TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 98545f128a030051713bf58e3745ccdd58737f8b^! / . / library / ssl_srv.c
commit98545f128a030051713bf58e3745ccdd58737f8b[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Tue Jul 22 22:10:43 2014 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Tue Oct 21 16:30:16 2014 +0200
tree0715c650fad2b5e7223d068d89279385019d06ab
parentdd3cdb0fbc43db2c1449548bf75956b3fe5929da [diff] [blame]
Generate random key for HelloVerifyRequest

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 521552d..2b1a654 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -1160,6 +1160,30 @@
 #endif
 
 /*
+ * Generate server key for HelloVerifyRequest
+ */
+int ssl_setup_hvr_key( ssl_context *ssl )
+{
+    int ret;
+    unsigned char key[HVR_MD_LEN];
+
+    if( ( ret = ssl->f_rng( ssl->p_rng, key, sizeof( key ) ) ) != 0 )
+        return( ret );
+
+    ret = md_init_ctx( &ssl->hvr_hmac_ctx, md_info_from_type( HVR_MD ) );
+    if( ret != 0 )
+        return( ret );
+
+    ret = md_hmac_starts( &ssl->hvr_hmac_ctx, key, sizeof( key ) );
+    if( ret != 0 )
+        return( ret );
+
+    polarssl_zeroize( key, sizeof( key ) );
+
+    return( 0 );
+}
+
+/*
  * Generate cookie for DTLS ClientHello verification
  */
 static int ssl_generate_verify_cookie( ssl_context *ssl )
@@ -1168,10 +1192,6 @@
     unsigned char *cookie = ssl->handshake->verify_cookie;
     unsigned char cookie_len;
     unsigned char hmac_out[HVR_MD_LEN];
-    unsigned char hmac_key[32] = { 0 }; /* temporary! */
-    md_context_t hmac_ctx;
-
-    md_init( &hmac_ctx );
 
     polarssl_free( cookie );
 
@@ -1183,23 +1203,17 @@
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
-    /* Do a HMAC of client id */
-    ret = md_init_ctx( &hmac_ctx, md_info_from_type( HVR_MD ) );
-    if( ret != 0 )
+    if( ( ret = md_hmac_reset(  &ssl->hvr_hmac_ctx ) ) != 0 ||
+        ( ret = md_hmac_update( &ssl->hvr_hmac_ctx,
+                                ssl->cli_id, ssl->cli_id_len ) ) != 0 ||
+        ( ret = md_hmac_finish( &ssl->hvr_hmac_ctx, hmac_out ) ) != 0 )
     {
-        SSL_DEBUG_RET( 0, "md_init_ctx", ret );
+        SSL_DEBUG_RET( 1, "md_hmac", ret );
         return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
     }
 
-    /* Only possible error is if hmac_ctx wasn't initialized */
-    (void) md_hmac_starts( &hmac_ctx, hmac_key, sizeof( hmac_key ) );
-    (void) md_hmac_update( &hmac_ctx, ssl->cli_id, ssl->cli_id_len );
-    (void) md_hmac_finish( &hmac_ctx, hmac_out );
-
     memcpy( cookie, hmac_out, HVR_MD_USE );
 
-    md_free( &hmac_ctx );
-
     ssl->handshake->verify_cookie = cookie;
     ssl->handshake->verify_cookie_len = cookie_len;