Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE

(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.

2 files changed, 22 insertions, 1 deletions

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 01e492adfb..65d2c26ad2 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -273,7 +273,22 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
  * on failure, 1 on success. */
 int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
 	{
-	return RAND_pseudo_bytes(result, len);
+	int send_time = 0;
+	if (len < 4)
+		return 0;
+	if (server)
+		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+	else
+		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+	if (send_time)
+		{
+		unsigned long Time = time(NULL);
+		unsigned char *p = result;
+		l2n(Time, p);
+		return RAND_pseudo_bytes(p, len-4);
+		}
+	else
+		return RAND_pseudo_bytes(result, len);
 	}
 
 static int ssl23_client_hello(SSL *s)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 593579ed36..ae852bf011 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -641,6 +641,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */