http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158

Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen
author: deraadt <> 2014-06-07 22:23:12 +0000
committer: deraadt <> 2014-06-07 22:23:12 +0000
commit: de48c77a08514ed654e05e710444452ffab6d0aa (patch)
tree: 974be678316c95805c95e61416f75191d5b20bbe /src
parent: ffcbdf8a3fda87b9b0d60403b8bda401683595e1 (diff)
download: openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.gz
openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.bz2
openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.zip
14 files changed, 12 insertions, 86 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 8ff4d8e369..976b753a87 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -791,8 +791,7 @@ dtls1_client_hello(SSL *s)
                for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
                        ;
                if (i == sizeof(s->s3->client_random))
-                        ssl_fill_hello_random(s, 0, p,
+                        RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
-                            sizeof(s->s3->client_random));
                /* Do the message type and length last */
                d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 24f0a2e86e..a118e8e82f 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -909,7 +909,8 @@ dtls1_send_server_hello(SSL *s)
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
                buf = (unsigned char *)s->init_buf->data;
                p = s->s3->server_random;
-                ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
                /* Do the message type and length last */
                d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 16c30c083a..1bc582364b 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -285,30 +285,6 @@ end:
        return (ret);
 }
-/*
- * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
- * on failure, 1 on success.
- */
-int
-ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-{
-        int send_time = 0;
-        if (len < 4)
-                return 0;
-        if (server)
-                send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-        else
-                send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-        if (send_time) {
-                unsigned long Time = (unsigned long)time(NULL);
-                unsigned char *p = result;
-                l2n(Time, p);
-                return RAND_pseudo_bytes(p, len - 4);
-        } else
-                return RAND_pseudo_bytes(result, len);
-}
 static int
 ssl23_client_hello(SSL *s)
 {
@@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s)
        buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
                p = s->s3->client_random;
-                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
-                        return -1;
                if (version == TLS1_2_VERSION) {
                        version_major = TLS1_2_VERSION_MAJOR;
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index f2c7dd2442..45dfb64f92 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -674,9 +674,7 @@ ssl3_client_hello(SSL *s)
                /* else use the pre-loaded session */
                p = s->s3->client_random;
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
-                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-                        goto err;
                /* Do the message type and length last */
                d = p = &(buf[4]);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index bd22569ef0..c948045ae4 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1130,10 +1130,7 @@ ssl3_get_client_hello(SSL *s)
        {
                unsigned char *pos;
                pos = s->s3->server_random;
-                if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
+                RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto f_err;
-                }
        }
        if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 8ff4d8e369..976b753a87 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -791,8 +791,7 @@ dtls1_client_hello(SSL *s)
                for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
                        ;
                if (i == sizeof(s->s3->client_random))
-                        ssl_fill_hello_random(s, 0, p,
+                        RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
-                            sizeof(s->s3->client_random));
                /* Do the message type and length last */
                d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 24f0a2e86e..a118e8e82f 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -909,7 +909,8 @@ dtls1_send_server_hello(SSL *s)
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
                buf = (unsigned char *)s->init_buf->data;
                p = s->s3->server_random;
-                ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
                /* Do the message type and length last */
                d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 16c30c083a..1bc582364b 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -285,30 +285,6 @@ end:
        return (ret);
 }
-/*
- * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
- * on failure, 1 on success.
- */
-int
-ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-{
-        int send_time = 0;
-        if (len < 4)
-                return 0;
-        if (server)
-                send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-        else
-                send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-        if (send_time) {
-                unsigned long Time = (unsigned long)time(NULL);
-                unsigned char *p = result;
-                l2n(Time, p);
-                return RAND_pseudo_bytes(p, len - 4);
-        } else
-                return RAND_pseudo_bytes(result, len);
-}
 static int
 ssl23_client_hello(SSL *s)
 {
@@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s)
        buf = (unsigned char *)s->init_buf->data;
        if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
                p = s->s3->client_random;
-                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
-                        return -1;
                if (version == TLS1_2_VERSION) {
                        version_major = TLS1_2_VERSION_MAJOR;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index f2c7dd2442..45dfb64f92 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -674,9 +674,7 @@ ssl3_client_hello(SSL *s)
                /* else use the pre-loaded session */
                p = s->s3->client_random;
+                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
-                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-                        goto err;
                /* Do the message type and length last */
                d = p = &(buf[4]);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index bd22569ef0..c948045ae4 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1130,10 +1130,7 @@ ssl3_get_client_hello(SSL *s)
        {
                unsigned char *pos;
                pos = s->s3->server_random;
-                if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
+                RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto f_err;
-                }
        }
        if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index fd01ac9806..0c5d76bc23 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -611,12 +611,6 @@ struct ssl_session_st {
 * TLS only.)  "Released" buffers are put onto a free-list in the context
 * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-/* Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
 * they cannot be used to clear bits. */
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 4aa2911da7..a96402ec5c 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -621,7 +621,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index fd01ac9806..0c5d76bc23 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -611,12 +611,6 @@ struct ssl_session_st {
 * TLS only.)  "Released" buffers are put onto a free-list in the context
 * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-/* Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
 * they cannot be used to clear bits. */
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 4aa2911da7..a96402ec5c 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -621,7 +621,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
 int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
author	deraadt <>	2014-06-07 22:23:12 +0000
committer	deraadt <>	2014-06-07 22:23:12 +0000
commit	de48c77a08514ed654e05e710444452ffab6d0aa (patch)
tree	974be678316c95805c95e61416f75191d5b20bbe /src
parent	ffcbdf8a3fda87b9b0d60403b8bda401683595e1 (diff)
download	openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.gz openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.tar.bz2 openbsd-de48c77a08514ed654e05e710444452ffab6d0aa.zip

