From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 6 Oct 2017 09:16:17 +0000 (+0200)
Subject: handshake: treat reply to HRR as a reply to hello verify request
X-Git-Tag: gnutls_3_6_3~328
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bcf4de03;p=thirdparty%2Fgnutls.git

handshake: treat reply to HRR as a reply to hello verify request

That is, re-use the client random value on the client hello which
is a reply to a hello retry request.

Relates #299

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/handshake.c b/lib/handshake.c
index d12e80e676..3746296d44 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1868,9 +1868,8 @@ static int send_client_hello(gnutls_session_t session, int again)
 
 		/* Generate random data 
 		 */
-		if (!IS_DTLS(session)
-		    || session->internals.dtls.hsk_hello_verify_requests ==
-		    0) {
+		if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
+		    !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
 			ret = _gnutls_gen_client_random(session);
 			if (ret < 0)
 				return gnutls_assert_val(ret);