Enable PSK in FIPS mode.

[oweals/openssl.git] / ssl / s23_clnt.c

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 01e492adfbd48c8751554c110e836b2d51a37187..84670b6c1c37c9602ac47c1c8ec2fddc1b729b9f 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -273,7 +273,23 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
  * on failure, 1 on success. */
 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
        {
-       return RAND_pseudo_bytes(result, len);
+       int send_time = 0;
+
+       if (len < 4)
+               return 0;
+       if (server)
+               send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+       else
+               send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+       if (send_time)
+               {
+               unsigned long Time = time(NULL);
+               unsigned char *p = result;
+               l2n(Time, p);
+               return RAND_pseudo_bytes(p, len-4);
+               }
+       else
+               return RAND_pseudo_bytes(result, len);
        }
 
 static int ssl23_client_hello(SSL *s)