Do not include a timestamp in the ServerHello Random field.openssl-101e-no-gmt-time-v1

Instead, send random bytes.

2 files changed, 4 insertions, 9 deletions

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 29421da9aa..5b0c86a3ab 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -912,15 +912,13 @@ int dtls1_send_server_hello(SSL *s)
 	unsigned char *p,*d;
 	int i;
 	unsigned int sl;
-	unsigned long l,Time;
+	unsigned long l;
 
 	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
 		{
 		buf=(unsigned char *)s->init_buf->data;
 		p=s->s3->server_random;
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index bfb8480540..511f5bef4c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1193,12 +1193,9 @@ int ssl3_get_client_hello(SSL *s)
 	 * server_random before calling tls_session_secret_cb in order to allow
 	 * SessionTicket processing to use it in key derivation. */
 	{
-		unsigned long Time;
 		unsigned char *pos;
-		Time=(unsigned long)time(NULL);			/* Time */
-		pos=s->s3->server_random;
-		l2n(Time,pos);
-		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+    		pos=s->s3->server_random;
+		if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE) <= 0)
 			{
 			al=SSL_AD_INTERNAL_ERROR;
 			goto f_err;