diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index a6ed09c51..556ac9ccc 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -773,7 +773,7 @@ int dtls1_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; unsigned int i,j; - unsigned long Time,l; + unsigned long l; SSL_COMP *comp; buf=(unsigned char *)s->init_buf->data; @@ -801,9 +801,7 @@ int dtls1_client_hello(SSL *s) for (i=0;p[i]=='\0' && is3->client_random);i++) ; if (i==sizeof(s->s3->client_random)) { - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); + ssl_fill_hello_random(s,0,p,sizeof(s->s3->client_random)); } /* Do the message type and length last */ diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 1e7c45a02..c0beb4510 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -913,15 +913,13 @@ int dtls1_send_server_hello(SSL *s) unsigned char *p,*d; int i; unsigned int sl; - unsigned long l,Time; + unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 47673e740..65d2c26ad 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -269,12 +269,34 @@ static int ssl23_no_ssl2_ciphers(SSL *s) return 1; } +/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 + * on failure, 1 on success. */ +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) + { + int send_time = 0; + if (len < 4) + return 0; + if (server) + send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; + else + send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; + if (send_time) + { + unsigned long Time = time(NULL); + unsigned char *p = result; + l2n(Time, p); + return RAND_pseudo_bytes(p, len-4); + } + else + return RAND_pseudo_bytes(result, len); + } + static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; int i,ch_len; - unsigned long Time,l; + unsigned long l; int ssl2_compat; int version = 0, version_major, version_minor; #ifndef OPENSSL_NO_COMP @@ -355,9 +377,7 @@ static int ssl23_client_hello(SSL *s) #endif p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) return -1; if (version == TLS1_2_VERSION) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 344e2eb1a..a6b3c01af 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -655,7 +655,7 @@ int ssl3_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; int i; - unsigned long Time,l; + unsigned long l; #ifndef OPENSSL_NO_COMP int j; SSL_COMP *comp; @@ -680,9 +680,8 @@ int ssl3_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) + + if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) goto err; /* Do the message type and length last */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bfb848054..508239fce 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s) * server_random before calling tls_session_secret_cb in order to allow * SessionTicket processing to use it in key derivation. */ { - unsigned long Time; unsigned char *pos; - Time=(unsigned long)time(NULL); /* Time */ pos=s->s3->server_random; - l2n(Time,pos); - if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0) + if (ssl_fill_hello_random(s,1,pos,SSL3_RANDOM_SIZE) <= 0) { al=SSL_AD_INTERNAL_ERROR; goto f_err; diff --git a/ssl/ssl.h b/ssl/ssl.h index c48990e6d..1c12ddd71 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -641,6 +641,12 @@ struct ssl_session_st * TLS only.) "Released" buffers are put onto a free-list in the context * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1b98947e6..96ce9a724 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -847,6 +847,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); +int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len); int ssl2_enc_init(SSL *s, int client); int ssl2_generate_key_material(SSL *s);