Commit 534a43ff authored by Matt Caswell's avatar Matt Caswell
Browse files

Always ensure that session->cipher is set 



If we have deserialized the SSL_SESSION then in some circumstances the
session->cipher value is NULL. We were patching up in some places but not
in others. We should just do it as part of loading the SSL_SESSION.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
parent 4086b42b

ssl/ssl_asn1.c

+3 −1
Original line number Diff line number Diff line
@@ -284,8 +284,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 
    p = as->cipher->data;

    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];



    ret->cipher = NULL;

    ret->cipher_id = id;

    ret->cipher = ssl3_get_cipher_by_id(id);

    if (ret->cipher == NULL)

        goto err;



    if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,

                            as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))

ssl/ssl_ciph.c

+0 −11
Original line number Diff line number Diff line
@@ -2018,14 +2018,3 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, 


    return 1;

}
 


const EVP_MD *ssl_cipher_get_handshake_md(int cipher_id)

{

    const SSL_CIPHER *cipher = ssl3_get_cipher_by_id(cipher_id);

    if (cipher == NULL) {

        /* Don't recognise this cipher */

        return NULL;

    }



    return ssl_md(cipher->algorithm2);

}

ssl/ssl_locl.h

+0 −1
Original line number Diff line number Diff line
@@ -1956,7 +1956,6 @@ __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, 
__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);

__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,

                                                const unsigned char *ptr);

__owur const EVP_MD *ssl_cipher_get_handshake_md(int cipher_id);

__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);

__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);

__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);

ssl/ssl_sess.c

+3 −15
Original line number Diff line number Diff line
@@ -91,6 +91,9 @@ SSL_SESSION *SSL_SESSION_new(void) 
{

    SSL_SESSION *ss;



    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))

        return NULL;



    ss = OPENSSL_zalloc(sizeof(*ss));

    if (ss == NULL) {

        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
@@ -586,21 +589,6 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) 
        goto err;

    }



    if (ret->cipher == NULL) {

        unsigned char buf[5], *p;

        unsigned long l;



        p = buf;

        l = ret->cipher_id;

        l2n(l, p);

        if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)

            ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));

        else

            ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));

        if (ret->cipher == NULL)

            goto err;

    }



    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */

        s->session_ctx->stats.sess_timeout++;

        if (try_session_cache) {

ssl/statem/extensions_clnt.c

+5 −1
Original line number Diff line number Diff line
@@ -717,7 +717,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx, 
     */

    agems += s->session->ext.tick_age_add;



    md = ssl_cipher_get_handshake_md(s->session->cipher_id);

    if (s->session->cipher == NULL) {

        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);

        goto err;

    }

    md = ssl_md(s->session->cipher->algorithm2);

    if (md == NULL) {

        /* Don't recognise this cipher so we can't use the session. Ignore it */

        return 1;