diff options
author | Nick Mathewson <nickm@torproject.org> | 2013-10-09 10:37:53 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-10-09 10:37:53 -0400 |
commit | 2583270191a8b27eed303c03ece1da97b9b69fd3 (patch) | |
tree | 6987ad492978faccdf7ede2a16fbda62de7ec7a2 /ssl | |
parent | 3da721dac9382c48812c8eba455528fd59af2eef (diff) |
Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
(I'd rather use an option, but it appears that the options field is
full.)
Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s23_clnt.c | 17 | ||||
-rw-r--r-- | ssl/ssl.h | 6 |
2 files changed, 22 insertions, 1 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 01e492adfb..65d2c26ad2 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -273,7 +273,22 @@ static int ssl23_no_ssl2_ciphers(SSL *s) * on failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) { - return RAND_pseudo_bytes(result, len); + int send_time = 0; + if (len < 4) + return 0; + if (server) + send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; + else + send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; + if (send_time) + { + unsigned long Time = time(NULL); + unsigned char *p = result; + l2n(Time, p); + return RAND_pseudo_bytes(p, len-4); + } + else + return RAND_pseudo_bytes(result, len); } static int ssl23_client_hello(SSL *s) @@ -641,6 +641,12 @@ struct ssl_session_st * TLS only.) "Released" buffers are put onto a free-list in the context * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L +/* Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L +#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ |