generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

DTLS RFC4347 requires client to use rame random field in reply to

Browse Source 
HelloVerifyRequest.
This commit is contained in:
Andy Polyakov 2007-09-30 19:15:27 +00:00
parent 7432d073af
commit e7adda52b3
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ssl/d1_clnt.c
View File

@ -120,7 +120,6 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/md5.h> #include <openssl/md5.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <openssl/dh.h> #include <openssl/dh.h>
#endif #endif
@ -219,6 +218,8 @@ int dtls1_connect(SSL *s)
s->state=SSL3_ST_CW_CLNT_HELLO_A; s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++; s->ctx->stats.sess_connect++;
s->init_num=0; s->init_num=0;
/* mark client_random uninitialized */
memset(s->s3->client_random,0,sizeof(s->s3->client_random));
break; break;
case SSL3_ST_CW_CLNT_HELLO_A: case SSL3_ST_CW_CLNT_HELLO_A:
@ -421,6 +422,8 @@ int dtls1_connect(SSL *s)
s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
} }
s->init_num=0; s->init_num=0;
/* mark client_random uninitialized */
memset (s->s3->client_random,0,sizeof(s->s3->client_random));
break; break;
case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_A:
@ -543,9 +546,16 @@ int dtls1_client_hello(SSL *s)
/* else use the pre-loaded session */ /* else use the pre-loaded session */
p=s->s3->client_random; p=s->s3->client_random;
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p); /* if client_random is initialized, reuse it, we are
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); * required to use same upon reply to HelloVerify */
for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
if (i==sizeof(s->s3->client_random))
{
Time=(unsigned long)time(NULL); /* Time */
l2n(Time,p);
RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
}
/* Do the message type and length last */ /* Do the message type and length last */
d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
@ -731,7 +741,7 @@ int dtls1_send_client_key_exchange(SSL *s)
s->session->master_key_length=sizeof tmp_buf; s->session->master_key_length=sizeof tmp_buf;
q=p; q=p;
/* Fix buf for TLS and beyond */ /* Fix buf for TLS and [incidentally] DTLS */
if (s->version > SSL3_VERSION) if (s->version > SSL3_VERSION)
p+=2; p+=2;
n=RSA_public_encrypt(sizeof tmp_buf, n=RSA_public_encrypt(sizeof tmp_buf,
@ -746,7 +756,7 @@ int dtls1_send_client_key_exchange(SSL *s)
goto err; goto err;
} }
/* Fix buf for TLS and beyond */ /* Fix buf for TLS and [incidentally] DTLS */
if (s->version > SSL3_VERSION) if (s->version > SSL3_VERSION)
{ {
s2n(n,q); s2n(n,q);