From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 9 Oct 2013 14:37:53 +0000 (-0400)
Subject: Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
X-Git-Tag: OpenSSL_1_0_1f~38^2
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2583270191a8b27eed303c03ece1da97b9b69fd3;p=oweals%2Fopenssl.git

Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE

(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
---

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 01e492adfb..65d2c26ad2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -273,7 +273,22 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
  * on failure, 1 on success. */
 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
 	{
-	return RAND_pseudo_bytes(result, len);
+	int send_time = 0;
+	if (len < 4)
+		return 0;
+	if (server)
+		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+	else
+		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+	if (send_time)
+		{
+		unsigned long Time = time(NULL);
+		unsigned char *p = result;
+		l2n(Time, p);
+		return RAND_pseudo_bytes(p, len-4);
+		}
+	else
+		return RAND_pseudo_bytes(result, len);
 	}
 
 static int ssl23_client_hello(SSL *s)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 593579ed36..ae852bf011 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -641,6 +641,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */