master_key;
1350Sstevel@tonic-gate
1360Sstevel@tonic-gate a.session_id.length=in->session_id_length;
1370Sstevel@tonic-gate a.session_id.type=V_ASN1_OCTET_STRING;
1380Sstevel@tonic-gate a.session_id.data=in->session_id;
1390Sstevel@tonic-gate
1400Sstevel@tonic-gate a.session_id_context.length=in->sid_ctx_length;
1410Sstevel@tonic-gate a.session_id_context.type=V_ASN1_OCTET_STRING;
1420Sstevel@tonic-gate a.session_id_context.data=in->sid_ctx;
1430Sstevel@tonic-gate
1440Sstevel@tonic-gate a.key_arg.length=in->key_arg_length;
1450Sstevel@tonic-gate a.key_arg.type=V_ASN1_OCTET_STRING;
1460Sstevel@tonic-gate a.key_arg.data=in->key_arg;
1470Sstevel@tonic-gate
1480Sstevel@tonic-gate #ifndef OPENSSL_NO_KRB5
1490Sstevel@tonic-gate if (in->krb5_client_princ_len)
1500Sstevel@tonic-gate {
1510Sstevel@tonic-gate a.krb5_princ.length=in->krb5_client_princ_len;
1520Sstevel@tonic-gate a.krb5_princ.type=V_ASN1_OCTET_STRING;
1530Sstevel@tonic-gate a.krb5_princ.data=in->krb5_client_princ;
1540Sstevel@tonic-gate }
1550Sstevel@tonic-gate #endif /* OPENSSL_NO_KRB5 */
1560Sstevel@tonic-gate
1570Sstevel@tonic-gate if (in->time != 0L)
1580Sstevel@tonic-gate {
1590Sstevel@tonic-gate a.time.length=LSIZE2;
1600Sstevel@tonic-gate a.time.type=V_ASN1_INTEGER;
1610Sstevel@tonic-gate a.time.data=ibuf3;
1620Sstevel@tonic-gate ASN1_INTEGER_set(&(a.time),in->time);
1630Sstevel@tonic-gate }
1640Sstevel@tonic-gate
1650Sstevel@tonic-gate if (in->timeout != 0L)
1660Sstevel@tonic-gate {
1670Sstevel@tonic-gate a.timeout.length=LSIZE2;
1680Sstevel@tonic-gate a.timeout.type=V_ASN1_INTEGER;
1690Sstevel@tonic-gate a.timeout.data=ibuf4;
1700Sstevel@tonic-gate ASN1_INTEGER_set(&(a.timeout),in->timeout);
1710Sstevel@tonic-gate }
1720Sstevel@tonic-gate
1730Sstevel@tonic-gate if (in->verify_result != X509_V_OK)
1740Sstevel@tonic-gate {
1750Sstevel@tonic-gate a.verify_result.length=LSIZE2;
1760Sstevel@tonic-gate a.verify_result.type=V_ASN1_INTEGER;
1770Sstevel@tonic-gate a.verify_result.data=ibuf5;
1780Sstevel@tonic-gate ASN1_INTEGER_set(&a.verify_result,in->verify_result);
1790Sstevel@tonic-gate }
1800Sstevel@tonic-gate
1810Sstevel@tonic-gate
1820Sstevel@tonic-gate M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
1830Sstevel@tonic-gate M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
1840Sstevel@tonic-gate M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
1850Sstevel@tonic-gate M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
1860Sstevel@tonic-gate M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
1870Sstevel@tonic-gate #ifndef OPENSSL_NO_KRB5
1880Sstevel@tonic-gate if (in->krb5_client_princ_len)
1890Sstevel@tonic-gate M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
1900Sstevel@tonic-gate #endif /* OPENSSL_NO_KRB5 */
1910Sstevel@tonic-gate if (in->key_arg_length > 0)
1920Sstevel@tonic-gate M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
1930Sstevel@tonic-gate if (in->time != 0L)
1940Sstevel@tonic-gate M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
1950Sstevel@tonic-gate if (in->timeout != 0L)
1960Sstevel@tonic-gate M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
1970Sstevel@tonic-gate if (in->peer != NULL)
1980Sstevel@tonic-gate M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
1990Sstevel@tonic-gate M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
2000Sstevel@tonic-gate if (in->verify_result != X509_V_OK)
2010Sstevel@tonic-gate M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
2020Sstevel@tonic-gate
2030Sstevel@tonic-gate M_ASN1_I2D_seq_total();
2040Sstevel@tonic-gate
2050Sstevel@tonic-gate M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
2060Sstevel@tonic-gate M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
2070Sstevel@tonic-gate M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
2080Sstevel@tonic-gate M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
2090Sstevel@tonic-gate M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
2100Sstevel@tonic-gate #ifndef OPENSSL_NO_KRB5
2110Sstevel@tonic-gate if (in->krb5_client_princ_len)
2120Sstevel@tonic-gate M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
2130Sstevel@tonic-gate #endif /* OPENSSL_NO_KRB5 */
2140Sstevel@tonic-gate if (in->key_arg_length > 0)
2150Sstevel@tonic-gate M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
2160Sstevel@tonic-gate if (in->time != 0L)
2170Sstevel@tonic-gate M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
2180Sstevel@tonic-gate if (in->timeout != 0L)
2190Sstevel@tonic-gate M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
2200Sstevel@tonic-gate if (in->peer != NULL)
2210Sstevel@tonic-gate M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
2220Sstevel@tonic-gate M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
2230Sstevel@tonic-gate v4);
2240Sstevel@tonic-gate if (in->verify_result != X509_V_OK)
2250Sstevel@tonic-gate M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
2260Sstevel@tonic-gate M_ASN1_I2D_finish();
2270Sstevel@tonic-gate }
2280Sstevel@tonic-gate
d2i_SSL_SESSION(SSL_SESSION ** a,const unsigned char ** pp,long length)229*2139Sjp161948 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
2300Sstevel@tonic-gate long length)
2310Sstevel@tonic-gate {
2320Sstevel@tonic-gate int version,ssl_version=0,i;
2330Sstevel@tonic-gate long id;
2340Sstevel@tonic-gate ASN1_INTEGER ai,*aip;
2350Sstevel@tonic-gate ASN1_OCTET_STRING os,*osp;
2360Sstevel@tonic-gate M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
2370Sstevel@tonic-gate
2380Sstevel@tonic-gate aip= &ai;
2390Sstevel@tonic-gate osp= &os;
2400Sstevel@tonic-gate
2410Sstevel@tonic-gate M_ASN1_D2I_Init();
2420Sstevel@tonic-gate M_ASN1_D2I_start_sequence();
2430Sstevel@tonic-gate
2440Sstevel@tonic-gate ai.data=NULL; ai.length=0;
245*2139Sjp161948 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
2460Sstevel@tonic-gate version=(int)ASN1_INTEGER_get(aip);
2470Sstevel@tonic-gate if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
2480Sstevel@tonic-gate
2490Sstevel@tonic-gate /* we don't care about the version right now :-) */
250*2139Sjp161948 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
2510Sstevel@tonic-gate ssl_version=(int)ASN1_INTEGER_get(aip);
2520Sstevel@tonic-gate ret->ssl_version=ssl_version;
2530Sstevel@tonic-gate if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
2540Sstevel@tonic-gate
2550Sstevel@tonic-gate os.data=NULL; os.length=0;
256*2139Sjp161948 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
2570Sstevel@tonic-gate if (ssl_version == SSL2_VERSION)
2580Sstevel@tonic-gate {
2590Sstevel@tonic-gate if (os.length != 3)
2600Sstevel@tonic-gate {
2610Sstevel@tonic-gate c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
2620Sstevel@tonic-gate goto err;
2630Sstevel@tonic-gate }
2640Sstevel@tonic-gate id=0x02000000L|
2650Sstevel@tonic-gate ((unsigned long)os.data[0]<<16L)|
2660Sstevel@tonic-gate ((unsigned long)os.data[1]<< 8L)|
2670Sstevel@tonic-gate (unsigned long)os.data[2];
2680Sstevel@tonic-gate }
269*2139Sjp161948 else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
2700Sstevel@tonic-gate {
2710Sstevel@tonic-gate if (os.length != 2)
2720Sstevel@tonic-gate {
2730Sstevel@tonic-gate c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
2740Sstevel@tonic-gate goto err;
2750Sstevel@tonic-gate }
2760Sstevel@tonic-gate id=0x03000000L|
2770Sstevel@tonic-gate ((unsigned long)os.data[0]<<8L)|
2780Sstevel@tonic-gate (unsigned long)os.data[1];
2790Sstevel@tonic-gate }
2800Sstevel@tonic-gate else
2810Sstevel@tonic-gate {
2820Sstevel@tonic-gate SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
2830Sstevel@tonic-gate return(NULL);
2840Sstevel@tonic-gate }
2850Sstevel@tonic-gate
2860Sstevel@tonic-gate ret->cipher=NULL;
2870Sstevel@tonic-gate ret->cipher_id=id;
2880Sstevel@tonic-gate
289*2139Sjp161948 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
290*2139Sjp161948 if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
2910Sstevel@tonic-gate i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
292*2139Sjp161948 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
2930Sstevel@tonic-gate i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
2940Sstevel@tonic-gate
2950Sstevel@tonic-gate if (os.length > i)
2960Sstevel@tonic-gate os.length = i;
297*2139Sjp161948 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
298*2139Sjp161948 os.length = sizeof(ret->session_id);
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate ret->session_id_length=os.length;
301*2139Sjp161948 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
3020Sstevel@tonic-gate memcpy(ret->session_id,os.data,os.length);
3030Sstevel@tonic-gate
