xref: /freebsd/crypto/openssl/ssl/ssl_asn1.c (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim /*
2b2bf0c7eSJung-uk Kim  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
31f13597dSJung-uk Kim  * Copyright 2005 Nokia. All rights reserved.
41f13597dSJung-uk Kim  *
5*b077aed3SPierre Pronchery  * Licensed under the Apache License 2.0 (the "License").  You may not use
6e71b7053SJung-uk Kim  * this file except in compliance with the License.  You can obtain a copy
7e71b7053SJung-uk Kim  * in the file LICENSE in the source distribution or at
8e71b7053SJung-uk Kim  * https://www.openssl.org/source/license.html
91f13597dSJung-uk Kim  */
1074664626SKris Kennaway 
1174664626SKris Kennaway #include <stdio.h>
1274664626SKris Kennaway #include <stdlib.h>
1317f01e99SJung-uk Kim #include "ssl_local.h"
14e71b7053SJung-uk Kim #include <openssl/asn1t.h>
15f579bf8eSKris Kennaway #include <openssl/x509.h>
1674664626SKris Kennaway 
17e71b7053SJung-uk Kim typedef struct {
18e71b7053SJung-uk Kim     uint32_t version;
19e71b7053SJung-uk Kim     int32_t ssl_version;
20e71b7053SJung-uk Kim     ASN1_OCTET_STRING *cipher;
21e71b7053SJung-uk Kim     ASN1_OCTET_STRING *comp_id;
22e71b7053SJung-uk Kim     ASN1_OCTET_STRING *master_key;
23e71b7053SJung-uk Kim     ASN1_OCTET_STRING *session_id;
24e71b7053SJung-uk Kim     ASN1_OCTET_STRING *key_arg;
25e71b7053SJung-uk Kim     int64_t time;
26e71b7053SJung-uk Kim     int64_t timeout;
27e71b7053SJung-uk Kim     X509 *peer;
28e71b7053SJung-uk Kim     ASN1_OCTET_STRING *session_id_context;
29e71b7053SJung-uk Kim     int32_t verify_result;
30e71b7053SJung-uk Kim     ASN1_OCTET_STRING *tlsext_hostname;
31e71b7053SJung-uk Kim     uint64_t tlsext_tick_lifetime_hint;
32e71b7053SJung-uk Kim     uint32_t tlsext_tick_age_add;
33e71b7053SJung-uk Kim     ASN1_OCTET_STRING *tlsext_tick;
341f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
35e71b7053SJung-uk Kim     ASN1_OCTET_STRING *psk_identity_hint;
36e71b7053SJung-uk Kim     ASN1_OCTET_STRING *psk_identity;
37e71b7053SJung-uk Kim #endif
381f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
39e71b7053SJung-uk Kim     ASN1_OCTET_STRING *srp_username;
40e71b7053SJung-uk Kim #endif
41e71b7053SJung-uk Kim     uint64_t flags;
42e71b7053SJung-uk Kim     uint32_t max_early_data;
43e71b7053SJung-uk Kim     ASN1_OCTET_STRING *alpn_selected;
44e71b7053SJung-uk Kim     uint32_t tlsext_max_fragment_len_mode;
45e71b7053SJung-uk Kim     ASN1_OCTET_STRING *ticket_appdata;
46*b077aed3SPierre Pronchery     uint32_t kex_group;
4774664626SKris Kennaway } SSL_SESSION_ASN1;
4874664626SKris Kennaway 
49e71b7053SJung-uk Kim ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
50e71b7053SJung-uk Kim     ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
51e71b7053SJung-uk Kim     ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
52e71b7053SJung-uk Kim     ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
53e71b7053SJung-uk Kim     ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
54e71b7053SJung-uk Kim     ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
55e71b7053SJung-uk Kim     ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
56e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
57e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
58e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
59e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
60e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
61e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
62e71b7053SJung-uk Kim #ifndef OPENSSL_NO_PSK
63e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
64e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
65e71b7053SJung-uk Kim #endif
66e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
67e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
68e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
69e71b7053SJung-uk Kim #ifndef OPENSSL_NO_SRP
70e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
71e71b7053SJung-uk Kim #endif
72e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
73e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
74e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
75e71b7053SJung-uk Kim     ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
76e71b7053SJung-uk Kim     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
77*b077aed3SPierre Pronchery     ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18),
78*b077aed3SPierre Pronchery     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19)
79e71b7053SJung-uk Kim } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
80e71b7053SJung-uk Kim 
81e71b7053SJung-uk Kim IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
82e71b7053SJung-uk Kim 
83e71b7053SJung-uk Kim /* Utility functions for i2d_SSL_SESSION */
84e71b7053SJung-uk Kim 
85e71b7053SJung-uk Kim /* Initialise OCTET STRING from buffer and length */
86e71b7053SJung-uk Kim 
87e71b7053SJung-uk Kim static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
88*b077aed3SPierre Pronchery                               const unsigned char *data, size_t len)
89e71b7053SJung-uk Kim {
90*b077aed3SPierre Pronchery     os->data = (unsigned char *)data; /* justified cast: data is not modified */
91e71b7053SJung-uk Kim     os->length = (int)len;
92e71b7053SJung-uk Kim     os->flags = 0;
93e71b7053SJung-uk Kim     *dest = os;
94e71b7053SJung-uk Kim }
95e71b7053SJung-uk Kim 
96e71b7053SJung-uk Kim /* Initialise OCTET STRING from string */
ssl_session_sinit(ASN1_OCTET_STRING ** dest,ASN1_OCTET_STRING * os,const char * data)97e71b7053SJung-uk Kim static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
98*b077aed3SPierre Pronchery                               const char *data)
99e71b7053SJung-uk Kim {
100e71b7053SJung-uk Kim     if (data != NULL)
101*b077aed3SPierre Pronchery         ssl_session_oinit(dest, os, (const unsigned char *)data, strlen(data));
102e71b7053SJung-uk Kim     else
103e71b7053SJung-uk Kim         *dest = NULL;
104e71b7053SJung-uk Kim }
105e71b7053SJung-uk Kim 
i2d_SSL_SESSION(const SSL_SESSION * in,unsigned char ** pp)106*b077aed3SPierre Pronchery int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp)
10774664626SKris Kennaway {
108e71b7053SJung-uk Kim 
109e71b7053SJung-uk Kim     SSL_SESSION_ASN1 as;
110e71b7053SJung-uk Kim 
111e71b7053SJung-uk Kim     ASN1_OCTET_STRING cipher;
112e71b7053SJung-uk Kim     unsigned char cipher_data[2];
113e71b7053SJung-uk Kim     ASN1_OCTET_STRING master_key, session_id, sid_ctx;
114e71b7053SJung-uk Kim 
115e71b7053SJung-uk Kim #ifndef OPENSSL_NO_COMP
116e71b7053SJung-uk Kim     ASN1_OCTET_STRING comp_id;
117e71b7053SJung-uk Kim     unsigned char comp_id_data;
118e71b7053SJung-uk Kim #endif
119e71b7053SJung-uk Kim     ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
120e71b7053SJung-uk Kim #ifndef OPENSSL_NO_SRP
121e71b7053SJung-uk Kim     ASN1_OCTET_STRING srp_username;
122db522d3aSSimon L. B. Nielsen #endif
12380815a77SJung-uk Kim #ifndef OPENSSL_NO_PSK
124e71b7053SJung-uk Kim     ASN1_OCTET_STRING psk_identity, psk_identity_hint;
12580815a77SJung-uk Kim #endif
126e71b7053SJung-uk Kim     ASN1_OCTET_STRING alpn_selected;
127e71b7053SJung-uk Kim     ASN1_OCTET_STRING ticket_appdata;
128e71b7053SJung-uk Kim 
12974664626SKris Kennaway     long l;
13074664626SKris Kennaway 
13174664626SKris Kennaway     if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
132e71b7053SJung-uk Kim         return 0;
13374664626SKris Kennaway 
134e71b7053SJung-uk Kim     memset(&as, 0, sizeof(as));
13574664626SKris Kennaway 
136e71b7053SJung-uk Kim     as.version = SSL_SESSION_ASN1_VERSION;
137e71b7053SJung-uk Kim     as.ssl_version = in->ssl_version;
13874664626SKris Kennaway 
139*b077aed3SPierre Pronchery     as.kex_group = in->kex_group;
140*b077aed3SPierre Pronchery 
14174664626SKris Kennaway     if (in->cipher == NULL)
14274664626SKris Kennaway         l = in->cipher_id;
14374664626SKris Kennaway     else
14474664626SKris Kennaway         l = in->cipher->id;
145e71b7053SJung-uk Kim     cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
146e71b7053SJung-uk Kim     cipher_data[1] = ((unsigned char)(l)) & 0xff;
147e71b7053SJung-uk Kim 
148e71b7053SJung-uk Kim     ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
14974664626SKris Kennaway 
1506a599222SSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP
1516f9291ceSJung-uk Kim     if (in->compress_meth) {
152e71b7053SJung-uk Kim         comp_id_data = (unsigned char)in->compress_meth;
153e71b7053SJung-uk Kim         ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
1546a599222SSimon L. B. Nielsen     }
1556a599222SSimon L. B. Nielsen #endif
1566a599222SSimon L. B. Nielsen 
157e71b7053SJung-uk Kim     ssl_session_oinit(&as.master_key, &master_key,
158e71b7053SJung-uk Kim                       in->master_key, in->master_key_length);
15974664626SKris Kennaway 
160e71b7053SJung-uk Kim     ssl_session_oinit(&as.session_id, &session_id,
161e71b7053SJung-uk Kim                       in->session_id, in->session_id_length);
16274664626SKris Kennaway 
163e71b7053SJung-uk Kim     ssl_session_oinit(&as.session_id_context, &sid_ctx,
164e71b7053SJung-uk Kim                       in->sid_ctx, in->sid_ctx_length);
16574664626SKris Kennaway 
166*b077aed3SPierre Pronchery     as.time = (int64_t)in->time;
167*b077aed3SPierre Pronchery     as.timeout = (int64_t)in->timeout;
168e71b7053SJung-uk Kim     as.verify_result = in->verify_result;
16974664626SKris Kennaway 
170e71b7053SJung-uk Kim     as.peer = in->peer;
1715c87c606SMark Murray 
172e71b7053SJung-uk Kim     ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
173e71b7053SJung-uk Kim                       in->ext.hostname);
174e71b7053SJung-uk Kim     if (in->ext.tick) {
175e71b7053SJung-uk Kim         ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
176e71b7053SJung-uk Kim                           in->ext.tick, in->ext.ticklen);
17774664626SKris Kennaway     }
178e71b7053SJung-uk Kim     if (in->ext.tick_lifetime_hint > 0)
179e71b7053SJung-uk Kim         as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
180e71b7053SJung-uk Kim     as.tlsext_tick_age_add = in->ext.tick_age_add;
1811f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
182e71b7053SJung-uk Kim     ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
183e71b7053SJung-uk Kim                       in->psk_identity_hint);
184e71b7053SJung-uk Kim     ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
1851f13597dSJung-uk Kim #endif                          /* OPENSSL_NO_PSK */
1861f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
187e71b7053SJung-uk Kim     ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
188e71b7053SJung-uk Kim #endif                          /* OPENSSL_NO_SRP */
189e71b7053SJung-uk Kim 
190e71b7053SJung-uk Kim     as.flags = in->flags;
191e71b7053SJung-uk Kim     as.max_early_data = in->ext.max_early_data;
192e71b7053SJung-uk Kim 
193e71b7053SJung-uk Kim     if (in->ext.alpn_selected == NULL)
194e71b7053SJung-uk Kim         as.alpn_selected = NULL;
195e71b7053SJung-uk Kim     else
196e71b7053SJung-uk Kim         ssl_session_oinit(&as.alpn_selected, &alpn_selected,
197e71b7053SJung-uk Kim                           in->ext.alpn_selected, in->ext.alpn_selected_len);
198e71b7053SJung-uk Kim 
199e71b7053SJung-uk Kim     as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
200e71b7053SJung-uk Kim 
201e71b7053SJung-uk Kim     if (in->ticket_appdata == NULL)
202e71b7053SJung-uk Kim         as.ticket_appdata = NULL;
203e71b7053SJung-uk Kim     else
204e71b7053SJung-uk Kim         ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
205e71b7053SJung-uk Kim                           in->ticket_appdata, in->ticket_appdata_len);
206e71b7053SJung-uk Kim 
207e71b7053SJung-uk Kim     return i2d_SSL_SESSION_ASN1(&as, pp);
208e71b7053SJung-uk Kim 
2091f13597dSJung-uk Kim }
2101f13597dSJung-uk Kim 
211e71b7053SJung-uk Kim /* Utility functions for d2i_SSL_SESSION */
21274664626SKris Kennaway 
213e71b7053SJung-uk Kim /* OPENSSL_strndup an OCTET STRING */
2141f13597dSJung-uk Kim 
ssl_session_strndup(char ** pdst,ASN1_OCTET_STRING * src)215e71b7053SJung-uk Kim static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
216e71b7053SJung-uk Kim {
217e71b7053SJung-uk Kim     OPENSSL_free(*pdst);
218e71b7053SJung-uk Kim     *pdst = NULL;
219e71b7053SJung-uk Kim     if (src == NULL)
220e71b7053SJung-uk Kim         return 1;
221e71b7053SJung-uk Kim     *pdst = OPENSSL_strndup((char *)src->data, src->length);
222e71b7053SJung-uk Kim     if (*pdst == NULL)
223e71b7053SJung-uk Kim         return 0;
224e71b7053SJung-uk Kim     return 1;
225e71b7053SJung-uk Kim }
22674664626SKris Kennaway 
227e71b7053SJung-uk Kim /* Copy an OCTET STRING, return error if it exceeds maximum length */
228e71b7053SJung-uk Kim 
ssl_session_memcpy(unsigned char * dst,size_t * pdstlen,ASN1_OCTET_STRING * src,size_t maxlen)229e71b7053SJung-uk Kim static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
230e71b7053SJung-uk Kim                               ASN1_OCTET_STRING *src, size_t maxlen)
231e71b7053SJung-uk Kim {
232b2bf0c7eSJung-uk Kim     if (src == NULL || src->length == 0) {
233e71b7053SJung-uk Kim         *pdstlen = 0;
234e71b7053SJung-uk Kim         return 1;
235e71b7053SJung-uk Kim     }
236e71b7053SJung-uk Kim     if (src->length < 0 || src->length > (int)maxlen)
237e71b7053SJung-uk Kim         return 0;
238e71b7053SJung-uk Kim     memcpy(dst, src->data, src->length);
239e71b7053SJung-uk Kim     *pdstlen = src->length;
240e71b7053SJung-uk Kim     return 1;
24174664626SKris Kennaway }
24274664626SKris Kennaway 
d2i_SSL_SESSION(SSL_SESSION ** a,const unsigned char ** pp,long length)2433b4e3dcbSSimon L. B. Nielsen SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
24474664626SKris Kennaway                              long length)
24574664626SKris Kennaway {
24674664626SKris Kennaway     long id;
247e71b7053SJung-uk Kim     size_t tmpl;
248e71b7053SJung-uk Kim     const unsigned char *p = *pp;
249e71b7053SJung-uk Kim     SSL_SESSION_ASN1 *as = NULL;
250e71b7053SJung-uk Kim     SSL_SESSION *ret = NULL;
25174664626SKris Kennaway 
252e71b7053SJung-uk Kim     as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
253e71b7053SJung-uk Kim     /* ASN.1 code returns suitable error */
254e71b7053SJung-uk Kim     if (as == NULL)
25574664626SKris Kennaway         goto err;
256e71b7053SJung-uk Kim 
257*b077aed3SPierre Pronchery     if (a == NULL || *a == NULL) {
258e71b7053SJung-uk Kim         ret = SSL_SESSION_new();
259e71b7053SJung-uk Kim         if (ret == NULL)
26074664626SKris Kennaway             goto err;
2616f9291ceSJung-uk Kim     } else {
262e71b7053SJung-uk Kim         ret = *a;
263e71b7053SJung-uk Kim     }
264e71b7053SJung-uk Kim 
265e71b7053SJung-uk Kim     if (as->version != SSL_SESSION_ASN1_VERSION) {
266*b077aed3SPierre Pronchery         ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_SSL_VERSION);
2676a599222SSimon L. B. Nielsen         goto err;
26874664626SKris Kennaway     }
26974664626SKris Kennaway 
270e71b7053SJung-uk Kim     if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
271e71b7053SJung-uk Kim         && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
272e71b7053SJung-uk Kim         && as->ssl_version != DTLS1_BAD_VER) {
273*b077aed3SPierre Pronchery         ERR_raise(ERR_LIB_SSL, SSL_R_UNSUPPORTED_SSL_VERSION);
274e71b7053SJung-uk Kim         goto err;
275e71b7053SJung-uk Kim     }
276e71b7053SJung-uk Kim 
277e71b7053SJung-uk Kim     ret->ssl_version = (int)as->ssl_version;
278e71b7053SJung-uk Kim 
279*b077aed3SPierre Pronchery     ret->kex_group = as->kex_group;
280*b077aed3SPierre Pronchery 
281e71b7053SJung-uk Kim     if (as->cipher->length != 2) {
282*b077aed3SPierre Pronchery         ERR_raise(ERR_LIB_SSL, SSL_R_CIPHER_CODE_WRONG_LENGTH);
283e71b7053SJung-uk Kim         goto err;
284e71b7053SJung-uk Kim     }
285e71b7053SJung-uk Kim 
286e71b7053SJung-uk Kim     id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
287e71b7053SJung-uk Kim                      | (unsigned long)as->cipher->data[1];
288e71b7053SJung-uk Kim 
28974664626SKris Kennaway     ret->cipher_id = id;
290e71b7053SJung-uk Kim     ret->cipher = ssl3_get_cipher_by_id(id);
291e71b7053SJung-uk Kim     if (ret->cipher == NULL)
292e71b7053SJung-uk Kim         goto err;
29374664626SKris Kennaway 
294e71b7053SJung-uk Kim     if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
295e71b7053SJung-uk Kim                             as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
296e71b7053SJung-uk Kim         goto err;
29774664626SKris Kennaway 
298e71b7053SJung-uk Kim     if (!ssl_session_memcpy(ret->master_key, &tmpl,
299e71b7053SJung-uk Kim                             as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
300e71b7053SJung-uk Kim         goto err;
30174664626SKris Kennaway 
302e71b7053SJung-uk Kim     ret->master_key_length = tmpl;
30374664626SKris Kennaway 
304e71b7053SJung-uk Kim     if (as->time != 0)
305*b077aed3SPierre Pronchery         ret->time = (time_t)as->time;
30674664626SKris Kennaway     else
307*b077aed3SPierre Pronchery         ret->time = time(NULL);
30874664626SKris Kennaway 
309e71b7053SJung-uk Kim     if (as->timeout != 0)
310*b077aed3SPierre Pronchery         ret->timeout = (time_t)as->timeout;
3115c87c606SMark Murray     else
31274664626SKris Kennaway         ret->timeout = 3;
313*b077aed3SPierre Pronchery     ssl_session_calculate_timeout(ret);
31474664626SKris Kennaway 
31574664626SKris Kennaway     X509_free(ret->peer);
316e71b7053SJung-uk Kim     ret->peer = as->peer;
317e71b7053SJung-uk Kim     as->peer = NULL;
31874664626SKris Kennaway 
319e71b7053SJung-uk Kim     if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
320e71b7053SJung-uk Kim                             as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
3216a599222SSimon L. B. Nielsen         goto err;
32274664626SKris Kennaway 
323e71b7053SJung-uk Kim     /* NB: this defaults to zero which is X509_V_OK */
324e71b7053SJung-uk Kim     ret->verify_result = as->verify_result;
325f579bf8eSKris Kennaway 
326e71b7053SJung-uk Kim     if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
327e71b7053SJung-uk Kim         goto err;
3281f13597dSJung-uk Kim 
3291f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK
330e71b7053SJung-uk Kim     if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
331e71b7053SJung-uk Kim         goto err;
