Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and

client random values.
author: Dr. Stephen Henson <steve@openssl.org> 2005-03-22 14:11:06 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2005-03-22 14:11:06 +0000
commit: 59b6836ab2cff27c9d7062699abcbf805350b8ad (patch)
tree: a2182e08b3a233a2e8819fafdd3828f48a43da6e /CHANGES
parent: 9fc9b55237d3f8abb0f0efb2bf26bc58bcd234bb (diff)
download: openssl-59b6836ab2cff27c9d7062699abcbf805350b8ad.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index f6b293d3a1..7c3722ee28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -763,6 +763,28 @@
 
  Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
 
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
   *) Use Windows randomness collection on Cygwin.
      [Ulf Möller]
author	Dr. Stephen Henson <steve@openssl.org>	2005-03-22 14:11:06 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2005-03-22 14:11:06 +0000
commit	59b6836ab2cff27c9d7062699abcbf805350b8ad (patch)
tree	a2182e08b3a233a2e8819fafdd3828f48a43da6e /CHANGES
parent	9fc9b55237d3f8abb0f0efb2bf26bc58bcd234bb (diff)
download	openssl-59b6836ab2cff27c9d7062699abcbf805350b8ad.tar.gz