Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and

author Dr. Stephen Henson <steve@openssl.org>

Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)
diff --git a/CHANGES b/CHANGES

index f6b293d3a187fc2c67fb04401a280cf170e3cfb6..7c3722ee2862cc644e3a960852f9a5d09e7ebc25 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -763,6 +763,28 @@
  
   Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
  
  
   Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
  
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
    *) Use Windows randomness collection on Cygwin.
       [Ulf Möller]
  
    *) Use Windows randomness collection on Cygwin.
       [Ulf Möller]
  
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 56dbf75fe3d48750d14ed65d41e9bb0d2aecfc30..54598f0f8bf4e082a7933dbac2ee2d2f2fbb6dd0 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -562,7 +562,7 @@ static int ssl3_client_hello(SSL *s)
                 p=s->s3->client_random;
                 Time=time(NULL);                        /* Time */
                 l2n(Time,p);
                 p=s->s3->client_random;
                 Time=time(NULL);                        /* Time */
                 l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
  
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
  
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 898f49810c3f4b4cb67d571cf332b8cb5e930d3f..28b30fec237ef57d677f3ff50a78f535c735fabd 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -996,7 +996,7 @@ static int ssl3_send_server_hello(SSL *s)
                 p=s->s3->server_random;
                 Time=time(NULL);                        /* Time */
                 l2n(Time,p);
                 p=s->s3->server_random;
                 Time=time(NULL);                        /* Time */
                 l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
  
                 /* Do the message type and length last */
                 d=p= &(buf[4]);
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 22 Mar 2005 14:11:06 +0000 (14:11 +0000)
CHANGES		patch \| blob \| history
ssl/s3_clnt.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history