Google Git
Sign in
boringssl / boringssl.git / 74d8bc2503bf7dcb20f4358e50dd09f0a8e787cf^! / . / ssl
commit74d8bc2503bf7dcb20f4358e50dd09f0a8e787cf[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Thu May 21 02:16:53 2015 -0400
committerAdam Langley <agl@google.com>Wed May 27 21:47:59 2015 +0000
treed7151be6de628bbc926ec2d10b8e987fb30617c2
parent7b5aff4812ff32d9c6ad6fa82141f66296eb197a [diff]
Don't make SSL_MODE_*HELLO_TIME configurable.

Never send the time as a client. Always send it as a server.

Change-Id: I20c55078cfe199d53dc002f6ee5dd57060b086d5
Reviewed-on: https://boringssl-review.googlesource.com/4829
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/internal.h b/ssl/internal.h
index 0c0ecc3..4ca36f3 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -855,7 +855,10 @@
 
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len);
+
+/* ssl_fill_hello_random fills a client_random or server_random field of length
+ * |len|. It returns one on success and zero on failure. */
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server);
 
 const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
 uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b78f6d3..2222c06 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c

@@ -667,20 +667,10 @@
   return 1;
 }
 
-/* ssl_fill_hello_random fills a client_random or server_random field of length
- * |len|. Returns 0 on failure or 1 on success. */
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) {
-  int send_time = 0;
-
-  if (server) {
-    send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-  } else {
-    send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-  }
-
-  if (send_time) {
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) {
+  if (is_server) {
     const uint32_t current_time = time(NULL);
-    uint8_t *p = result;
+    uint8_t *p = out;
 
     if (len < 4) {
       return 0;
@@ -691,6 +681,6 @@
     p[3] = current_time;
     return RAND_bytes(p + 4, len - 4);
   } else {
-    return RAND_bytes(result, len);
+    return RAND_bytes(out, len);
   }
 }

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 662077b..789abbd 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -610,7 +610,8 @@
     /* If resending the ClientHello in DTLS after a HelloVerifyRequest, don't
      * renegerate the client_random. The random must be reused. */
     if ((!SSL_IS_DTLS(s) || !s->d1->send_cookie) &&
-        !ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random))) {
+        !ssl_fill_hello_random(p, sizeof(s->s3->client_random),
+                               0 /* client */)) {
       goto err;
     }
 

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9ce889a..d543874 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -1144,7 +1144,8 @@
     *(p++) = s->version & 0xff;
 
     /* Random stuff */
-    if (!ssl_fill_hello_random(s, 1, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+    if (!ssl_fill_hello_random(s->s3->server_random, SSL3_RANDOM_SIZE,
+                               1 /* server */)) {
       OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, ERR_R_INTERNAL_ERROR);
       return -1;
     }