diff options
| author | deraadt <> | 2014-06-07 22:23:12 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-06-07 22:23:12 +0000 |
| commit | de48c77a08514ed654e05e710444452ffab6d0aa (patch) | |
| tree | 974be678316c95805c95e61416f75191d5b20bbe /src/lib/libssl/s23_clnt.c | |
| parent | ffcbdf8a3fda87b9b0d60403b8bda401683595e1 (diff) | |
| download | openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.gz openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.bz2 openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.zip | |
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158
Don't know the full story, but it looks like a "can't do random
perfectly, so do it god awful" problem was found in 2013, and
replaced with "only do it badly if a flag is set". New flags
(SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME)
were added [Ben Laurie?] to support the old scheme of "use time_t
for first 4 bytes of the random buffer".
Nothing uses these flags [ecosystem scan by sthen]
Fully discourage use of these flags in the future by removing
support & definition of them. The buflen < 4 check is also interesting,
because no entropy would be returned. No callers passed such small
buffers.
ok miod sthen
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 27 |
1 files changed, 1 insertions, 26 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 16c30c083a..1bc582364b 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -285,30 +285,6 @@ end: | |||
| 285 | return (ret); | 285 | return (ret); |
| 286 | } | 286 | } |
| 287 | 287 | ||
| 288 | /* | ||
| 289 | * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 | ||
| 290 | * on failure, 1 on success. | ||
| 291 | */ | ||
| 292 | int | ||
| 293 | ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) | ||
| 294 | { | ||
| 295 | int send_time = 0; | ||
| 296 | |||
| 297 | if (len < 4) | ||
| 298 | return 0; | ||
| 299 | if (server) | ||
| 300 | send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; | ||
| 301 | else | ||
| 302 | send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; | ||
| 303 | if (send_time) { | ||
| 304 | unsigned long Time = (unsigned long)time(NULL); | ||
| 305 | unsigned char *p = result; | ||
| 306 | l2n(Time, p); | ||
| 307 | return RAND_pseudo_bytes(p, len - 4); | ||
| 308 | } else | ||
| 309 | return RAND_pseudo_bytes(result, len); | ||
| 310 | } | ||
| 311 | |||
| 312 | static int | 288 | static int |
| 313 | ssl23_client_hello(SSL *s) | 289 | ssl23_client_hello(SSL *s) |
| 314 | { | 290 | { |
| @@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s) | |||
| 352 | buf = (unsigned char *)s->init_buf->data; | 328 | buf = (unsigned char *)s->init_buf->data; |
| 353 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { | 329 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { |
| 354 | p = s->s3->client_random; | 330 | p = s->s3->client_random; |
| 355 | if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) | 331 | RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE); |
| 356 | return -1; | ||
| 357 | 332 | ||
| 358 | if (version == TLS1_2_VERSION) { | 333 | if (version == TLS1_2_VERSION) { |
| 359 | version_major = TLS1_2_VERSION_MAJOR; | 334 | version_major = TLS1_2_VERSION_MAJOR; |