Reuse random when responding to a verify request

2024-11-22 11:15:43 +01:00 · 2014-07-22 15:59:14 +02:00 · 2014-07-22 15:59:14 +02:00 · fb2d22371f
commit fb2d22371f
parent b760f001d7
1 changed files with 11 additions and 0 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -455,6 +455,17 @@ static int ssl_generate_random( ssl_context *ssl )
    time_t t;
 #endif

+    /*
+     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->verify_cookie != NULL )
+    {
+        return( 0 );
+    }
+#endif
+
 #if defined(POLARSSL_HAVE_TIME)
    t = time( NULL );
    *p++ = (unsigned char)( t >> 24 );