Commit 25832701 authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE 

(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
parent 3da721da

ssl/s23_clnt.c

+16 −1
Original line number Diff line number Diff line
@@ -273,6 +273,21 @@ static int ssl23_no_ssl2_ciphers(SSL *s) 
 * on failure, 1 on success. */

int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)

	{

	int send_time = 0;

	if (len < 4)

		return 0;

	if (server)

		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;

	else

		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;

	if (send_time)

		{

		unsigned long Time = time(NULL);

		unsigned char *p = result;

		l2n(Time, p);

		return RAND_pseudo_bytes(p, len-4);

		}

	else

		return RAND_pseudo_bytes(result, len);

	}

ssl/ssl.h

+6 −0
Original line number Diff line number Diff line
@@ -641,6 +641,12 @@ struct ssl_session_st 
 * TLS only.)  "Released" buffers are put onto a free-list in the context

 * or just freed (depending on the context's setting for freelist_max_len). */

#define SSL_MODE_RELEASE_BUFFERS 0x00000010L

/* Send the current time in the Random fields of the ClientHello and

 * ServerHello records for compatibility with hypothetical implementations

 * that require it.

 */

#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L

#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L



/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,

 * they cannot be used to clear bits. */