DTLS RFC4347 requires client to use rame random field in reply to

HelloVerifyRequest.

DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest.
e7adda52 · Andy Polyakov · 7432d073 · e7adda52
隐藏空白更改
内联并排

Showing with 16 addition and 6 deletion

ssl/d1_clnt.c ssl/d1_clnt.c +16 -6

未找到文件。
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -120,7 +120,6 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -219,6 +218,8 @@ int dtls1_connect(SSL *s)
 			s->state=SSL3_ST_CW_CLNT_HELLO_A;
 			s->ctx->stats.sess_connect++;
 			s->init_num=0;
+			/* mark client_random uninitialized */
+			memset(s->s3->client_random,0,sizeof(s->s3->client_random));
 			break;

 		case SSL3_ST_CW_CLNT_HELLO_A:
@@ -421,6 +422,8 @@ int dtls1_connect(SSL *s)
 				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
 				}
 			s->init_num=0;
+			/* mark client_random uninitialized */
+			memset (s->s3->client_random,0,sizeof(s->s3->client_random));
 			break;

 		case SSL3_ST_CR_FINISHED_A:
@@ -543,9 +546,16 @@ int dtls1_client_hello(SSL *s)
 		/* else use the pre-loaded session */

 		p=s->s3->client_random;
-		Time=(unsigned long)time(NULL);			/* Time */
-		l2n(Time,p);
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+
+		/* if client_random is initialized, reuse it, we are
+		 * required to use same upon reply to HelloVerify */
+		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+		if (i==sizeof(s->s3->client_random))
+			{
+			Time=(unsigned long)time(NULL);	/* Time */
+			l2n(Time,p);
+			RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
+			}

 		/* Do the message type and length last */
 		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
@@ -731,7 +741,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 			s->session->master_key_length=sizeof tmp_buf;

 			q=p;
-			/* Fix buf for TLS and beyond */
+			/* Fix buf for TLS and [incidentally] DTLS */
 			if (s->version > SSL3_VERSION)
 				p+=2;
 			n=RSA_public_encrypt(sizeof tmp_buf,
@@ -746,7 +756,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 				goto err;
 				}

-			/* Fix buf for TLS and beyond */
+			/* Fix buf for TLS and [incidentally] DTLS */
 			if (s->version > SSL3_VERSION)
 				{
 				s2n(n,q);