From f4c93b46edb51da71f09eda99e83eaf193a33c08 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 16 Sep 2013 13:32:54 -0400 Subject: Do not include a timestamp in the ServerHello Random field. Instead, send random bytes. --- ssl/d1_srvr.c | 6 ++---- ssl/s3_srvr.c | 7 ++----- 2 files changed, 4 insertions(+), 9 deletions(-) (limited to 'ssl') diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 29421da9aa..5b0c86a3ab 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -912,15 +912,13 @@ int dtls1_send_server_hello(SSL *s) unsigned char *p,*d; int i; unsigned int sl; - unsigned long l,Time; + unsigned long l; if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf=(unsigned char *)s->init_buf->data; p=s->s3->server_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); + RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bfb8480540..511f5bef4c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s) * server_random before calling tls_session_secret_cb in order to allow * SessionTicket processing to use it in key derivation. */ { - unsigned long Time; unsigned char *pos; - Time=(unsigned long)time(NULL); /* Time */ - pos=s->s3->server_random; - l2n(Time,pos); - if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0) + pos=s->s3->server_random; + if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0) { al=SSL_AD_INTERNAL_ERROR; goto f_err; -- cgit v1.2.3