Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE

(I'd rather use an option, but it appears that the options field is full.) Now, we send the time in the gmt_unix_time field if the appropriate one of these mode options is set, but randomize the field if the flag is not set.
author: Nick Mathewson <nickm@torproject.org> 2013-10-09 10:37:53 -0400
committer: Nick Mathewson <nickm@torproject.org> 2013-10-09 10:37:53 -0400
commit: 2583270191a8b27eed303c03ece1da97b9b69fd3 (patch)
tree: 6987ad492978faccdf7ede2a16fbda62de7ec7a2 /ssl/s23_clnt.c
parent: 3da721dac9382c48812c8eba455528fd59af2eef (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 01e492adfb..65d2c26ad2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -273,7 +273,22 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
  * on failure, 1 on success. */
 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
 	{
-	return RAND_pseudo_bytes(result, len);
+	int send_time = 0;
+	if (len < 4)
+		return 0;
+	if (server)
+		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+	else
+		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+	if (send_time)
+		{
+		unsigned long Time = time(NULL);
+		unsigned char *p = result;
+		l2n(Time, p);
+		return RAND_pseudo_bytes(p, len-4);
+		}
+	else
+		return RAND_pseudo_bytes(result, len);
 	}
 
 static int ssl23_client_hello(SSL *s)
author	Nick Mathewson <nickm@torproject.org>	2013-10-09 10:37:53 -0400
committer	Nick Mathewson <nickm@torproject.org>	2013-10-09 10:37:53 -0400
commit	2583270191a8b27eed303c03ece1da97b9b69fd3 (patch)
tree	6987ad492978faccdf7ede2a16fbda62de7ec7a2 /ssl/s23_clnt.c
parent	3da721dac9382c48812c8eba455528fd59af2eef (diff)