/* Copyright (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * * This package is an SSL implementation written * by Eric Young ([email protected]). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson ([email protected]). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([email protected])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== * Copyright 2005 Nokia. All rights reserved. * * The portions of the attached software ("Contribution") is developed by * Nokia Corporation and is licensed pursuant to the OpenSSL open source * license. * * The Contribution, originally written by Mika Kousa and Pasi Eronen of * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites * support (see RFC 4279) to OpenSSL. * * No patent licenses or other rights except those expressly stated in * the OpenSSL open source license shall be deemed granted or received * expressly, by implication, estoppel, or otherwise. * * No assurances are provided by Nokia that the Contribution does not * infringe the patent or other intellectual property rights of any third * party or that the license provides you with all the necessary rights * to make use of the Contribution. * * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ #include <openssl/ssl.h> #include <limits.h> #include <string.h> #include <utility> #include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/mem.h> #include <openssl/x509.h> #include "../crypto/internal.h" #include "internal.h" BSSL_NAMESPACE_BEGIN // An SSL_SESSION is serialized as the following ASN.1 structure: // // SSLSession ::= SEQUENCE { // version INTEGER (1), -- session structure version // sslVersion INTEGER, -- protocol version number // cipher OCTET STRING, -- two bytes long // sessionID OCTET STRING, // secret OCTET STRING, // time [1] INTEGER, -- seconds since UNIX epoch // timeout [2] INTEGER, -- in seconds // peer [3] Certificate OPTIONAL, // sessionIDContext [4] OCTET STRING OPTIONAL, // verifyResult [5] INTEGER OPTIONAL, -- one of X509_V_* codes // pskIdentity [8] OCTET STRING OPTIONAL, // ticketLifetimeHint [9] INTEGER OPTIONAL, -- client-only // ticket [10] OCTET STRING OPTIONAL, -- client-only // peerSHA256 [13] OCTET STRING OPTIONAL, // originalHandshakeHash [14] OCTET STRING OPTIONAL, // signedCertTimestampList [15] OCTET STRING OPTIONAL, // -- contents of SCT extension // ocspResponse [16] OCTET STRING OPTIONAL, // -- stapled OCSP response from the server // extendedMasterSecret [17] BOOLEAN OPTIONAL, // groupID [18] INTEGER OPTIONAL, // certChain [19] SEQUENCE OF Certificate OPTIONAL, // ticketAgeAdd [21] OCTET STRING OPTIONAL, // isServer [22] BOOLEAN DEFAULT TRUE, // peerSignatureAlgorithm [23] INTEGER OPTIONAL, // ticketMaxEarlyData [24] INTEGER OPTIONAL, // authTimeout [25] INTEGER OPTIONAL, -- defaults to timeout // earlyALPN [26] OCTET STRING OPTIONAL, // isQuic [27] BOOLEAN OPTIONAL, // quicEarlyDataHash [28] OCTET STRING OPTIONAL, // localALPS [29] OCTET STRING OPTIONAL, // peerALPS [30] OCTET STRING OPTIONAL, // -- Either both or none of localALPS and peerALPS must be present. If both // -- are present, earlyALPN must be present and non-empty. // } // // Note: historically this serialization has included other optional // fields. Their presence is currently treated as a parse error, except for // hostName, which is ignored. // // keyArg [0] IMPLICIT OCTET STRING OPTIONAL, // hostName [6] OCTET STRING OPTIONAL, // pskIdentityHint [7] OCTET STRING OPTIONAL, // compressionMethod [11] OCTET