Don't make SSL_MODE_*HELLO_TIME configurable.

Never send the time as a client. Always send it as a server.

Change-Id: I20c55078cfe199d53dc002f6ee5dd57060b086d5
Reviewed-on: https://boringssl-review.googlesource.com/4829
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl.h

@@ -429,13 +429,6 @@ OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
  * TODO(davidben): Remove this behavior. https://crbug.com/486295. */
 #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
 
-/* SSL_MODE_SEND_CLIENTHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME send the
- * current time in the random fields of the ClientHello and ServerHello records,
- * respectively, for compatibility with hypothetical implementations that
- * require it. */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-
 /* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before
  * receipt of CCS and Finished. This mode enables full-handshakes to 'complete'
  * in one RTT. See draft-bmoeller-tls-falsestart-01. */
@@ -470,6 +463,8 @@ OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl);
  * compile code with BoringSSL. */
 #define SSL_MODE_AUTO_RETRY 0
 #define SSL_MODE_RELEASE_BUFFERS 0
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0
 
 /* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more
  * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask

ssl/internal.h

@@ -855,7 +855,10 @@ void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k,
 
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len);
+
+/* ssl_fill_hello_random fills a client_random or server_random field of length
+ * |len|. It returns one on success and zero on failure. */
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server);
 
 const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
 uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c);

ssl/s3_both.c

@@ -667,20 +667,10 @@ int ssl3_release_read_buffer(SSL *s) {
   return 1;
 }
 
-/* ssl_fill_hello_random fills a client_random or server_random field of length
- * |len|. Returns 0 on failure or 1 on success. */
-int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) {
-  int send_time = 0;
-
-  if (server) {
-    send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-  } else {
-    send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-  }
-
-  if (send_time) {
+int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) {
+  if (is_server) {
     const uint32_t current_time = time(NULL);
-    uint8_t *p = result;
+    uint8_t *p = out;
 
     if (len < 4) {
       return 0;
@@ -691,6 +681,6 @@ int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) {
     p[3] = current_time;
     return RAND_bytes(p + 4, len - 4);
   } else {
-    return RAND_bytes(result, len);
+    return RAND_bytes(out, len);
   }
 }

ssl/s3_clnt.c

@@ -610,7 +610,8 @@ int ssl3_send_client_hello(SSL *s) {
     /* If resending the ClientHello in DTLS after a HelloVerifyRequest, don't
      * renegerate the client_random. The random must be reused. */
     if ((!SSL_IS_DTLS(s) || !s->d1->send_cookie) &&
-        !ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random))) {
+        !ssl_fill_hello_random(p, sizeof(s->s3->client_random),
+                               0 /* client */)) {
       goto err;
     }
 

ssl/s3_srvr.c

@@ -1144,7 +1144,8 @@ int ssl3_send_server_hello(SSL *s) {
     *(p++) = s->version & 0xff;
 
     /* Random stuff */
-    if (!ssl_fill_hello_random(s, 1, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+    if (!ssl_fill_hello_random(s->s3->server_random, SSL3_RANDOM_SIZE,
+                               1 /* server */)) {
       OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, ERR_R_INTERNAL_ERROR);
       return -1;
     }