1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 /* ==================================================================== 58 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 59 * 60 * Redistribution and use in source and binary forms, with or without 61 * modification, are permitted provided that the following conditions 62 * are met: 63 * 64 * 1. Redistributions of source code must retain the above copyright 65 * notice, this list of conditions and the following disclaimer. 66 * 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in 69 * the documentation and/or other materials provided with the 70 * distribution. 71 * 72 * 3. All advertising materials mentioning features or use of this 73 * software must display the following acknowledgment: 74 * "This product includes software developed by the OpenSSL Project 75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 76 * 77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 78 * endorse or promote products derived from this software without 79 * prior written permission. For written permission, please contact 80 * openssl-core (at) openssl.org. 81 * 82 * 5. Products derived from this software may not be called "OpenSSL" 83 * nor may "OpenSSL" appear in their names without prior written 84 * permission of the OpenSSL Project. 85 * 86 * 6. Redistributions of any form whatsoever must retain the following 87 * acknowledgment: 88 * "This product includes software developed by the OpenSSL Project 89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 90 * 91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 102 * OF THE POSSIBILITY OF SUCH DAMAGE. 103 * ==================================================================== 104 * 105 * This product includes cryptographic software written by Eric Young 106 * (eay (at) cryptsoft.com). This product includes software written by Tim 107 * Hudson (tjh (at) cryptsoft.com). */ 108 /* ==================================================================== 109 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 110 * ECC cipher suite support in OpenSSL originally developed by 111 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ 112 113 #include <openssl/ssl.h> 114 115 #include <assert.h> 116 #include <limits.h> 117 #include <stdio.h> 118 #include <string.h> 119 120 #include <openssl/buf.h> 121 #include <openssl/err.h> 122 #include <openssl/evp.h> 123 #include <openssl/mem.h> 124 #include <openssl/md5.h> 125 #include <openssl/obj.h> 126 #include <openssl/rand.h> 127 #include <openssl/sha.h> 128 #include <openssl/x509.h> 129 130 #include "internal.h" 131 132 133 /* ssl3_do_write sends |ssl->init_buf| in records of type 'type' 134 * (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC). It returns -1 on error, 1 135 * on success or zero if the transmission is still incomplete. */ 136 int ssl3_do_write(SSL *ssl, int type) { 137 int n; 138 139 n = ssl3_write_bytes(ssl, type, &ssl->init_buf->data[ssl->init_off], 140 ssl->init_num); 141 if (n < 0) { 142 return -1; 143 } 144 145 if (n == ssl->init_num) { 146 if (ssl->msg_callback) { 147 ssl->msg_callback(1, ssl->version, type, ssl->init_buf->data, 148 (size_t)(ssl->init_off + ssl->init_num), ssl, 149 ssl->msg_callback_arg); 150 } 151 return 1; 152 } 153 154 ssl->init_off += n; 155 ssl->init_num -= n; 156 return 0; 157 } 158 159 int ssl3_send_finished(SSL *ssl, int a, int b, const char *sender, int slen) { 160 uint8_t *p; 161 int n; 162 163 if (ssl->state == a) { 164 p = ssl_handshake_start(ssl); 165 166 n = ssl->enc_method->final_finish_mac(ssl, sender, slen, 167 ssl->s3->tmp.finish_md); 168 if (n == 0) { 169 return 0; 170 } 171 ssl->s3->tmp.finish_md_len = n; 172 memcpy(p, ssl->s3->tmp.finish_md, n); 173 174 /* Log the master secret, if logging is enabled. */ 175 if (!ssl_log_master_secret(ssl, ssl->s3->client_random, SSL3_RANDOM_SIZE, 176 ssl->session->master_key, 177 ssl->session->master_key_length)) { 178 return 0; 179 } 180 181 /* Copy the finished so we can use it for renegotiation checks */ 182 if (ssl->server) { 183 assert(n <= EVP_MAX_MD_SIZE); 184 memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.finish_md, n); 185 ssl->s3->previous_server_finished_len = n; 186 } else { 187 assert(n <= EVP_MAX_MD_SIZE); 188 memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.finish_md, n); 189 ssl->s3->previous_client_finished_len = n; 190 } 191 192 if (!ssl_set_handshake_header(ssl, SSL3_MT_FINISHED, n)) { 193 return 0; 194 } 195 ssl->state = b; 196 } 197 198 /* SSL3_ST_SEND_xxxxxx_HELLO_B */ 199 return ssl_do_write(ssl); 200 } 201 202 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen 203 * so far. */ 204 static void ssl3_take_mac(SSL *ssl) { 205 const char *sender; 206 int slen; 207 208 /* If no new cipher setup then return immediately: other functions will set 209 * the appropriate error. */ 210 if (ssl->s3->tmp.new_cipher == NULL) { 211 return; 212 } 213 214 if (ssl->state & SSL_ST_CONNECT) { 215 sender = ssl->enc_method->server_finished_label; 216 slen = ssl->enc_method->server_finished_label_len; 217 } else { 218 sender = ssl->enc_method->client_finished_label; 219 slen = ssl->enc_method->client_finished_label_len; 220 } 221 222 ssl->s3->tmp.peer_finish_md_len = ssl->enc_method->final_finish_mac( 223 ssl, sender, slen, ssl->s3->tmp.peer_finish_md); 224 } 225 226 int ssl3_get_finished(SSL *ssl, int a, int b) { 227 int al, finished_len, ok; 228 long message_len; 229 uint8_t *p; 230 231 message_len = ssl->method->ssl_get_message( 232 ssl, a, b, SSL3_MT_FINISHED, EVP_MAX_MD_SIZE, ssl_dont_hash_message, &ok); 233 234 if (!ok) { 235 return message_len; 236 } 237 238 /* Snapshot the finished hash before incorporating the new message. */ 239 ssl3_take_mac(ssl); 240 if (!ssl3_hash_current_message(ssl)) { 241 goto err; 242 } 243 244 p = ssl->init_msg; 245 finished_len = ssl->s3->tmp.peer_finish_md_len; 246 247 if (finished_len != message_len) { 248 al = SSL_AD_DECODE_ERROR; 249 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DIGEST_LENGTH); 250 goto f_err; 251 } 252 253 if (CRYPTO_memcmp(p, ssl->s3->tmp.peer_finish_md, finished_len) != 0) { 254 al = SSL_AD_DECRYPT_ERROR; 255 OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED); 256 goto f_err; 257 } 258 259 /* Copy the finished so we can use it for renegotiation checks */ 260 if (ssl->server) { 261 assert(finished_len <= EVP_MAX_MD_SIZE); 262 memcpy(ssl->s3->previous_client_finished, ssl->s3->tmp.peer_finish_md, 263 finished_len); 264 ssl->s3->previous_client_finished_len = finished_len; 265 } else { 266 assert(finished_len <= EVP_MAX_MD_SIZE); 267 memcpy(ssl->s3->previous_server_finished, ssl->s3->tmp.peer_finish_md, 268 finished_len); 269 ssl->s3->previous_server_finished_len = finished_len; 270 } 271 272 return 1; 273 274 f_err: 275 ssl3_send_alert(ssl, SSL3_AL_FATAL, al); 276 err: 277 return 0; 278 } 279 280 /* for these 2 messages, we need to 281 * ssl->enc_read_ctx re-init 282 * ssl->s3->read_sequence zero 283 * ssl->s3->read_mac_secret re-init 284 * ssl->session->read_sym_enc assign 285 * ssl->session->read_compression assign 286 * ssl->session->read_hash assign */ 287 int ssl3_send_change_cipher_spec(SSL *ssl, int a, int b) { 288 if (ssl->state == a) { 289 *((uint8_t *)ssl->init_buf->data) = SSL3_MT_CCS; 290 ssl->init_num = 1; 291 ssl->init_off = 0; 292 293 ssl->state = b; 294 } 295 296 /* SSL3_ST_CW_CHANGE_B */ 297 return ssl3_do_write(ssl, SSL3_RT_CHANGE_CIPHER_SPEC); 298 } 299 300 int ssl3_output_cert_chain(SSL *ssl) { 301 uint8_t *p; 302 unsigned long l = 3 + SSL_HM_HEADER_LENGTH(ssl); 303 304 if (!ssl_add_cert_chain(ssl, &l)) { 305 return 0; 306 } 307 308 l -= 3 + SSL_HM_HEADER_LENGTH(ssl); 309 p = ssl_handshake_start(ssl); 310 l2n3(l, p); 311 l += 3; 312 return ssl_set_handshake_header(ssl, SSL3_MT_CERTIFICATE, l); 313 } 314 315 /* Obtain handshake message of message type |msg_type| (any if |msg_type| == -1), 316 * maximum acceptable