Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable
This commit is contained in:
Ben Laurie
commit
62036c6fc3
@ -773,7 +773,7 @@ int dtls1_client_hello(SSL *s)
|
|||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
unsigned int i,j;
|
unsigned int i,j;
|
||||||
unsigned long Time,l;
|
unsigned long l;
|
||||||
SSL_COMP *comp;
|
SSL_COMP *comp;
|
||||||
|
|
||||||
buf=(unsigned char *)s->init_buf->data;
|
buf=(unsigned char *)s->init_buf->data;
|
||||||
@ -801,9 +801,7 @@ int dtls1_client_hello(SSL *s)
|
|||||||
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
|
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
|
||||||
if (i==sizeof(s->s3->client_random))
|
if (i==sizeof(s->s3->client_random))
|
||||||
{
|
{
|
||||||
Time=(unsigned long)time(NULL); /* Time */
|
ssl_fill_hello_random(s,0,p,sizeof(s->s3->client_random));
|
||||||
l2n(Time,p);
|
|
||||||
RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
|
|||||||
@ -913,15 +913,13 @@ int dtls1_send_server_hello(SSL *s)
|
|||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
int i;
|
int i;
|
||||||
unsigned int sl;
|
unsigned int sl;
|
||||||
unsigned long l,Time;
|
unsigned long l;
|
||||||
|
|
||||||
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
||||||
{
|
{
|
||||||
buf=(unsigned char *)s->init_buf->data;
|
buf=(unsigned char *)s->init_buf->data;
|
||||||
p=s->s3->server_random;
|
p=s->s3->server_random;
|
||||||
Time=(unsigned long)time(NULL); /* Time */
|
ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
|
||||||
l2n(Time,p);
|
|
||||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
|
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
|
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
|
||||||
|
|
||||||
|
|||||||
@ -269,12 +269,34 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
|
||||||
|
* on failure, 1 on success. */
|
||||||
|
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
|
||||||
|
{
|
||||||
|
int send_time = 0;
|
||||||
|
if (len < 4)
|
||||||
|
return 0;
|
||||||
|
if (server)
|
||||||
|
send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
|
||||||
|
else
|
||||||
|
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
|
||||||
|
if (send_time)
|
||||||
|
{
|
||||||
|
unsigned long Time = time(NULL);
|
||||||
|
unsigned char *p = result;
|
||||||
|
l2n(Time, p);
|
||||||
|
return RAND_pseudo_bytes(p, len-4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return RAND_pseudo_bytes(result, len);
|
||||||
|
}
|
||||||
|
|
||||||
static int ssl23_client_hello(SSL *s)
|
static int ssl23_client_hello(SSL *s)
|
||||||
{
|
{
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
int i,ch_len;
|
int i,ch_len;
|
||||||
unsigned long Time,l;
|
unsigned long l;
|
||||||
int ssl2_compat;
|
int ssl2_compat;
|
||||||
int version = 0, version_major, version_minor;
|
int version = 0, version_major, version_minor;
|
||||||
#ifndef OPENSSL_NO_COMP
|
#ifndef OPENSSL_NO_COMP
|
||||||
@ -355,9 +377,7 @@ static int ssl23_client_hello(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
p=s->s3->client_random;
|
p=s->s3->client_random;
|
||||||
Time=(unsigned long)time(NULL); /* Time */
|
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
||||||
l2n(Time,p);
|
|
||||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (version == TLS1_2_VERSION)
|
if (version == TLS1_2_VERSION)
|
||||||
|
|||||||
@ -655,7 +655,7 @@ int ssl3_client_hello(SSL *s)
|
|||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
unsigned char *p,*d;
|
unsigned char *p,*d;
|
||||||
int i;
|
int i;
|
||||||
unsigned long Time,l;
|
unsigned long l;
|
||||||
#ifndef OPENSSL_NO_COMP
|
#ifndef OPENSSL_NO_COMP
|
||||||
int j;
|
int j;
|
||||||
SSL_COMP *comp;
|
SSL_COMP *comp;
|
||||||
@ -680,9 +680,8 @@ int ssl3_client_hello(SSL *s)
|
|||||||
/* else use the pre-loaded session */
|
/* else use the pre-loaded session */
|
||||||
|
|
||||||
p=s->s3->client_random;
|
p=s->s3->client_random;
|
||||||
Time=(unsigned long)time(NULL); /* Time */
|
|
||||||
l2n(Time,p);
|
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
||||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
|
|||||||
@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s)
|
|||||||
* server_random before calling tls_session_secret_cb in order to allow
|
* server_random before calling tls_session_secret_cb in order to allow
|
||||||
* SessionTicket processing to use it in key derivation. */
|
* SessionTicket processing to use it in key derivation. */
|
||||||
{
|
{
|
||||||
unsigned long Time;
|
|
||||||
unsigned char *pos;
|
unsigned char *pos;
|
||||||
Time=(unsigned long)time(NULL); /* Time */
|
|
||||||
pos=s->s3->server_random;
|
pos=s->s3->server_random;
|
||||||
l2n(Time,pos);
|
if (ssl_fill_hello_random(s,1,pos,SSL3_RANDOM_SIZE) <= 0)
|
||||||
if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
|
|
||||||
{
|
{
|
||||||
al=SSL_AD_INTERNAL_ERROR;
|
al=SSL_AD_INTERNAL_ERROR;
|
||||||
goto f_err;
|
goto f_err;
|
||||||
|
|||||||
@ -641,6 +641,12 @@ struct ssl_session_st
|
|||||||
* TLS only.) "Released" buffers are put onto a free-list in the context
|
* TLS only.) "Released" buffers are put onto a free-list in the context
|
||||||
* or just freed (depending on the context's setting for freelist_max_len). */
|
* or just freed (depending on the context's setting for freelist_max_len). */
|
||||||
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
|
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
|
||||||
|
/* Send the current time in the Random fields of the ClientHello and
|
||||||
|
* ServerHello records for compatibility with hypothetical implementations
|
||||||
|
* that require it.
|
||||||
|
*/
|
||||||
|
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
|
||||||
|
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
|
||||||
|
|
||||||
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
|
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
|
||||||
* they cannot be used to clear bits. */
|
* they cannot be used to clear bits. */
|
||||||
|
|||||||
@ -847,6 +847,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
|
|||||||
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
|
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
|
||||||
int ssl_verify_alarm_type(long type);
|
int ssl_verify_alarm_type(long type);
|
||||||
void ssl_load_ciphers(void);
|
void ssl_load_ciphers(void);
|
||||||
|
int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
|
||||||
|
|
||||||
int ssl2_enc_init(SSL *s, int client);
|
int ssl2_enc_init(SSL *s, int client);
|
||||||
int ssl2_generate_key_material(SSL *s);
|
int ssl2_generate_key_material(SSL *s);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user