Do not include a timestamp in the ServerHello Random field.

Instead, send random bytes.

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 29421da9aacebe91e1a067e5647461dd7263af5e..5b0c86a3ab8cdf038ae55b99c191bb1291f11d80 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -912,15 +912,13 @@ int dtls1_send_server_hello(SSL *s)
        unsigned char *p,*d;
        int i;
        unsigned int sl;
-       unsigned long l,Time;
+       unsigned long l;
 
        if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                {
                buf=(unsigned char *)s->init_buf->data;
                p=s->s3->server_random;
-               Time=(unsigned long)time(NULL);                 /* Time */
-               l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bfb84805400cc49235c29d42db94a950f2df7cc5..511f5bef4cb03cfdc59fcfd981fbc268132b6a99 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s)
         * server_random before calling tls_session_secret_cb in order to allow
         * SessionTicket processing to use it in key derivation. */
        {
-               unsigned long Time;
                unsigned char *pos;
-               Time=(unsigned long)time(NULL);                 /* Time */
-               pos=s->s3->server_random;
-               l2n(Time,pos);
-               if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+               pos=s->s3->server_random;
+               if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0)
                        {
                        al=SSL_AD_INTERNAL_ERROR;
                        goto f_err;