Don't make SSL_MODE_*HELLO_TIME configurable.
Never send the time as a client. Always send it as a server.
Change-Id: I20c55078cfe199d53dc002f6ee5dd57060b086d5
Reviewed-on: https://boringssl-review.googlesource.com/4829
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0af4599..4fb4dd9 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -429,13 +429,6 @@
* TODO(davidben): Remove this behavior. https://crbug.com/486295. */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* SSL_MODE_SEND_CLIENTHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME send the
- * current time in the random fields of the ClientHello and ServerHello records,
- * respectively, for compatibility with hypothetical implementations that
- * require it. */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-
/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before
* receipt of CCS and Finished. This mode enables full-handshakes to 'complete'
* in one RTT. See draft-bmoeller-tls-falsestart-01. */
@@ -470,6 +463,8 @@
* compile code with BoringSSL. */
#define SSL_MODE_AUTO_RETRY 0
#define SSL_MODE_RELEASE_BUFFERS 0
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0
/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more
* of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask
diff --git a/ssl/internal.h b/ssl/internal.h
index 0c0ecc3..4ca36f3 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -855,7 +855,10 @@
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_verify_alarm_type(long type);
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len);
+
+/* ssl_fill_hello_random fills a client_random or server_random field of length
+ * |len|. It returns one on success and zero on failure. */
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server);
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b78f6d3..2222c06 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -667,20 +667,10 @@
return 1;
}
-/* ssl_fill_hello_random fills a client_random or server_random field of length
- * |len|. Returns 0 on failure or 1 on success. */
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) {
- int send_time = 0;
-
- if (server) {
- send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
- } else {
- send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
- }
-
- if (send_time) {
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) {
+ if (is_server) {
const uint32_t current_time = time(NULL);
- uint8_t *p = result;
+ uint8_t *p = out;
if (len < 4) {
return 0;
@@ -691,6 +681,6 @@
p[3] = current_time;
return RAND_bytes(p + 4, len - 4);
} else {
- return RAND_bytes(result, len);
+ return RAND_bytes(out, len);
}
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 662077b..789abbd 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -610,7 +610,8 @@
/* If resending the ClientHello in DTLS after a HelloVerifyRequest, don't
* renegerate the client_random. The random must be reused. */
if ((!SSL_IS_DTLS(s) || !s->d1->send_cookie) &&
- !ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random))) {
+ !ssl_fill_hello_random(p, sizeof(s->s3->client_random),
+ 0 /* client */)) {
goto err;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9ce889a..d543874 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1144,7 +1144,8 @@
*(p++) = s->version & 0xff;
/* Random stuff */
- if (!ssl_fill_hello_random(s, 1, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+ if (!ssl_fill_hello_random(s->s3->server_random, SSL3_RANDOM_SIZE,
+ 1 /* server */)) {
OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, ERR_R_INTERNAL_ERROR);
return -1;
}