body length |max|. The first four bytes (msg_type and 317 * length) are read in state |header_state|, the body is read in state 318 * |body_state|. */ 319 long ssl3_get_message(SSL *ssl, int header_state, int body_state, int msg_type, 320 long max, enum ssl_hash_message_t hash_message, int *ok) { 321 uint8_t *p; 322 unsigned long l; 323 long n; 324 int al; 325 326 if (ssl->s3->tmp.reuse_message) { 327 /* A ssl_dont_hash_message call cannot be combined with reuse_message; the 328 * ssl_dont_hash_message would have to have been applied to the previous 329 * call. */ 330 assert(hash_message == ssl_hash_message); 331 ssl->s3->tmp.reuse_message = 0; 332 if (msg_type >= 0 && ssl->s3->tmp.message_type != msg_type) { 333 al = SSL_AD_UNEXPECTED_MESSAGE; 334 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); 335 goto f_err; 336 } 337 *ok = 1; 338 ssl->state = body_state; 339 ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4; 340 ssl->init_num = (int)ssl->s3->tmp.message_size; 341 return ssl->init_num; 342 } 343 344 p = (uint8_t *)ssl->init_buf->data; 345 346 if (ssl->state == header_state) { 347 assert(ssl->init_num < 4); 348 349 for (;;) { 350 while (ssl->init_num < 4) { 351 int bytes_read = ssl3_read_bytes( 352 ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], 4 - ssl->init_num, 0); 353 if (bytes_read <= 0) { 354 *ok = 0; 355 return bytes_read; 356 } 357 ssl->init_num += bytes_read; 358 } 359 360 static const uint8_t kHelloRequest[4] = {SSL3_MT_HELLO_REQUEST, 0, 0, 0}; 361 if (ssl->server || memcmp(p, kHelloRequest, sizeof(kHelloRequest)) != 0) { 362 break; 363 } 364 365 /* The server may always send 'Hello Request' messages -- we are doing 366 * a handshake anyway now, so ignore them if their format is correct. 367 * Does not count for 'Finished' MAC. */ 368 ssl->init_num = 0; 369 370 if (ssl->msg_callback) { 371 ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, p, 4, ssl, 372 ssl->msg_callback_arg); 373 } 374 } 375 376 /* ssl->init_num == 4 */ 377 378 if (msg_type >= 0 && *p != msg_type) { 379 al = SSL_AD_UNEXPECTED_MESSAGE; 380 OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE); 381 goto f_err; 382 } 383 ssl->s3->tmp.message_type = *(p++); 384 385 n2l3(p, l); 386 if (l > (unsigned long)max) { 387 al = SSL_AD_ILLEGAL_PARAMETER; 388 OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE); 389 goto f_err; 390 } 391 392 if (l && !BUF_MEM_grow_clean(ssl->init_buf, l + 4)) { 393 OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); 394 goto err; 395 } 396 ssl->s3->tmp.message_size = l; 397 ssl->state = body_state; 398 399 ssl->init_msg = (uint8_t *)ssl->init_buf->data + 4; 400 ssl->init_num = 0; 401 } 402 403 /* next state (body_state) */ 404 p = ssl->init_msg; 405 n = ssl->s3->tmp.message_size - ssl->init_num; 406 while (n > 0) { 407 int bytes_read = 408 ssl3_read_bytes(ssl, SSL3_RT_HANDSHAKE, &p[ssl->init_num], n, 0); 409 if (bytes_read <= 0) { 410 ssl->rwstate = SSL_READING; 411 *ok = 0; 412 return bytes_read; 413 } 414 ssl->init_num += bytes_read; 415 n -= bytes_read; 416 } 417 418 /* Feed this message into MAC computation. */ 419 if (hash_message == ssl_hash_message && !ssl3_hash_current_message(ssl)) { 420 goto err; 421 } 422 if (ssl->msg_callback) { 423 ssl->msg_callback(0, ssl->version, SSL3_RT_HANDSHAKE, ssl->init_buf->data, 424 (size_t)ssl->init_num + 4, ssl, ssl->msg_callback_arg); 425 } 426 *ok = 1; 427 return ssl->init_num; 428 429 f_err: 430 ssl3_send_alert(ssl, SSL3_AL_FATAL, al); 431 432 err: 433 *ok = 0; 434 return -1; 435 } 436 437 int ssl3_hash_current_message(SSL *ssl) { 438 /* The handshake header (different size between DTLS and TLS) is included in 439 * the hash. */ 440 size_t header_len = ssl->init_msg - (uint8_t *)ssl->init_buf->data; 441 return ssl3_update_handshake_hash(ssl, (uint8_t *)ssl->init_buf->data, 442 ssl->init_num + header_len); 443 } 444 445 /* ssl3_cert_verify_hash is documented as needing EVP_MAX_MD_SIZE because that 446 * is sufficient pre-TLS1.2 as well. */ 447 OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE > MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, 448 combined_tls_hash_fits_in_max); 449 450 int ssl3_cert_verify_hash(SSL *ssl, uint8_t *out, size_t *out_len, 451 const EVP_MD **out_md, int pkey_type) { 452 /* For TLS v1.2 send signature algorithm and signature using 453 * agreed digest and cached handshake records. Otherwise, use 454 * SHA1 or MD5 + SHA1 depending on key type. */ 455 if (SSL_USE_SIGALGS(ssl)) { 456 EVP_MD_CTX mctx; 457 unsigned len; 458 459 EVP_MD_CTX_init(&mctx); 460 if (!EVP_DigestInit_ex(&mctx, *out_md, NULL) || 461 !EVP_DigestUpdate(&mctx, ssl->s3->handshake_buffer->data, 462 ssl->s3->handshake_buffer->length) || 463 !EVP_DigestFinal(&mctx, out, &len)) { 464 OPENSSL_PUT_ERROR(SSL, ERR_R_EVP_LIB); 465 EVP_MD_CTX_cleanup(&mctx); 466 return 0; 467 } 468 *out_len = len; 469 } else if (pkey_type == EVP_PKEY_RSA) { 470 if (ssl->enc_method->cert_verify_mac(ssl, NID_md5, out) == 0 || 471 ssl->enc_method->cert_verify_mac(ssl, NID_sha1, 472 out + MD5_DIGEST_LENGTH) == 0) { 473 return 0; 474 } 475 *out_len = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH; 476 *out_md = EVP_md5_sha1(); 477 } else if (pkey_type == EVP_PKEY_EC) { 478 if (ssl->enc_method->cert_verify_mac(ssl, NID_sha1, out) == 0) { 479 return 0; 480 } 481 *out_len = SHA_DIGEST_LENGTH; 482 *out_md = EVP_sha1(); 483 } else { 484 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); 485 return 0; 486 } 487 488 return 1; 489 } 490 491 int ssl_verify_alarm_type(long type) { 492 int al; 493 494 switch (type) { 495 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 496 case X509_V_ERR_UNABLE_TO_GET_CRL: 497 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: 498 al = SSL_AD_UNKNOWN_CA; 499 break; 500 501 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: 502 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: 503 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: 504 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 505 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 506 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: 507 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: 508 case X509_V_ERR_CERT_NOT_YET_VALID: 509 case X509_V_ERR_CRL_NOT_YET_VALID: 510 case X509_V_ERR_CERT_UNTRUSTED: 511 case X509_V_ERR_CERT_REJECTED: 512 al = SSL_AD_BAD_CERTIFICATE; 513 break; 514 515 case X509_V_ERR_CERT_SIGNATURE_FAILURE: 516 case X509_V_ERR_CRL_SIGNATURE_FAILURE: 517 al = SSL_AD_DECRYPT_ERROR; 518 break; 519 520 case X509_V_ERR_CERT_HAS_EXPIRED: 521 case X509_V_ERR_CRL_HAS_EXPIRED: 522 al = SSL_AD_CERTIFICATE_EXPIRED; 523 break; 524 525 case X509_V_ERR_CERT_REVOKED: 526 al = SSL_AD_CERTIFICATE_REVOKED; 527 break; 528 529 case X509_V_ERR_OUT_OF_MEM: 530 al = SSL_AD_INTERNAL_ERROR; 531 break; 532 533 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 534 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 535 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 536 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: 537 case X509_V_ERR_CERT_CHAIN_TOO_LONG: 538 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 539 case X509_V_ERR_INVALID_CA: 540 al = SSL_AD_UNKNOWN_CA; 541 break; 542 543 case X509_V_ERR_APPLICATION_VERIFICATION: 544 al = SSL_AD_HANDSHAKE_FAILURE; 545 break; 546 547 case X509_V_ERR_INVALID_PURPOSE: 548 al = SSL_AD_UNSUPPORTED_CERTIFICATE; 549 break; 550 551 default: 552 al = SSL_AD_CERTIFICATE_UNKNOWN; 553 break; 554 } 555 556 return al; 557 } 558 559 int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) { 560 if (is_server) { 561 const uint32_t current_time = time(NULL); 562 uint8_t *p = out; 563 564 if (len < 4) { 565 return 0; 566 } 567 p[0] = current_time >> 24; 568 p[1] = current_time >> 16; 569 p[2] = current_time >> 8; 570 p[3] = current_time; 571 return RAND_bytes(p + 4, len - 4); 572 } else { 573 return RAND_bytes(out, len); 574 } 575 } 576
