Always ensure that session->cipher is set

[openssl.git] / ssl / statem / extensions_clnt.c

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index c17901a954760a91ba06799ec5f6aaa24a9cbaec..368f1968d8b1bf0813de543369fe05eab1eeb0be 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -717,7 +717,11 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
      */
     agems += s->session->ext.tick_age_add;
 
-    md = ssl_cipher_get_handshake_md(s->session->cipher_id);
+    if (s->session->cipher == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    md = ssl_md(s->session->cipher->algorithm2);
     if (md == NULL) {
         /* Don't recognise this cipher so we can't use the session. Ignore it */
         return 1;