From de48c77a08514ed654e05e710444452ffab6d0aa Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 7 Jun 2014 22:23:12 +0000
Subject: 
 http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158
 Don't know the full story, but it looks like a "can't do random perfectly, so
 do it god awful" problem was found in 2013, and replaced with "only do it
 badly if a flag is set".  New flags (SSL_MODE_SEND_SERVERHELLO_TIME and
 SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old
 scheme of "use time_t for first 4 bytes of the random buffer".

Nothing uses these flags [ecosystem scan by sthen]

Fully discourage use of these flags in the future by removing
support & definition of them.  The buflen < 4 check is also interesting,
because no entropy would be returned.  No callers passed such small
buffers.
ok miod sthen
---
 src/lib/libssl/d1_srvr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/d1_srvr.c')

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 24f0a2e86e..a118e8e82f 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -909,7 +909,8 @@ dtls1_send_server_hello(SSL *s)
 	if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
 		buf = (unsigned char *)s->init_buf->data;
 		p = s->s3->server_random;
-		ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
+		RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
+
 		/* Do the message type and length last */
 		d = p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
-- 
cgit v1.2.3-55-g6feb