Generate random key for HelloVerifyRequest

include/polarssl/ssl.h

@@ -881,6 +881,7 @@ struct _ssl_context
 #if defined(POLARSSL_SSL_PROTO_DTLS) && defined(POLARSSL_SSL_SRV_C)
     unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
     size_t          cli_id_len;     /*!<  length of cli_id                  */
+    md_context_t    hvr_hmac_ctx;   /*!<  HMAC data for HelloVerifyRequest  */
 #endif
 
     /*
@@ -1091,6 +1092,9 @@ void ssl_set_bio( ssl_context *ssl,
 int ssl_set_client_transport_id( ssl_context *ssl,
                                  const unsigned char *info,
                                  size_t ilen );
+
+/* Temporary */
+int ssl_setup_hvr_key( ssl_context *ssl );
 #endif /* POLARSSL_SSL_PROTO_DTLS && POLARSSL_SSL_SRV_C */
 
 /**

library/ssl_srv.c

@@ -1159,6 +1159,30 @@ have_ciphersuite_v2:
 #error "DTLS hello verify needs SHA-1 or SHA-2"
 #endif
 
+/*
+ * Generate server key for HelloVerifyRequest
+ */
+int ssl_setup_hvr_key( ssl_context *ssl )
+{
+    int ret;
+    unsigned char key[HVR_MD_LEN];
+
+    if( ( ret = ssl->f_rng( ssl->p_rng, key, sizeof( key ) ) ) != 0 )
+        return( ret );
+
+    ret = md_init_ctx( &ssl->hvr_hmac_ctx, md_info_from_type( HVR_MD ) );
+    if( ret != 0 )
+        return( ret );
+
+    ret = md_hmac_starts( &ssl->hvr_hmac_ctx, key, sizeof( key ) );
+    if( ret != 0 )
+        return( ret );
+
+    polarssl_zeroize( key, sizeof( key ) );
+
+    return( 0 );
+}
+
 /*
  * Generate cookie for DTLS ClientHello verification
  */
@@ -1168,10 +1192,6 @@ static int ssl_generate_verify_cookie( ssl_context *ssl )
     unsigned char *cookie = ssl->handshake->verify_cookie;
     unsigned char cookie_len;
     unsigned char hmac_out[HVR_MD_LEN];
-    unsigned char hmac_key[32] = { 0 }; /* temporary! */
-    md_context_t hmac_ctx;
-
-    md_init( &hmac_ctx );
 
     polarssl_free( cookie );
 
@@ -1183,23 +1203,17 @@ static int ssl_generate_verify_cookie( ssl_context *ssl )
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
-    /* Do a HMAC of client id */
+    if( ( ret = md_hmac_reset(  &ssl->hvr_hmac_ctx ) ) != 0 ||
-    ret = md_init_ctx( &hmac_ctx, md_info_from_type( HVR_MD ) );
+        ( ret = md_hmac_update( &ssl->hvr_hmac_ctx,
-    if( ret != 0 )
+                                ssl->cli_id, ssl->cli_id_len ) ) != 0 ||
+        ( ret = md_hmac_finish( &ssl->hvr_hmac_ctx, hmac_out ) ) != 0 )
     {
-        SSL_DEBUG_RET( 0, "md_init_ctx", ret );
+        SSL_DEBUG_RET( 1, "md_hmac", ret );
         return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
     }
 
-    /* Only possible error is if hmac_ctx wasn't initialized */
-    (void) md_hmac_starts( &hmac_ctx, hmac_key, sizeof( hmac_key ) );
-    (void) md_hmac_update( &hmac_ctx, ssl->cli_id, ssl->cli_id_len );
-    (void) md_hmac_finish( &hmac_ctx, hmac_out );
-
     memcpy( cookie, hmac_out, HVR_MD_USE );
 
-    md_free( &hmac_ctx );
-
     ssl->handshake->verify_cookie = cookie;
     ssl->handshake->verify_cookie_len = cookie_len;
 

library/ssl_tls.c

@@ -5041,6 +5041,7 @@ void ssl_free( ssl_context *ssl )
 
 #if defined(POLARSSL_SSL_PROTO_DTLS) && defined(POLARSSL_SSL_SRV_C)
     polarssl_free( ssl->cli_id );
+    md_free( &ssl->hvr_hmac_ctx );
 #endif
 
     SSL_DEBUG_MSG( 2, ( "<= free" ) );

programs/ssl/ssl_server2.c

@@ -1344,6 +1344,15 @@ int main( int argc, char *argv[] )
         ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
 #endif
 
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( opt.transport == SSL_TRANSPORT_DATAGRAM &&
+        ( ret = ssl_setup_hvr_key( &ssl ) ) != 0 )
+    {
+        printf( " failed\n  ! ssl_setup_hvr_key returned %d\n\n", ret );
+        goto exit;
+    }
+#endif
+
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );