1 files changed, 25 insertions, 4 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 47673e740a..2b93c639dd 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
        return 1;
        }
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+        {
+        int send_time = 0;
+        if (len < 4)
+                return 0;
+        if (server)
+                send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+        else
+                send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+        if (send_time)
+                {
+                unsigned long Time = (unsigned long)time(NULL);
+                unsigned char *p = result;
+                l2n(Time, p);
+                return RAND_pseudo_bytes(p, len-4);
+                }
+        else
+                return RAND_pseudo_bytes(result, len);
+        }
 static int ssl23_client_hello(SSL *s)
        {
        unsigned char *buf;
        unsigned char *p,*d;
        int i,ch_len;
-        unsigned long Time,l;
+        unsigned long l;
        int ssl2_compat;
        int version = 0, version_major, version_minor;
 #ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
                p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);         /* Time */
+                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                        return -1;
                if (version == TLS1_2_VERSION)

diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 47673e740a..2b93c639dd 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c
@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
269	return 1;	269	return 1;
270	}	270	}
271		271
		272	/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
		273	* on failure, 1 on success. */
		274	int ssl_fill_hello_random(SSL s, int server, unsigned char result, int len)
		275	{
		276	int send_time = 0;
		277
		278	if (len < 4)
		279	return 0;
		280	if (server)
		281	send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
		282	else
		283	send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
		284	if (send_time)
		285	{
		286	unsigned long Time = (unsigned long)time(NULL);
		287	unsigned char *p = result;
		288	l2n(Time, p);
		289	return RAND_pseudo_bytes(p, len-4);
		290	}
		291	else
		292	return RAND_pseudo_bytes(result, len);
		293	}
		294
272	static int ssl23_client_hello(SSL *s)	295	static int ssl23_client_hello(SSL *s)
273	{	296	{
274	unsigned char *buf;	297	unsigned char *buf;
275	unsigned char p,d;	298	unsigned char p,d;
276	int i,ch_len;	299	int i,ch_len;
277	unsigned long Time,l;	300	unsigned long l;
278	int ssl2_compat;	301	int ssl2_compat;
279	int version = 0, version_major, version_minor;	302	int version = 0, version_major, version_minor;
280	#ifndef OPENSSL_NO_COMP	303	#ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
355	#endif	378	#endif
356		379
357	p=s->s3->client_random;	380	p=s->s3->client_random;
358	Time=(unsigned long)time(NULL); /* Time */	381	if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
359	l2n(Time,p);
360	if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
361	return -1;	382	return -1;
362		383
363	if (version == TLS1_2_VERSION)	384	if (version == TLS1_2_VERSION)