commit fb2d22371fa859afe54aee4f683b644621808001
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jul 22 15:59:14 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:14 2014 +0200
tree 79c58e1dcda6447aa037a0d65ffde244d8c44517
parent b760f001d723d6e85d28dcdaa083dd0790db48d0

Reuse random when responding to a verify request

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 88a4f5a..0f4fd6c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -455,6 +455,17 @@
     time_t t;
 #endif
 
+    /*
+     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( ssl->transport == SSL_TRANSPORT_DATAGRAM &&
+        ssl->handshake->verify_cookie != NULL )
+    {
+        return( 0 );
+    }
+#endif
+
 #if defined(POLARSSL_HAVE_TIME)
     t = time( NULL );
     *p++ = (unsigned char)( t >> 24 );