mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Always ensure that session->cipher is set

Browse Source 
If we have deserialized the SSL_SESSION then in some circumstances the
session->cipher value is NULL. We were patching up in some places but not
in others. We should just do it as part of loading the SSL_SESSION.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
This commit is contained in:
Matt Caswell 2017-01-19 15:01:55 +00:00
parent 4086b42b2d
commit 534a43ffea
6 changed files with 12 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/ssl_asn1.c
View File

@ -284,8 +284,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
p = as->cipher->data;
id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
ret->cipher = NULL;
ret->cipher_id = id;
ret->cipher = ssl3_get_cipher_by_id(id);
if (ret->cipher == NULL)
goto err;
if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))

11
ssl/ssl_ciph.c
View File

@ -2018,14 +2018,3 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
return 1;
}
const EVP_MD *ssl_cipher_get_handshake_md(int cipher_id)
{
const SSL_CIPHER *cipher = ssl3_get_cipher_by_id(cipher_id);
if (cipher == NULL) {
/* Don't recognise this cipher */
return NULL;
}
return ssl_md(cipher->algorithm2);
}

1
ssl/ssl_locl.h
View File

@ -1956,7 +1956,6 @@ __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
__owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
const unsigned char *ptr);
__owur const EVP_MD *ssl_cipher_get_handshake_md(int cipher_id);
__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);

18
ssl/ssl_sess.c
View File

@ -91,6 +91,9 @@ SSL_SESSION *SSL_SESSION_new(void)
{
SSL_SESSION *ss;
if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
return NULL;
ss = OPENSSL_zalloc(sizeof(*ss));
if (ss == NULL) {
SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
@ -586,21 +589,6 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
goto err;
}
if (ret->cipher == NULL) {
unsigned char buf[5], *p;
unsigned long l;
p = buf;
l = ret->cipher_id;
l2n(l, p);
if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
else
ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
if (ret->cipher == NULL)
goto err;
}
if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
s->session_ctx->stats.sess_timeout++;
if (try_session_cache) {

6
ssl/statem/extensions_clnt.c
View File

@ -717,7 +717,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
*/
agems += s->session->ext.tick_age_add;
md = ssl_cipher_get_handshake_md(s->session->cipher_id);
if (s->session->cipher == NULL) {
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
goto err;
}
md = ssl_md(s->session->cipher->algorithm2);
if (md == NULL) {
/* Don't recognise this cipher so we can't use the session. Ignore it */
return 1;

2
ssl/statem/extensions_srvr.c
View File

@ -712,7 +712,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
if (ret == TICKET_NO_DECRYPT)
continue;
md = ssl_cipher_get_handshake_md(sess->cipher_id);
md = ssl_md(sess->cipher->algorithm2);
if (md == NULL) {
/*
* Don't recognise this cipher so we can't use the session.