From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 9 Oct 2013 14:28:42 +0000 (-0400)
Subject: Refactor {client,server}_random to call an intermediate function
X-Git-Tag: OpenSSL_1_0_1f~38^2~1
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3da721dac9382c48812c8eba455528fd59af2eef;p=oweals%2Fopenssl.git

Refactor {client,server}_random to call an intermediate function

I'll be using this to make an option for randomizing the time.
---

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index bfde14e09f..556ac9ccc7 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -801,7 +801,7 @@ int dtls1_client_hello(SSL *s)
 		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
 		if (i==sizeof(s->s3->client_random))
 			{
-			RAND_pseudo_bytes(p,sizeof(s->s3->client_random));
+			ssl_fill_hello_random(s,0,p,sizeof(s->s3->client_random));
 			}
 
 		/* Do the message type and length last */
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 5b0c86a3ab..9563066bd1 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -918,7 +918,7 @@ int dtls1_send_server_hello(SSL *s)
 		{
 		buf=(unsigned char *)s->init_buf->data;
 		p=s->s3->server_random;
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
+		ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index c9ef0f5cfc..01e492adfb 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -269,6 +269,13 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
 	return 1;
 	}
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+	{
+	return RAND_pseudo_bytes(result, len);
+	}
+
 static int ssl23_client_hello(SSL *s)
 	{
 	unsigned char *buf;
@@ -355,7 +362,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
 		p=s->s3->client_random;
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 			return -1;
 
 		if (version == TLS1_2_VERSION)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1b54011252..a6b3c01afa 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -680,7 +680,8 @@ int ssl3_client_hello(SSL *s)
 		/* else use the pre-loaded session */
 
 		p=s->s3->client_random;
-		if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+
+		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
 			goto err;
 
 		/* Do the message type and length last */
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 511f5bef4c..508239fce5 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1194,8 +1194,8 @@ int ssl3_get_client_hello(SSL *s)
 	 * SessionTicket processing to use it in key derivation. */
 	{
 		unsigned char *pos;
-    		pos=s->s3->server_random;
-		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0)
+		pos=s->s3->server_random;
+		if (ssl_fill_hello_random(s,1,pos,SSL3_RANDOM_SIZE) <= 0)
 			{
 			al=SSL_AD_INTERNAL_ERROR;
 			goto f_err;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1b98947e67..96ce9a7245 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -847,6 +847,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);