304*2139Sjp161948 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
3050Sstevel@tonic-gate if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
3060Sstevel@tonic-gate ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
3070Sstevel@tonic-gate else
3080Sstevel@tonic-gate ret->master_key_length=os.length;
3090Sstevel@tonic-gate memcpy(ret->master_key,os.data,ret->master_key_length);
3100Sstevel@tonic-gate
3110Sstevel@tonic-gate os.length=0;
3120Sstevel@tonic-gate
3130Sstevel@tonic-gate #ifndef OPENSSL_NO_KRB5
3140Sstevel@tonic-gate os.length=0;
3150Sstevel@tonic-gate M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
3160Sstevel@tonic-gate if (os.data)
3170Sstevel@tonic-gate {
3180Sstevel@tonic-gate if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
3190Sstevel@tonic-gate ret->krb5_client_princ_len=0;
3200Sstevel@tonic-gate else
3210Sstevel@tonic-gate ret->krb5_client_princ_len=os.length;
3220Sstevel@tonic-gate memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
3230Sstevel@tonic-gate OPENSSL_free(os.data);
3240Sstevel@tonic-gate os.data = NULL;
3250Sstevel@tonic-gate os.length = 0;
3260Sstevel@tonic-gate }
3270Sstevel@tonic-gate else
3280Sstevel@tonic-gate ret->krb5_client_princ_len=0;
3290Sstevel@tonic-gate #endif /* OPENSSL_NO_KRB5 */
3300Sstevel@tonic-gate
3310Sstevel@tonic-gate M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
3320Sstevel@tonic-gate if (os.length > SSL_MAX_KEY_ARG_LENGTH)
3330Sstevel@tonic-gate ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
3340Sstevel@tonic-gate else
3350Sstevel@tonic-gate ret->key_arg_length=os.length;
3360Sstevel@tonic-gate memcpy(ret->key_arg,os.data,ret->key_arg_length);
3370Sstevel@tonic-gate if (os.data != NULL) OPENSSL_free(os.data);
3380Sstevel@tonic-gate
3390Sstevel@tonic-gate ai.length=0;
3400Sstevel@tonic-gate M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
3410Sstevel@tonic-gate if (ai.data != NULL)
3420Sstevel@tonic-gate {
3430Sstevel@tonic-gate ret->time=ASN1_INTEGER_get(aip);
3440Sstevel@tonic-gate OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
3450Sstevel@tonic-gate }
3460Sstevel@tonic-gate else
3470Sstevel@tonic-gate ret->time=time(NULL);
3480Sstevel@tonic-gate
3490Sstevel@tonic-gate ai.length=0;
3500Sstevel@tonic-gate M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
3510Sstevel@tonic-gate if (ai.data != NULL)
3520Sstevel@tonic-gate {
3530Sstevel@tonic-gate ret->timeout=ASN1_INTEGER_get(aip);
3540Sstevel@tonic-gate OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
3550Sstevel@tonic-gate }
3560Sstevel@tonic-gate else
3570Sstevel@tonic-gate ret->timeout=3;
3580Sstevel@tonic-gate
3590Sstevel@tonic-gate if (ret->peer != NULL)
3600Sstevel@tonic-gate {
3610Sstevel@tonic-gate X509_free(ret->peer);
3620Sstevel@tonic-gate ret->peer=NULL;
3630Sstevel@tonic-gate }
3640Sstevel@tonic-gate M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
3650Sstevel@tonic-gate
3660Sstevel@tonic-gate os.length=0;
3670Sstevel@tonic-gate os.data=NULL;
3680Sstevel@tonic-gate M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
3690Sstevel@tonic-gate
3700Sstevel@tonic-gate if(os.data != NULL)
3710Sstevel@tonic-gate {
3720Sstevel@tonic-gate if (os.length > SSL_MAX_SID_CTX_LENGTH)
3730Sstevel@tonic-gate {
3740Sstevel@tonic-gate ret->sid_ctx_length=os.length;
3750Sstevel@tonic-gate SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
3760Sstevel@tonic-gate }
3770Sstevel@tonic-gate else
3780Sstevel@tonic-gate {
3790Sstevel@tonic-gate ret->sid_ctx_length=os.length;
3800Sstevel@tonic-gate memcpy(ret->sid_ctx,os.data,os.length);
3810Sstevel@tonic-gate }
3820Sstevel@tonic-gate OPENSSL_free(os.data); os.data=NULL; os.length=0;
3830Sstevel@tonic-gate }
3840Sstevel@tonic-gate else
3850Sstevel@tonic-gate ret->sid_ctx_length=0;
3860Sstevel@tonic-gate
3870Sstevel@tonic-gate ai.length=0;
3880Sstevel@tonic-gate M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
3890Sstevel@tonic-gate if (ai.data != NULL)
3900Sstevel@tonic-gate {
3910Sstevel@tonic-gate ret->verify_result=ASN1_INTEGER_get(aip);
3920Sstevel@tonic-gate OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
3930Sstevel@tonic-gate }
3940Sstevel@tonic-gate else
3950Sstevel@tonic-gate ret->verify_result=X509_V_OK;
3960Sstevel@tonic-gate
3970Sstevel@tonic-gate M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
3980Sstevel@tonic-gate }
399