Added gnutls_handshake_set_server_random

5 files changed, 47 insertions, 2 deletions

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index ddd80272d7..83d7b3d699 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -428,8 +428,17 @@ _gnutls_read_client_hello (gnutls_session_t session, uint8_t * data,
   _gnutls_set_client_random (session, &data[pos]);
   pos += GNUTLS_RANDOM_SIZE;
 
-  _gnutls_tls_create_random (rnd);
-  _gnutls_set_server_random (session, rnd);
+  if (session->internals.server_random_set != 0) 
+    {
+      _gnutls_set_server_random (session, session->internals.resumed_security_parameters.server_random);
+      /* make sure it is used only once */
+      session->internals.server_random_set = 0;
+    }
+  else
+    {
+      _gnutls_tls_create_random (rnd);
+      _gnutls_set_server_random (session, rnd);
+    } 
 
   session->security_parameters.timestamp = gnutls_time (NULL);
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index c03269cc70..4037436bea 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -951,6 +951,8 @@ typedef struct
   
   recv_state_t recv_state; /* state of the receive function */
   
+  unsigned int server_random_set:1;
+  
   /* If you add anything here, check _gnutls_handshake_internal_state_clear().
    */
 } internals_st;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 40a3ff0ec2..1145d6b4df 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -1426,3 +1426,34 @@ timespec_sub_ms (struct timespec *a, struct timespec *b)
   return (a->tv_sec * 1000 + a->tv_nsec / (1000 * 1000) -
           (b->tv_sec * 1000 + b->tv_nsec / (1000 * 1000)));
 }
+
+/**
+ * gnutls_handshake_set_server_random:
+ * @session: is a #gnutls_session_t structure.
+ * @random: a random value of 32-bytes
+ *
+ * This function will explicitly set the server hello random value
+ * in the subsequent TLS handshake. The random value should be
+ * a 32-byte value.
+ *
+ * Note that this function should not normally be used as gnutls
+ * will select automatically a random value for the handshake.
+ *
+ * This function should not be used when resuming a session.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since 3.1.9
+ **/
+int
+gnutls_handshake_set_server_random (gnutls_session_t session, gnutls_datum_t* random)
+{
+  if (random->size != GNUTLS_RANDOM_SIZE)
+    return GNUTLS_E_INVALID_REQUEST;
+  
+  session->internals.server_random_set = 1;
+  memcpy(session->internals.resumed_security_parameters.server_random, random->data, random->size);
+
+  return 0;
+}
+
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 710d77ce25..1747946cbd 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -877,6 +877,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
  */
   void gnutls_handshake_set_private_extensions (gnutls_session_t session,
                                                 int allow);
+  int gnutls_handshake_set_server_random (gnutls_session_t session, gnutls_datum_t* random);
+
     gnutls_handshake_description_t
     gnutls_handshake_get_last_out (gnutls_session_t session);
     gnutls_handshake_description_t
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index bbc3ecaa94..36a893ccd5 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -886,6 +886,7 @@ GNUTLS_3_1_0 {
 	gnutls_range_split;
 	gnutls_record_send_range;
 	gnutls_db_check_entry_time;
+	gnutls_handshake_set_server_random;
 	xssl_deinit;
 	xssl_flush;
 	xssl_read;