DTLS RFC4347 requires client to use rame random field in reply to
authorAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 19:15:27 +0000 (19:15 +0000)
committerAndy Polyakov <appro@openssl.org>
Sun, 30 Sep 2007 19:15:27 +0000 (19:15 +0000)
HelloVerifyRequest.

ssl/d1_clnt.c

index 1826226..55ed884 100644 (file)
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -219,6 +218,8 @@ int dtls1_connect(SSL *s)
                        s->state=SSL3_ST_CW_CLNT_HELLO_A;
                        s->ctx->stats.sess_connect++;
                        s->init_num=0;
+                       /* mark client_random uninitialized */
+                       memset(s->s3->client_random,0,sizeof(s->s3->client_random));
                        break;
 
                case SSL3_ST_CW_CLNT_HELLO_A:
@@ -421,6 +422,8 @@ int dtls1_connect(SSL *s)
                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
+                       /* mark client_random uninitialized */
+                       memset (s->s3->client_random,0,sizeof(s->s3->client_random));
                        break;
 
                case SSL3_ST_CR_FINISHED_A:
@@ -543,9 +546,16 @@ int dtls1_client_hello(SSL *s)
                /* else use the pre-loaded session */
 
                p=s->s3->client_random;
-               Time=(unsigned long)time(NULL);                 /* Time */
-               l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+
+               /* if client_random is initialized, reuse it, we are
+                * required to use same upon reply to HelloVerify */
+               for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+               if (i==sizeof(s->s3->client_random))
+                       {
+                       Time=(unsigned long)time(NULL); /* Time */
+                       l2n(Time,p);
+                       RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
+                       }
 
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -731,7 +741,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                        s->session->master_key_length=sizeof tmp_buf;
 
                        q=p;
-                       /* Fix buf for TLS and beyond */
+                       /* Fix buf for TLS and [incidentally] DTLS */
                        if (s->version > SSL3_VERSION)
                                p+=2;
                        n=RSA_public_encrypt(sizeof tmp_buf,
@@ -746,7 +756,7 @@ int dtls1_send_client_key_exchange(SSL *s)
                                goto err;
                                }
 
-                       /* Fix buf for TLS and beyond */
+                       /* Fix buf for TLS and [incidentally] DTLS */
                        if (s->version > SSL3_VERSION)
                                {
                                s2n(n,q);