From de48c77a08514ed654e05e710444452ffab6d0aa Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sat, 7 Jun 2014 22:23:12 +0000 Subject: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158 Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen --- src/lib/libssl/s23_clnt.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) (limited to 'src/lib/libssl/s23_clnt.c') diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 16c30c083a..1bc582364b 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c @@ -285,30 +285,6 @@ end: return (ret); } -/* - * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 - * on failure, 1 on success. - */ -int -ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) -{ - int send_time = 0; - - if (len < 4) - return 0; - if (server) - send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; - else - send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; - if (send_time) { - unsigned long Time = (unsigned long)time(NULL); - unsigned char *p = result; - l2n(Time, p); - return RAND_pseudo_bytes(p, len - 4); - } else - return RAND_pseudo_bytes(result, len); -} - static int ssl23_client_hello(SSL *s) { @@ -352,8 +328,7 @@ ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { p = s->s3->client_random; - if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) - return -1; + RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE); if (version == TLS1_2_VERSION) { version_major = TLS1_2_VERSION_MAJOR; -- cgit v1.2.3-55-g6feb