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c index 8ff4d8e369..976b753a87 100644 --- a/src/lib/libssl/d1_clnt.c +++ b/src/lib/libssl/d1_clnt.c
@@ -791,8 +791,7 @@ dtls1_client_hello(SSL *s)
791	for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)	791	for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
792	;	792	;
793	if (i == sizeof(s->s3->client_random))	793	if (i == sizeof(s->s3->client_random))
794	ssl_fill_hello_random(s, 0, p,	794	RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
795	sizeof(s->s3->client_random));
796		795
797	/* Do the message type and length last */	796	/* Do the message type and length last */
798	d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);	797	d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);


diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 24f0a2e86e..a118e8e82f 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -909,7 +909,8 @@ dtls1_send_server_hello(SSL *s)
909	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {	909	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
910	buf = (unsigned char *)s->init_buf->data;	910	buf = (unsigned char *)s->init_buf->data;
911	p = s->s3->server_random;	911	p = s->s3->server_random;
912	ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);	912	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
		913
913	/* Do the message type and length last */	914	/* Do the message type and length last */
914	d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);	915	d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
915		916


diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 16c30c083a..1bc582364b 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c
@@ -285,30 +285,6 @@ end:
285	return (ret);	285	return (ret);
286	}	286	}
287		287
288	/*
289	* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
290	* on failure, 1 on success.
291	*/
292	int
293	ssl_fill_hello_random(SSL s, int server, unsigned char result, int len)
294	{
295	int send_time = 0;
296
297	if (len < 4)
298	return 0;
299	if (server)
300	send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
301	else
302	send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
303	if (send_time) {
304	unsigned long Time = (unsigned long)time(NULL);
305	unsigned char *p = result;
306	l2n(Time, p);
307	return RAND_pseudo_bytes(p, len - 4);
308	} else
309	return RAND_pseudo_bytes(result, len);
310	}
311
312	static int	288	static int
313	ssl23_client_hello(SSL *s)	289	ssl23_client_hello(SSL *s)
314	{	290	{
@@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s)
352	buf = (unsigned char *)s->init_buf->data;	328	buf = (unsigned char *)s->init_buf->data;
353	if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {	329	if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
354	p = s->s3->client_random;	330	p = s->s3->client_random;
355	if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)	331	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
356	return -1;
357		332
358	if (version == TLS1_2_VERSION) {	333	if (version == TLS1_2_VERSION) {
359	version_major = TLS1_2_VERSION_MAJOR;	334	version_major = TLS1_2_VERSION_MAJOR;


diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index f2c7dd2442..45dfb64f92 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -674,9 +674,7 @@ ssl3_client_hello(SSL *s)
674	/* else use the pre-loaded session */	674	/* else use the pre-loaded session */
675		675
676	p = s->s3->client_random;	676	p = s->s3->client_random;
677		677	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
678	if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
679	goto err;
680		678
681	/* Do the message type and length last */	679	/* Do the message type and length last */
682	d = p = &(buf[4]);	680	d = p = &(buf[4]);


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index bd22569ef0..c948045ae4 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1130,10 +1130,7 @@ ssl3_get_client_hello(SSL *s)
1130	{	1130	{
1131	unsigned char *pos;	1131	unsigned char *pos;
1132	pos = s->s3->server_random;	1132	pos = s->s3->server_random;
1133	if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {	1133	RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
1134	al = SSL_AD_INTERNAL_ERROR;
1135	goto f_err;
1136	}
1137	}	1134	}
1138		1135
1139	if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {	1136	if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {


diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index 8ff4d8e369..976b753a87 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -791,8 +791,7 @@ dtls1_client_hello(SSL *s)
791	for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)	791	for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
792	;	792	;
793	if (i == sizeof(s->s3->client_random))	793	if (i == sizeof(s->s3->client_random))
794	ssl_fill_hello_random(s, 0, p,	794	RAND_pseudo_bytes(p, sizeof(s->s3->client_random));
795	sizeof(s->s3->client_random));
796		795
797	/* Do the message type and length last */	796	/* Do the message type and length last */
798	d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);	797	d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);


diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 24f0a2e86e..a118e8e82f 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -909,7 +909,8 @@ dtls1_send_server_hello(SSL *s)
909	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {	909	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
910	buf = (unsigned char *)s->init_buf->data;	910	buf = (unsigned char *)s->init_buf->data;
911	p = s->s3->server_random;	911	p = s->s3->server_random;
912	ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);	912	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
		913
913	/* Do the message type and length last */	914	/* Do the message type and length last */
914	d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);	915	d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
915		916


diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index 16c30c083a..1bc582364b 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -285,30 +285,6 @@ end:
285	return (ret);	285	return (ret);
286	}	286	}
287		287
288	/*
289	* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
290	* on failure, 1 on success.
291	*/
292	int
293	ssl_fill_hello_random(SSL s, int server, unsigned char result, int len)
294	{
295	int send_time = 0;
296
297	if (len < 4)
298	return 0;
299	if (server)
300	send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
301	else
302	send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
303	if (send_time) {
304	unsigned long Time = (unsigned long)time(NULL);
305	unsigned char *p = result;
306	l2n(Time, p);
307	return RAND_pseudo_bytes(p, len - 4);
308	} else
309	return RAND_pseudo_bytes(result, len);
310	}
311
312	static int	288	static int
313	ssl23_client_hello(SSL *s)	289	ssl23_client_hello(SSL *s)
314	{	290	{
@@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s)
352	buf = (unsigned char *)s->init_buf->data;	328	buf = (unsigned char *)s->init_buf->data;
353	if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {	329	if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
354	p = s->s3->client_random;	330	p = s->s3->client_random;
355	if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)	331	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
356	return -1;
357		332
358	if (version == TLS1_2_VERSION) {	333	if (version == TLS1_2_VERSION) {
359	version_major = TLS1_2_VERSION_MAJOR;	334	version_major = TLS1_2_VERSION_MAJOR;


