List Info

Thread: OpenSSL: openssl/ssl/ d1_clnt.c
OpenSSL: openssl/ssl/ d1_clnt.c
country flaguser name
Germany		 2007-09-30 14:15:27 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Andy
Polyakov
  Root:   /v/openssl/cvs                   Email:  approopenssl.org
  Module: openssl                          Date:  
30-Sep-2007 21:15:27
  Branch: HEAD                             Handle:
2007093020152700

  Modified files:
    openssl/ssl             d1_clnt.c

  Log:
    DTLS RFC4347 requires client to use rame random field in
reply to
    HelloVerifyRequest.

  Summary:
    Revision    Changes     Path
    1.13        +16 -6      openssl/ssl/d1_clnt.c
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/ssl/d1_clnt.c
 
============================================================
================
  $ cvs diff -u -r1.12 -r1.13 d1_clnt.c
  --- openssl/ssl/d1_clnt.c	31 Aug 2007 12:42:50 -0000	1.12
  +++ openssl/ssl/d1_clnt.c	30 Sep 2007 19:15:27 -0000	1.13
   -120,7 +120,6 
   #include <openssl/objects.h>
   #include <openssl/evp.h>
   #include <openssl/md5.h>
  -#include <openssl/bn.h>
   #ifndef OPENSSL_NO_DH
   #include <openssl/dh.h>
   #endif
   -219,6 +218,8 
   			s->state=SSL3_ST_CW_CLNT_HELLO_A;
   			s->ctx->stats.sess_connect++;
   			s->init_num=0;
  +			/* mark client_random uninitialized */
 
+			memset(s->s3->client_random,0,sizeof(s->s3->
client_random));
   			break;
   
   		case SSL3_ST_CW_CLNT_HELLO_A:
   -421,6 +422,8 
   				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
   				}
   			s->init_num=0;
  +			/* mark client_random uninitialized */
  +			memset
(s->s3->client_random,0,sizeof(s->s3->client_ran
dom));
   			break;
   
   		case SSL3_ST_CR_FINISHED_A:
   -543,9 +546,16 
   		/* else use the pre-loaded session */
   
   		p=s->s3->client_random;
  -		Time=(unsigned long)time(NULL);			/* Time */
  -		l2n(Time,p);
  -		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
  +
  +		/* if client_random is initialized, reuse it, we are
  +		 * required to use same upon reply to HelloVerify */
  +		for (i=0;p[i]=='' &&
i<sizeof(s->s3->client_random);i++) ;
  +		if (i==sizeof(s->s3->client_random))
  +			{
  +			Time=(unsigned long)time(NULL);	/* Time */
  +			l2n(Time,p);
 
+			RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4
);
  +			}
   
   		/* Do the message type and length last */
   		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
   -731,7 +741,7 
   			s->session->master_key_length=sizeof tmp_buf;
   
   			q=p;
  -			/* Fix buf for TLS and beyond */
  +			/* Fix buf for TLS and [incidentally] DTLS */
   			if (s->version > SSL3_VERSION)
   				p+=2;
   			n=RSA_public_encrypt(sizeof tmp_buf,
   -746,7 +756,7 
   				goto err;
   				}
   
  -			/* Fix buf for TLS and beyond */
  +			/* Fix buf for TLS and [incidentally] DTLS */
   			if (s->version > SSL3_VERSION)
   				{
   				s2n(n,q);
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )