From: jsing <jsing@openbsd.org>
Date: Sun, 13 Jul 2014 16:30:50 +0000 (+0000)
Subject: Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=71d15c93ca9f64d3f0fc33ada95dbd8321bf7834;p=openbsd

Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using the
horrific macros from asn1_mac.h.

This is a classic example of using macros to obfuscate code, in an attempt
to reduce the line count. The end result is so ridiculously convoluted that
it is completely unreadable and it takes hours to deconstruct the macros
and figure out what is actually going on behind the scenes.

ok miod@
---

diff --git a/lib/libssl/src/ssl/ssl_asn1.c b/lib/libssl/src/ssl/ssl_asn1.c
index 0c9b4aa6fbb..33a8edf20a1 100644
--- a/lib/libssl/src/ssl/ssl_asn1.c
+++ b/lib/libssl/src/ssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.31 2014/07/13 16:30:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,7 +116,8 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
 	unsigned char ibuf6[LSIZE2];
 	SSL_SESSION_ASN1 a;
-	M_ASN1_I2D_vars(in);
+	unsigned char *p;
+	int len = 0, ret;
 	long l;
 
 	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
@@ -133,40 +134,39 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	a.version.type = V_ASN1_INTEGER;
 	a.version.data = ibuf1;
 	ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
+	len += i2d_ASN1_INTEGER(&(a.version), NULL);
 
 	a.ssl_version.length = LSIZE2;
 	a.ssl_version.type = V_ASN1_INTEGER;
 	a.ssl_version.data = ibuf2;
 	ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
+	len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
 
+	a.cipher.length = 2;
 	a.cipher.type = V_ASN1_OCTET_STRING;
+	l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
+	buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
+	buf[1] = ((unsigned char)(l)) & 0xff;
 	a.cipher.data = buf;
-
-	if (in->cipher == NULL)
-		l = in->cipher_id;
-	else
-		l = in->cipher->id;
-	a.cipher.length = 2;
-	buf[0] = ((unsigned char)(l >> 8L))&0xff;
-	buf[1] = ((unsigned char)(l    ))&0xff;
+	len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
 
 	a.master_key.length = in->master_key_length;
 	a.master_key.type = V_ASN1_OCTET_STRING;
 	a.master_key.data = in->master_key;
+	len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
 
 	a.session_id.length = in->session_id_length;
 	a.session_id.type = V_ASN1_OCTET_STRING;
 	a.session_id.data = in->session_id;
-
-	a.session_id_context.length = in->sid_ctx_length;
-	a.session_id_context.type = V_ASN1_OCTET_STRING;
-	a.session_id_context.data = in->sid_ctx;
+	len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
 
 	if (in->time != 0L) {
 		a.time.length = LSIZE2;
 		a.time.type = V_ASN1_INTEGER;
 		a.time.data = ibuf3;
 		ASN1_INTEGER_set(&(a.time), in->time);	/* XXX 2038 */
+		v1 = i2d_ASN1_INTEGER(&(a.time), NULL); 
+		len += ASN1_object_size(1, v1, 1);
 	}
 
 	if (in->timeout != 0L) {
@@ -174,89 +174,112 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		a.timeout.type = V_ASN1_INTEGER;
 		a.timeout.data = ibuf4;
 		ASN1_INTEGER_set(&(a.timeout), in->timeout);
+		v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL); 
+		len += ASN1_object_size(1, v2, 2);
 	}
 
+	if (in->peer != NULL) {
+		v3 = i2d_X509(in->peer, NULL); 
+		len += ASN1_object_size(1, v3, 3);
+	}
+
+	a.session_id_context.length = in->sid_ctx_length;
+	a.session_id_context.type = V_ASN1_OCTET_STRING;
+	a.session_id_context.data = in->sid_ctx;
+	v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL); 
+	len += ASN1_object_size(1, v4, 4);
+
 	if (in->verify_result != X509_V_OK) {
 		a.verify_result.length = LSIZE2;
 		a.verify_result.type = V_ASN1_INTEGER;
 		a.verify_result.data = ibuf5;
 		ASN1_INTEGER_set(&a.verify_result, in->verify_result);
+		v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL); 
+		len += ASN1_object_size(1, v5, 5);
 	}
 