STRING OPTIONAL, // srpUsername [12] OCTET STRING OPTIONAL, // ticketFlags [20] INTEGER OPTIONAL, static const unsigned kVersion = …; static const CBS_ASN1_TAG kTimeTag = …; static const CBS_ASN1_TAG kTimeoutTag = …; static const CBS_ASN1_TAG kPeerTag = …; static const CBS_ASN1_TAG kSessionIDContextTag = …; static const CBS_ASN1_TAG kVerifyResultTag = …; static const CBS_ASN1_TAG kHostNameTag = …; static const CBS_ASN1_TAG kPSKIdentityTag = …; static const CBS_ASN1_TAG kTicketLifetimeHintTag = …; static const CBS_ASN1_TAG kTicketTag = …; static const CBS_ASN1_TAG kPeerSHA256Tag = …; static const CBS_ASN1_TAG kOriginalHandshakeHashTag = …; static const CBS_ASN1_TAG kSignedCertTimestampListTag = …; static const CBS_ASN1_TAG kOCSPResponseTag = …; static const CBS_ASN1_TAG kExtendedMasterSecretTag = …; static const CBS_ASN1_TAG kGroupIDTag = …; static const CBS_ASN1_TAG kCertChainTag = …; static const CBS_ASN1_TAG kTicketAgeAddTag = …; static const CBS_ASN1_TAG kIsServerTag = …; static const CBS_ASN1_TAG kPeerSignatureAlgorithmTag = …; static const CBS_ASN1_TAG kTicketMaxEarlyDataTag = …; static const CBS_ASN1_TAG kAuthTimeoutTag = …; static const CBS_ASN1_TAG kEarlyALPNTag = …; static const CBS_ASN1_TAG kIsQuicTag = …; static const CBS_ASN1_TAG kQuicEarlyDataContextTag = …; static const CBS_ASN1_TAG kLocalALPSTag = …; static const CBS_ASN1_TAG kPeerALPSTag = …; static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb, int for_ticket) { … } // SSL_SESSION_parse_string gets an optional ASN.1 OCTET STRING explicitly // tagged with |tag| from |cbs| and saves it in |*out|. If the element was not // found, it sets |*out| to NULL. It returns one on success, whether or not the // element was found, and zero on decode error. static int SSL_SESSION_parse_string(CBS *cbs, UniquePtr<char> *out, CBS_ASN1_TAG tag) { … } // SSL_SESSION_parse_octet_string gets an optional ASN.1 OCTET STRING explicitly // tagged with |tag| from |cbs| and stows it in |*out|. It returns one on // success, whether or not the element was found, and zero on decode error. static bool SSL_SESSION_parse_octet_string(CBS *cbs, Array<uint8_t> *out, CBS_ASN1_TAG tag) { … } static int SSL_SESSION_parse_crypto_buffer(CBS *cbs, UniquePtr<CRYPTO_BUFFER> *out, CBS_ASN1_TAG tag, CRYPTO_BUFFER_POOL *pool) { … } // SSL_SESSION_parse_bounded_octet_string parses an optional ASN.1 OCTET STRING // explicitly tagged with |tag| of size at most |max_out|. static int SSL_SESSION_parse_bounded_octet_string(CBS *cbs, uint8_t *out, uint8_t *out_len, uint8_t max_out, CBS_ASN1_TAG tag) { … } static int SSL_SESSION_parse_long(CBS *cbs, long *out, CBS_ASN1_TAG tag, long default_value) { … } static int SSL_SESSION_parse_u32(CBS *cbs, uint32_t *out, CBS_ASN1_TAG tag, uint32_t default_value) { … } static int SSL_SESSION_parse_u16(CBS *cbs, uint16_t *out, CBS_ASN1_TAG tag, uint16_t default_value) { … } UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs, const SSL_X509_METHOD *x509_method, CRYPTO_BUFFER_POOL *pool) { … } bool ssl_session_serialize(const SSL_SESSION *in, CBB *cbb) { … } BSSL_NAMESPACE_END usingnamespacebssl; int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data, size_t *out_len) { … } int SSL_SESSION_to_bytes_for_ticket(const SSL_SESSION *in, uint8_t **out_data, size_t *out_len) { … } int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp) { … } SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in, size_t in_len, const SSL_CTX *ctx) { … }
Codebase Browser
chromium