Commit f4c93b46 authored Sep 16, 2013 by Nick Mathewson

Do not include a timestamp in the ServerHello Random field.

Instead, send random bytes.

parent 4af79303

ssl/d1_srvr.c

+2 −4

Original line number	Diff line number	Diff line
		@@ -912,15 +912,13 @@ int dtls1_send_server_hello(SSL *s)
		unsigned char p,d;
		int i;
		unsigned int sl;
		unsigned long l,Time;
		unsigned long l;

		if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
		{
		buf=(unsigned char *)s->init_buf->data;
		p=s->s3->server_random;
		Time=(unsigned long)time(NULL); /* Time */
		l2n(Time,p);
		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
		/* Do the message type and length last */
		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);

ssl/s3_srvr.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s)
		* server_random before calling tls_session_secret_cb in order to allow
		* SessionTicket processing to use it in key derivation. */
		{
		unsigned long Time;
		unsigned char *pos;
		Time=(unsigned long)time(NULL); /* Time */
		pos=s->s3->server_random;
		l2n(Time,pos);
		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0)
		{
		al=SSL_AD_INTERNAL_ERROR;
		goto f_err;