From fb2d22371fa859afe54aee4f683b644621808001 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 22 Jul 2014 15:59:14 +0200
Subject: [PATCH] Reuse random when responding to a verify request

---
 library/ssl_cli.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 88a4f5af5..0f4fd6c95 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -455,6 +455,17 @@ static int ssl_generate_random( ssl_context *ssl )
     time_t t;
 #endif
 
+    /*
+     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->verify_cookie != NULL )
+    {
+        return( 0 );
+    }
+#endif
+
 #if defined(POLARSSL_HAVE_TIME)
     t = time( NULL );
     *p++ = (unsigned char)( t >> 24 );