Enable PSK in FIPS mode.

[oweals/openssl.git] / ssl / s23_clnt.c

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index c9ef0f5cfce6a4823edd2c7f0b8a24dc15a3c237..84670b6c1c37c9602ac47c1c8ec2fddc1b729b9f 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -269,6 +269,29 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
        return 1;
        }
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+       {
+       int send_time = 0;
+
+       if (len < 4)
+               return 0;
+       if (server)
+               send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+       else
+               send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+       if (send_time)
+               {
+               unsigned long Time = time(NULL);
+               unsigned char *p = result;
+               l2n(Time, p);
+               return RAND_pseudo_bytes(p, len-4);
+               }
+       else
+               return RAND_pseudo_bytes(result, len);
+       }
+
 static int ssl23_client_hello(SSL *s)
        {
        unsigned char *buf;
@@ -355,7 +378,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                p=s->s3->client_random;
-               if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+               if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                        return -1;
 
                if (version == TLS1_2_VERSION)