Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable
This commit is contained in:
Ben Laurie
commit
62036c6fc3
@ -773,7 +773,7 @@ int dtls1_client_hello(SSL *s)
|
||||
unsigned char *buf;
|
||||
unsigned char *p,*d;
|
||||
unsigned int i,j;
|
||||
unsigned long Time,l;
|
||||
unsigned long l;
|
||||
SSL_COMP *comp;
|
||||
|
||||
buf=(unsigned char *)s->init_buf->data;
|
||||
@ -801,9 +801,7 @@ int dtls1_client_hello(SSL *s)
|
||||
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
|
||||
if (i==sizeof(s->s3->client_random))
|
||||
{
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
|
||||
ssl_fill_hello_random(s,0,p,sizeof(s->s3->client_random));
|
||||
}
|
||||
|
||||
/* Do the message type and length last */
|
||||
|
||||
@ -913,15 +913,13 @@ int dtls1_send_server_hello(SSL *s)
|
||||
unsigned char *p,*d;
|
||||
int i;
|
||||
unsigned int sl;
|
||||
unsigned long l,Time;
|
||||
unsigned long l;
|
||||
|
||||
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
|
||||
{
|
||||
buf=(unsigned char *)s->init_buf->data;
|
||||
p=s->s3->server_random;
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
|
||||
ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
|
||||
/* Do the message type and length last */
|
||||
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
|
||||
|
||||
|
||||
@ -269,12 +269,34 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
|
||||
* on failure, 1 on success. */
|
||||
int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
|
||||
{
|
||||
int send_time = 0;
|
||||
if (len < 4)
|
||||
return 0;
|
||||
if (server)
|
||||
send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
|
||||
else
|
||||
send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
|
||||
if (send_time)
|
||||
{
|
||||
unsigned long Time = time(NULL);
|
||||
unsigned char *p = result;
|
||||
l2n(Time, p);
|
||||
return RAND_pseudo_bytes(p, len-4);
|
||||
}
|
||||
else
|
||||
return RAND_pseudo_bytes(result, len);
|
||||
}
|
||||
|
||||
static int ssl23_client_hello(SSL *s)
|
||||
{
|
||||
unsigned char *buf;
|
||||
unsigned char *p,*d;
|
||||
int i,ch_len;
|
||||
unsigned long Time,l;
|
||||
unsigned long l;
|
||||
int ssl2_compat;
|
||||
int version = 0, version_major, version_minor;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
@ -355,9 +377,7 @@ static int ssl23_client_hello(SSL *s)
|
||||
#endif
|
||||
|
||||
p=s->s3->client_random;
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
||||
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
||||
return -1;
|
||||
|
||||
if (version == TLS1_2_VERSION)
|
||||
|
||||
@ -655,7 +655,7 @@ int ssl3_client_hello(SSL *s)
|
||||
unsigned char *buf;
|
||||
unsigned char *p,*d;
|
||||
int i;
|
||||
unsigned long Time,l;
|
||||
unsigned long l;
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
int j;
|
||||
SSL_COMP *comp;
|
||||
@ -680,9 +680,8 @@ int ssl3_client_hello(SSL *s)
|
||||
/* else use the pre-loaded session */
|
||||
|
||||
p=s->s3->client_random;
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
l2n(Time,p);
|
||||
if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
|
||||
|
||||
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
||||
goto err;
|
||||
|
||||
/* Do the message type and length last */
|
||||
|
||||
@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s)
|
||||
* server_random before calling tls_session_secret_cb in order to allow
|
||||
* SessionTicket processing to use it in key derivation. */
|
||||
{
|
||||
unsigned long Time;
|
||||
unsigned char *pos;
|
||||
Time=(unsigned long)time(NULL); /* Time */
|
||||
pos=s->s3->server_random;
|
||||
l2n(Time,pos);
|
||||
if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
|
||||
if (ssl_fill_hello_random(s,1,pos,SSL3_RANDOM_SIZE) <= 0)
|
||||
{
|
||||
al=SSL_AD_INTERNAL_ERROR;
|
||||
goto f_err;
|
||||
|
||||
@ -641,6 +641,12 @@ struct ssl_session_st
|
||||
* TLS only.) "Released" buffers are put onto a free-list in the context
|
||||
* or just freed (depending on the context's setting for freelist_max_len). */
|
||||
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
|
||||
/* Send the current time in the Random fields of the ClientHello and
|
||||
* ServerHello records for compatibility with hypothetical implementations
|
||||
* that require it.
|
||||
*/
|
||||
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
|
||||
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
|
||||
|
||||
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
|
||||
* they cannot be used to clear bits. */
|
||||
|
||||
@ -847,6 +847,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
|
||||
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
|
||||
int ssl_verify_alarm_type(long type);
|
||||
void ssl_load_ciphers(void);
|
||||
int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
|
||||
|
||||
int ssl2_enc_init(SSL *s, int client);
|
||||
int ssl2_generate_key_material(SSL *s);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user