332e71b7053SJung-uk Kim     if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
333e71b7053SJung-uk Kim         goto err;
334e71b7053SJung-uk Kim #endif
3351f13597dSJung-uk Kim 
336e71b7053SJung-uk Kim     ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
337e71b7053SJung-uk Kim     ret->ext.tick_age_add = as->tlsext_tick_age_add;
338e71b7053SJung-uk Kim     OPENSSL_free(ret->ext.tick);
339e71b7053SJung-uk Kim     if (as->tlsext_tick != NULL) {
340e71b7053SJung-uk Kim         ret->ext.tick = as->tlsext_tick->data;
341e71b7053SJung-uk Kim         ret->ext.ticklen = as->tlsext_tick->length;
342e71b7053SJung-uk Kim         as->tlsext_tick->data = NULL;
343e71b7053SJung-uk Kim     } else {
344e71b7053SJung-uk Kim         ret->ext.tick = NULL;
345e71b7053SJung-uk Kim     }
3466a599222SSimon L. B. Nielsen #ifndef OPENSSL_NO_COMP
347e71b7053SJung-uk Kim     if (as->comp_id) {
348e71b7053SJung-uk Kim         if (as->comp_id->length != 1) {
349*b077aed3SPierre Pronchery             ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
350e71b7053SJung-uk Kim             goto err;
351e71b7053SJung-uk Kim         }
352e71b7053SJung-uk Kim         ret->compress_meth = as->comp_id->data[0];
353e71b7053SJung-uk Kim     } else {
354e71b7053SJung-uk Kim         ret->compress_meth = 0;
3556a599222SSimon L. B. Nielsen     }
3566a599222SSimon L. B. Nielsen #endif
357db522d3aSSimon L. B. Nielsen 
3581f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP
359e71b7053SJung-uk Kim     if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
360e71b7053SJung-uk Kim         goto err;
3611f13597dSJung-uk Kim #endif                          /* OPENSSL_NO_SRP */
362e71b7053SJung-uk Kim     /* Flags defaults to zero which is fine */
363e71b7053SJung-uk Kim     ret->flags = (int32_t)as->flags;
364e71b7053SJung-uk Kim     ret->ext.max_early_data = as->max_early_data;
3651f13597dSJung-uk Kim 
366e71b7053SJung-uk Kim     OPENSSL_free(ret->ext.alpn_selected);
367e71b7053SJung-uk Kim     if (as->alpn_selected != NULL) {
368e71b7053SJung-uk Kim         ret->ext.alpn_selected = as->alpn_selected->data;
369e71b7053SJung-uk Kim         ret->ext.alpn_selected_len = as->alpn_selected->length;
370e71b7053SJung-uk Kim         as->alpn_selected->data = NULL;
371e71b7053SJung-uk Kim     } else {
372e71b7053SJung-uk Kim         ret->ext.alpn_selected = NULL;
373e71b7053SJung-uk Kim         ret->ext.alpn_selected_len = 0;
374e71b7053SJung-uk Kim     }
375e71b7053SJung-uk Kim 
376e71b7053SJung-uk Kim     ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
377e71b7053SJung-uk Kim 
378e71b7053SJung-uk Kim     OPENSSL_free(ret->ticket_appdata);
379e71b7053SJung-uk Kim     if (as->ticket_appdata != NULL) {
380e71b7053SJung-uk Kim         ret->ticket_appdata = as->ticket_appdata->data;
381e71b7053SJung-uk Kim         ret->ticket_appdata_len = as->ticket_appdata->length;
382e71b7053SJung-uk Kim         as->ticket_appdata->data = NULL;
383e71b7053SJung-uk Kim     } else {
384e71b7053SJung-uk Kim         ret->ticket_appdata = NULL;
385e71b7053SJung-uk Kim         ret->ticket_appdata_len = 0;
386e71b7053SJung-uk Kim     }
387e71b7053SJung-uk Kim 
388e71b7053SJung-uk Kim     M_ASN1_free_of(as, SSL_SESSION_ASN1);
389e71b7053SJung-uk Kim 
390e71b7053SJung-uk Kim     if ((a != NULL) && (*a == NULL))
391e71b7053SJung-uk Kim         *a = ret;
392e71b7053SJung-uk Kim     *pp = p;
393e71b7053SJung-uk Kim     return ret;
394e71b7053SJung-uk Kim 
395e71b7053SJung-uk Kim  err:
396e71b7053SJung-uk Kim     M_ASN1_free_of(as, SSL_SESSION_ASN1);
397e71b7053SJung-uk Kim     if ((a == NULL) || (*a != ret))
398e71b7053SJung-uk Kim         SSL_SESSION_free(ret);
399e71b7053SJung-uk Kim     return NULL;
40074664626SKris Kennaway }
401