 	if (in->tlsext_hostname) {
 		a.tlsext_hostname.length = strlen(in->tlsext_hostname);
 		a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
 		a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
+		v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL); 
+		len += ASN1_object_size(1, v6, 6);
 	}
-	if (in->tlsext_tick) {
-		a.tlsext_tick.length = in->tlsext_ticklen;
-		a.tlsext_tick.type = V_ASN1_OCTET_STRING;
-		a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
-	}
+
+	/* 7 - PSK identity hint. */
+	/* 8 - PSK identity. */
+
 	if (in->tlsext_tick_lifetime_hint > 0) {
 		a.tlsext_tick_lifetime.length = LSIZE2;
 		a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
 		a.tlsext_tick_lifetime.data = ibuf6;
 		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
 		    in->tlsext_tick_lifetime_hint);
+		v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL); 
+		len += ASN1_object_size(1, v9, 9);
+	}
+
+	if (in->tlsext_tick) {
+		a.tlsext_tick.length = in->tlsext_ticklen;
+		a.tlsext_tick.type = V_ASN1_OCTET_STRING;
+		a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
+		v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL); 
+		len += ASN1_object_size(1, v10, 10);
+	}
+
+	/* 11 - Compression method. */
+	/* 12 - SRP username. */
+
+	/* If given a NULL pointer, return the length only. */
+	ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
+	if (pp == NULL)
+		return (ret);
+
+	/* Burp out the ASN1. */
+	p = *pp;
+	ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_INTEGER(&(a.version), &p);
+	i2d_ASN1_INTEGER(&(a.ssl_version), &p);
+	i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
+	i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
+	i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
+	if (in->time != 0L) {
+		ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.time), &p);
+	}
+	if (in->timeout != 0L) {
+		ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.timeout), &p);
+	}
+	if (in->peer != NULL) {
+		ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_X509(in->peer, &p);
+	}
+	ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
+	i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
+	if (in->verify_result != X509_V_OK) {
+		ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.verify_result), &p);
+	}
+	if (in->tlsext_hostname) {
+		ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
+	}
+	/* 7 - PSK identity hint. */
+	/* 8 - PSK identity. */
+	if (in->tlsext_tick_lifetime_hint > 0) {
+		ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
+	}
+	if (in->tlsext_tick) {
+		ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
 	}
+	/* 11 - Compression method. */
+	/* 12 - SRP username. */
 
-	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
-
-	if (in->time != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
-	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
-	    i2d_ASN1_OCTET_STRING, 4, v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
-		    i2d_ASN1_INTEGER, 5, v5);
-	if (in->tlsext_tick_lifetime_hint > 0)
-		M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
-		    i2d_ASN1_INTEGER, 9, v9);
-	if (in->tlsext_tick)
-		M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
-		    i2d_ASN1_OCTET_STRING, 10, v10);
-	if (in->tlsext_hostname)
-		M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
-		    i2d_ASN1_OCTET_STRING, 6, v6);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
-	if (in->time != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
-	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
-	    i2d_ASN1_OCTET_STRING, 4, v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_put_EXP_opt(&a.verify_result,
-		    i2d_ASN1_INTEGER, 5, v5);
-	if (in->tlsext_hostname)
-		M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
-		    i2d_ASN1_OCTET_STRING, 6, v6);
-	if (in->tlsext_tick_lifetime_hint > 0)
-		M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
-		    i2d_ASN1_INTEGER, 9, v9);
-	if (in->tlsext_tick)
-		M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
-		    i2d_ASN1_OCTET_STRING, 10, v10);
-
-	M_ASN1_I2D_finish();
+	*pp = p;
+        return (ret);
 }
 
 SSL_SESSION *
diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index 0c9b4aa6fbb..33a8edf20a1 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.30 2014/07/13 00:30:07 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.31 2014/07/13 16:30:50 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -116,7 +116,8 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
 	unsigned char ibuf6[LSIZE2];
 	SSL_SESSION_ASN1 a;
-	M_ASN1_I2D_vars(in);
+	unsigned char *p;
+	int len = 0, ret;
 	long l;
 
 	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
@@ -133,40 +134,39 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	a.version.type = V_ASN1_INTEGER;
 	a.version.data = ibuf1;
 	ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
+	len += i2d_ASN1_INTEGER(&(a.version), NULL);
 
 	a.ssl_version.length = LSIZE2;
 	a.ssl_version.type = V_ASN1_INTEGER;
 	a.ssl_version.data = ibuf2;
 	ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
+	len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
 
+	a.cipher.length = 2;
 	a.cipher.type = V_ASN1_OCTET_STRING;
+	l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
+	buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
+	buf[1] = ((unsigned char)(l)) & 0xff;
 	a.cipher.data = buf;
-
-	if (in->cipher == NULL)
-		l = in->cipher_id;
-	else
-		l = in->cipher->id;
-	a.cipher.length = 2;
-	buf[0] = ((unsigned char)(l >> 8L))&0xff;
-	buf[1] = ((unsigned char)(l    ))&0xff;
+	len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
 
 	a.master_key.length = in->master_key_length;
 	a.master_key.type = V_ASN1_OCTET_STRING;
 	a.master_key.data = in->master_key;
+	len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
 
 	a.session_id.length = in->session_id_length;
 	a.session_id.type = V_ASN1_OCTET_STRING;
 	a.session_id.data = in->session_id;
-
-	a.session_id_context.length = in->sid_ctx_length;
-	a.session_id_context.type = V_ASN1_OCTET_STRING;
-	a.session_id_context.data = in->sid_ctx;
+	len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
 
 	if (in->time != 0L) {
 		a.time.length = LSIZE2;
 		a.time.type = V_ASN1_INTEGER;
 		a.time.data = ibuf3;
 		ASN1_INTEGER_set(&(a.time), in->time);	/* XXX 2038 */
+		v1 = i2d_ASN1_INTEGER(&(a.time), NULL); 
+		len += ASN1_object_size(1, v1, 1);
 	}
 
 	if (in->timeout != 0L) {
@@ -174,89 +174,112 @@ i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 		a.timeout.type = V_ASN1_INTEGER;
 		a.timeout.data = ibuf4;
 		ASN1_INTEGER_set(&(a.timeout), in->timeout);
+		v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL); 
+		len += ASN1_object_size(1, v2, 2);
 	}
 
