diff options
author | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:15:27 +0000 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2007-09-30 19:15:27 +0000 |
commit | e7adda52b3e11f09500aa17f271fbeb8b64f14cc (patch) | |
tree | d1bf2cdf2d490f962d848774050b70f2c733ab71 | |
parent | 7432d073af97539e5a2c8b0f1ff254d6b53c9682 (diff) |
DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest.
-rw-r--r-- | ssl/d1_clnt.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1826226ebe..55ed8844c8 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -120,7 +120,6 @@ #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/md5.h> -#include <openssl/bn.h> #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif @@ -219,6 +218,8 @@ int dtls1_connect(SSL *s) s->state=SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; s->init_num=0; + /* mark client_random uninitialized */ + memset(s->s3->client_random,0,sizeof(s->s3->client_random)); break; case SSL3_ST_CW_CLNT_HELLO_A: @@ -421,6 +422,8 @@ int dtls1_connect(SSL *s) s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; + /* mark client_random uninitialized */ + memset (s->s3->client_random,0,sizeof(s->s3->client_random)); break; case SSL3_ST_CR_FINISHED_A: @@ -543,9 +546,16 @@ int dtls1_client_hello(SSL *s) /* else use the pre-loaded session */ p=s->s3->client_random; - Time=(unsigned long)time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + + /* if client_random is initialized, reuse it, we are + * required to use same upon reply to HelloVerify */ + for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; + if (i==sizeof(s->s3->client_random)) + { + Time=(unsigned long)time(NULL); /* Time */ + l2n(Time,p); + RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4); + } /* Do the message type and length last */ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); @@ -731,7 +741,7 @@ int dtls1_send_client_key_exchange(SSL *s) s->session->master_key_length=sizeof tmp_buf; q=p; - /* Fix buf for TLS and beyond */ + /* Fix buf for TLS and [incidentally] DTLS */ if (s->version > SSL3_VERSION) p+=2; n=RSA_public_encrypt(sizeof tmp_buf, @@ -746,7 +756,7 @@ int dtls1_send_client_key_exchange(SSL *s) goto err; } - /* Fix buf for TLS and beyond */ + /* Fix buf for TLS and [incidentally] DTLS */ if (s->version > SSL3_VERSION) { s2n(n,q); |