Set s->hit when resuming from external pre-shared secret.

The same change was independently made in BoringSSL, see commit 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 7b3ba508af5c86afe43e28174aa3c53a0a24f4d9)
2014-11-19 15:56:27 +01:00 · 2014-11-19 15:56:27 +01:00 · f7c7aa69f7
commit f7c7aa69f7
parent ce5f32cfa7
1 changed files with 7 additions and 4 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -978,6 +978,8 @@ int ssl3_get_server_hello(SSL *s)
 	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
 	p+=SSL3_RANDOM_SIZE;

+	s->hit = 0;
+
 	/* get the session-id */
 	j= *(p++);

@ -1001,12 +1003,13 @@ int ssl3_get_server_hello(SSL *s)
 			{
 			s->session->cipher = pref_cipher ?
 				pref_cipher : ssl_get_cipher_by_char(s, p+j);
+			s->hit = 1;
 			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			}
 		}
 #endif /* OPENSSL_NO_TLSEXT */

-	if (j != 0 && j == s->session->session_id_length
+	if (!s->hit && j != 0 && j == s->session->session_id_length
 	    && memcmp(p,s->session->session_id,j) == 0)
 	    {
 	    if(s->sid_ctx_length != s->session->sid_ctx_length
@ -1020,11 +1023,11 @@ int ssl3_get_server_hello(SSL *s)
 	    s->s3->flags |= SSL3_FLAGS_CCS_OK;
 	    s->hit=1;
 	    }
-	else	/* a miss or crap from the other end */
+	/* a miss or crap from the other end */
+	if (!s->hit)
 		{
 		/* If we were trying for session-id reuse, make a new
 		 * SSL_SESSION so we don't stuff up other people */
-		s->hit=0;
 		if (s->session->session_id_length > 0)
 			{
 			if (!ssl_get_new_session(s,0))