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index f2c7dd2442..45dfb64f92 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -674,9 +674,7 @@ ssl3_client_hello(SSL *s)
674	/* else use the pre-loaded session */	674	/* else use the pre-loaded session */
675		675
676	p = s->s3->client_random;	676	p = s->s3->client_random;
677		677	RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
678	if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
679	goto err;
680		678
681	/* Do the message type and length last */	679	/* Do the message type and length last */
682	d = p = &(buf[4]);	680	d = p = &(buf[4]);


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index bd22569ef0..c948045ae4 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1130,10 +1130,7 @@ ssl3_get_client_hello(SSL *s)
1130	{	1130	{
1131	unsigned char *pos;	1131	unsigned char *pos;
1132	pos = s->s3->server_random;	1132	pos = s->s3->server_random;
1133	if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {	1133	RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
1134	al = SSL_AD_INTERNAL_ERROR;
1135	goto f_err;
1136	}
1137	}	1134	}
1138		1135
1139	if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {	1136	if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {


diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index fd01ac9806..0c5d76bc23 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h
@@ -611,12 +611,6 @@ struct ssl_session_st {
611	* TLS only.) "Released" buffers are put onto a free-list in the context	611	* TLS only.) "Released" buffers are put onto a free-list in the context
612	* or just freed (depending on the context's setting for freelist_max_len). */	612	* or just freed (depending on the context's setting for freelist_max_len). */
613	#define SSL_MODE_RELEASE_BUFFERS 0x00000010L	613	#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
614	/* Send the current time in the Random fields of the ClientHello and
615	* ServerHello records for compatibility with hypothetical implementations
616	* that require it.
617	*/
618	#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
619	#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
620		614
621	/* Note: SSL[_CTX]_set_{options,mode} use \|= op on the previous value,	615	/* Note: SSL[_CTX]_set_{options,mode} use \|= op on the previous value,
622	* they cannot be used to clear bits. */	616	* they cannot be used to clear bits. */


diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 4aa2911da7..a96402ec5c 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -621,7 +621,6 @@ void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);
621	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);	621	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);
622	int ssl_verify_alarm_type(long type);	622	int ssl_verify_alarm_type(long type);
623	void ssl_load_ciphers(void);	623	void ssl_load_ciphers(void);
624	int ssl_fill_hello_random(SSL s, int server, unsigned char field, int len);
625		624
626	const SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p);	625	const SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p);
627	int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p);	626	int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p);


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index fd01ac9806..0c5d76bc23 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -611,12 +611,6 @@ struct ssl_session_st {
611	* TLS only.) "Released" buffers are put onto a free-list in the context	611	* TLS only.) "Released" buffers are put onto a free-list in the context
612	* or just freed (depending on the context's setting for freelist_max_len). */	612	* or just freed (depending on the context's setting for freelist_max_len). */
613	#define SSL_MODE_RELEASE_BUFFERS 0x00000010L	613	#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
614	/* Send the current time in the Random fields of the ClientHello and
615	* ServerHello records for compatibility with hypothetical implementations
616	* that require it.
617	*/
618	#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
619	#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
620		614
621	/* Note: SSL[_CTX]_set_{options,mode} use \|= op on the previous value,	615	/* Note: SSL[_CTX]_set_{options,mode} use \|= op on the previous value,
622	* they cannot be used to clear bits. */	616	* they cannot be used to clear bits. */


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 4aa2911da7..a96402ec5c 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -621,7 +621,6 @@ void ssl_set_cert_masks(CERT c, const SSL_CIPHER cipher);
621	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);	621	STACK_OF(SSL_CIPHER) ssl_get_ciphers_by_id(SSL s);
622	int ssl_verify_alarm_type(long type);	622	int ssl_verify_alarm_type(long type);
623	void ssl_load_ciphers(void);	623	void ssl_load_ciphers(void);
624	int ssl_fill_hello_random(SSL s, int server, unsigned char field, int len);
625		624
626	const SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p);	625	const SSL_CIPHER ssl3_get_cipher_by_char(const unsigned char p);
627	int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p);	626	int ssl3_put_cipher_by_char(const SSL_CIPHER c, unsigned char p);