Address code-review comments from prev changes.

David is heading out so I didn't want to block the previous batch of changes for weeks. Thus I landed them as-is and this change tweaks a couple of things that would normally have been addressed in code-review. Change-Id: I2579dbc43d93fea34a52b4041f5511d70217aaf7
2014-12-13 15:35:50 -08:00 · 2014-12-13 15:35:50 -08:00 · 139ed19580
commit 139ed19580
parent 87909c0445
3 changed files with 29 additions and 23 deletions
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@ -732,24 +732,30 @@ int ssl3_release_read_buffer(SSL *s)
 	return 1;
 	}

-/* Fill a ClientRandom or ServerRandom field of length len. Returns 0
- * on failure, 1 on success. */
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-        {
-                int send_time = 0;
-                if (len < 4)
-                        return 0;
-                if (server)
-                        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-                else
-                        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-                if (send_time)
-                        {
-                        unsigned long Time = (unsigned long)time(NULL);
-                        unsigned char *p = result;
-                        l2n(Time, p);
-                        return RAND_bytes(p, len-4);
-                        }
-                else
-                        return RAND_bytes(result, len);
-        }
+/* ssl_fill_hello_random fills a client_random or server_random field of length
+ * |len|. Returns 0 on failure or 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) {
+  int send_time = 0;
+
+  if (server) {
+    send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+  } else {
+    send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+  }
+
+  if (send_time) {
+    const uint32_t current_time = time(NULL);
+    uint8_t *p = result;
+
+    if (len < 4) {
+      return 0;
+    }
+    p[0] = current_time >> 24;
+    p[1] = current_time >> 16;
+    p[2] = current_time >> 8;
+    p[3] = current_time;
+    return RAND_bytes(p + 4, len - 4);
+  } else {
+    return RAND_bytes(result, len);
+  }
+}
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -782,7 +782,7 @@ int ssl3_get_initial_bytes(SSL *s)

 	/* Determine if this is a ClientHello or V2ClientHello. */

-	if (p[0] & 0x80 && p[2] == SSL2_MT_CLIENT_HELLO &&
+	if ((p[0] & 0x80) && p[2] == SSL2_MT_CLIENT_HELLO &&
 		p[3] >= SSL3_VERSION_MAJOR)
 		{
 		/* This is a V2ClientHello. */
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -747,7 +747,7 @@ void ssl_get_compatible_server_ciphers(SSL *s, unsigned long *out_mask_k,

 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
+int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len);

 const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
 uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);