Do not include a timestamp in the Client/ServerHello Random field.

[openssl.git] / ssl / s23_clnt.c

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 15878c66e16cfc60d615ecd5285396920d171e46..af4fffe67d1c814b37278ec586a81125888d3272 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -269,6 +269,28 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
        return 1;
        }
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+       {
+               int send_time = 0;
+               if (len < 4)
+                       return 0;
+               if (server)
+                       send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+               else
+                       send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+               if (send_time)
+                       {
+                       unsigned long Time = time(NULL);
+                       unsigned char *p = result;
+                       l2n(Time, p);
+                       return RAND_pseudo_bytes(p, len-4);
+                       }
+               else
+                       return RAND_pseudo_bytes(result, len);
+       }
+
 static int ssl23_client_hello(SSL *s)
        {
        unsigned char *buf;
@@ -359,9 +381,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                p=s->s3->client_random;
-               Time=(unsigned long)time(NULL);         /* Time */
-               l2n(Time,p);
-               if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+               if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                        return -1;
 
                if (version == TLS1_2_VERSION)