From 82b7da271ff13a2878e921f0d262812d111a7b84 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 13 Aug 2014 12:28:02 -0700 Subject: [PATCH] Set SSL_SESSION.cipher when parsing. This was done for the server when parsing a session ticket, but it wasn't done in the parsing function itself. That caused problems when high level code used the parsing function directly to set a session for the client code. See comments in internal bug 7091840. Change-Id: Iaa048c3df62cd9fe7a003af33805819e2556960a --- ssl/ssl_asn1.c | 8 +++++++- ssl/ssl_sess.c | 9 --------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 2c910536..9f372f98 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -387,8 +387,14 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; } - ret->cipher=NULL; ret->cipher_id=id; + ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff); + if (ret->cipher == NULL) + { + c.error=SSL_R_UNSUPPORTED_CIPHER; + c.line = __LINE__; + goto err; + } M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 75e21101..312a9a20 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -560,15 +560,6 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) goto err; } - if (ret->cipher == NULL) - { - /* The cipher id has a leading 0x03 to be removed (and then put - * back for the binary search) as a remnant of SSLv2 support. */ - ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff); - if (ret->cipher == NULL) - goto err; - } - if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ { s->session_ctx->stats.sess_timeout++;