From: Nick Mathewson Date: Wed, 9 Oct 2013 14:28:42 +0000 (-0400) Subject: Refactor {client,server}_random to call an intermediate function X-Git-Tag: OpenSSL_1_0_1f~38^2~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3da721dac9382c48812c8eba455528fd59af2eef;p=oweals%2Fopenssl.git Refactor {client,server}_random to call an intermediate function I'll be using this to make an option for randomizing the time. --- diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index bfde14e09f..556ac9ccc7 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -801,7 +801,7 @@ int dtls1_client_hello(SSL *s) for (i=0;p[i]=='\0' && is3->client_random);i++) ; if (i==sizeof(s->s3->client_random)) { - RAND_pseudo_bytes(p,sizeof(s->s3->client_random)); + ssl_fill_hello_random(s,0,p,sizeof(s->s3->client_random)); } /* Do the message type and length last */ diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 5b0c86a3ab..9563066bd1 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -918,7 +918,7 @@ int dtls1_send_server_hello(SSL *s) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); + ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index c9ef0f5cfc..01e492adfb 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -269,6 +269,13 @@ static int ssl23_no_ssl2_ciphers(SSL *s) return 1; } +/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 + * on failure, 1 on success. */ +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) + { + return RAND_pseudo_bytes(result, len); + } + static int ssl23_client_hello(SSL *s) { unsigned char *buf; @@ -355,7 +362,7 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) return -1; if (version == TLS1_2_VERSION) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1b54011252..a6b3c01afa 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -680,7 +680,8 @@ int ssl3_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) + + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) goto err; /* Do the message type and length last */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 511f5bef4c..508239fce5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1194,8 +1194,8 @@ int ssl3_get_client_hello(SSL *s) * SessionTicket processing to use it in key derivation. */ { unsigned char *pos; - pos=s->s3->server_random; - if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0) + pos=s->s3->server_random; + if (ssl_fill_hello_random(s,1,pos,SSL3_RANDOM_SIZE) <= 0) { al=SSL_AD_INTERNAL_ERROR; goto f_err; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1b98947e67..96ce9a7245 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -847,6 +847,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); +int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s);