+	if (in->peer != NULL) {
+		v3 = i2d_X509(in->peer, NULL); 
+		len += ASN1_object_size(1, v3, 3);
+	}
+
+	a.session_id_context.length = in->sid_ctx_length;
+	a.session_id_context.type = V_ASN1_OCTET_STRING;
+	a.session_id_context.data = in->sid_ctx;
+	v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL); 
+	len += ASN1_object_size(1, v4, 4);
+
 	if (in->verify_result != X509_V_OK) {
 		a.verify_result.length = LSIZE2;
 		a.verify_result.type = V_ASN1_INTEGER;
 		a.verify_result.data = ibuf5;
 		ASN1_INTEGER_set(&a.verify_result, in->verify_result);
+		v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL); 
+		len += ASN1_object_size(1, v5, 5);
 	}
 
 	if (in->tlsext_hostname) {
 		a.tlsext_hostname.length = strlen(in->tlsext_hostname);
 		a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
 		a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
+		v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL); 
+		len += ASN1_object_size(1, v6, 6);
 	}
-	if (in->tlsext_tick) {
-		a.tlsext_tick.length = in->tlsext_ticklen;
-		a.tlsext_tick.type = V_ASN1_OCTET_STRING;
-		a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
-	}
+
+	/* 7 - PSK identity hint. */
+	/* 8 - PSK identity. */
+
 	if (in->tlsext_tick_lifetime_hint > 0) {
 		a.tlsext_tick_lifetime.length = LSIZE2;
 		a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
 		a.tlsext_tick_lifetime.data = ibuf6;
 		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
 		    in->tlsext_tick_lifetime_hint);
+		v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL); 
+		len += ASN1_object_size(1, v9, 9);
+	}
+
+	if (in->tlsext_tick) {
+		a.tlsext_tick.length = in->tlsext_ticklen;
+		a.tlsext_tick.type = V_ASN1_OCTET_STRING;
+		a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
+		v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL); 
+		len += ASN1_object_size(1, v10, 10);
+	}
+
+	/* 11 - Compression method. */
+	/* 12 - SRP username. */
+
+	/* If given a NULL pointer, return the length only. */
+	ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
+	if (pp == NULL)
+		return (ret);
+
+	/* Burp out the ASN1. */
+	p = *pp;
+	ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	i2d_ASN1_INTEGER(&(a.version), &p);
+	i2d_ASN1_INTEGER(&(a.ssl_version), &p);
+	i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
+	i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
+	i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
+	if (in->time != 0L) {
+		ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.time), &p);
+	}
+	if (in->timeout != 0L) {
+		ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.timeout), &p);
+	}
+	if (in->peer != NULL) {
+		ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_X509(in->peer, &p);
+	}
+	ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
+	i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
+	if (in->verify_result != X509_V_OK) {
+		ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.verify_result), &p);
+	}
+	if (in->tlsext_hostname) {
+		ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
+	}
+	/* 7 - PSK identity hint. */
+	/* 8 - PSK identity. */
+	if (in->tlsext_tick_lifetime_hint > 0) {
+		ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
+	}
+	if (in->tlsext_tick) {
+		ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
+		i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
 	}
+	/* 11 - Compression method. */
+	/* 12 - SRP username. */
 
-	M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
-
-	if (in->time != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
-	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,
-	    i2d_ASN1_OCTET_STRING, 4, v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_len_EXP_opt(&(a.verify_result),
-		    i2d_ASN1_INTEGER, 5, v5);
-	if (in->tlsext_tick_lifetime_hint > 0)
-		M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime,
-		    i2d_ASN1_INTEGER, 9, v9);
-	if (in->tlsext_tick)
-		M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick),
-		    i2d_ASN1_OCTET_STRING, 10, v10);
-	if (in->tlsext_hostname)
-		M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname),
-		    i2d_ASN1_OCTET_STRING, 6, v6);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
-	if (in->time != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
-	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,
-	    i2d_ASN1_OCTET_STRING, 4, v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_put_EXP_opt(&a.verify_result,
-		    i2d_ASN1_INTEGER, 5, v5);
-	if (in->tlsext_hostname)
-		M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname),
-		    i2d_ASN1_OCTET_STRING, 6, v6);
-	if (in->tlsext_tick_lifetime_hint > 0)
-		M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime,
-		    i2d_ASN1_INTEGER, 9, v9);
-	if (in->tlsext_tick)
-		M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick),
-		    i2d_ASN1_OCTET_STRING, 10, v10);
-
-	M_ASN1_I2D_finish();
+	*pp = p;
+        return (ret);
 }
 
 SSL_SESSION *