diff options
author | Nick Mathewson <nickm@torproject.org> | 2013-10-09 10:37:53 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-10-09 10:37:53 -0400 |
commit | 2583270191a8b27eed303c03ece1da97b9b69fd3 (patch) | |
tree | 6987ad492978faccdf7ede2a16fbda62de7ec7a2 /ssl/s23_clnt.c | |
parent | 3da721dac9382c48812c8eba455528fd59af2eef (diff) |
Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
(I'd rather use an option, but it appears that the options field is
full.)
Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
Diffstat (limited to 'ssl/s23_clnt.c')
-rw-r--r-- | ssl/s23_clnt.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 01e492adfb..65d2c26ad2 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -273,7 +273,22 @@ static int ssl23_no_ssl2_ciphers(SSL *s) * on failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) { - return RAND_pseudo_bytes(result, len); + int send_time = 0; + if (len < 4) + return 0; + if (server) + send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; + else + send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; + if (send_time) + { + unsigned long Time = time(NULL); + unsigned char *p = result; + l2n(Time, p); + return RAND_pseudo_bytes(p, len-4); + } + else + return RAND_pseudo_bytes(result, len); } static int ssl23_client_hello(SSL *s) |