From: Dr. Stephen Henson Date: Tue, 22 Mar 2005 14:10:32 +0000 (+0000) Subject: Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and X-Git-Tag: OpenSSL_0_9_7f~9 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=61823b6a7421acf982ddf540e2f0a479a3f852af;p=oweals%2Fopenssl.git Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and client random values. --- diff --git a/CHANGES b/CHANGES index e8222c200c..33e1911fcb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,29 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + Changes between 0.9.7Ae and 0.9.7f [XX xxx XXXX] + + *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating + server and client random values. Previously + (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in + less random data when sizeof(time_t) > 4 (some 64 bit platforms). + + This change has negligible security impact because: + + 1. Server and client random values still have 24 bytes of pseudo random + data. + + 2. Server and client random values are sent in the clear in the initial + handshake. + + 3. The master secret is derived using the premaster secret (48 bytes in + size for static RSA ciphersuites) as well as client server and random + values. + + The OpenSSL team would like to thank the UK NISCC for bringing this issue + to our attention. + + [Stephen Henson, reported by UK NISCC] *) Use Windows randomness collection on Cygwin. [Ulf Möller] diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a475033f01..0969476b25 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -535,7 +535,7 @@ static int ssl3_client_hello(SSL *s) p=s->s3->client_random; Time=time(NULL); /* Time */ l2n(Time,p); - if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0) + if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) goto err; /* Do the message type and length last */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0a573c6a48..5f3aada1d6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -956,7 +956,7 @@ static int ssl3_send_server_hello(SSL *s) p=s->s3->server_random; Time=time(NULL); /* Time */ l2n(Time,p); - if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0) + if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) return -1; /* Do the message type and length last */ d=p= &(buf[4]);