From: Matt Caswell <matt@openssl.org>
Date: Thu, 25 Jun 2015 13:12:25 +0000 (+0100)
Subject: Remove erroneous server_random filling
X-Git-Tag: OpenSSL_1_1_0-pre1~867
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e1e088ec7f2f33c4c4ad31312d62c536441d4358;p=oweals%2Fopenssl.git

Remove erroneous server_random filling

Commit e481f9b90b164 removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b90b164 the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.

Reviewed-by: Stephen Henson <steve@openssl.org>
---

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 72deedc0c5..718ca2c31b 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1580,19 +1580,16 @@ int ssl3_send_server_hello(SSL *s)
     if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
         buf = (unsigned char *)s->init_buf->data;
 
-        p = s->s3->server_random;
-        if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-
         /* Do the message type and length last */
         d = p = ssl_handshake_start(s);
 
         *(p++) = s->version >> 8;
         *(p++) = s->version & 0xff;
 
-        /* Random stuff */
+        /*
+         * Random stuff. Filling of the server_random takes place in
+         * ssl3_get_client_hello()
+         */
         memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
         p += SSL3_RANDOM_SIZE;