Everytime a new handshake is initialized the value s->s3- 
 >client_random gets filled with random numbers for the ClientHello.  
The value has to be reused if the ClientHello has to be repeated  
because the server sent a HelloVerifyRequest. In the function  
dtls1_client_hello() is checked if client_random is still zero or  
already set to decide whether new random numbers have to be generated.  
In the state SSL3_ST_CW_FINISHED_A the client_random is overwritten  
with zeros to indicate that the next time a ClientHello is sent new  
random values have to be generated. This is not only redundant with  
the memset call at the beginning of the handshake in state  
SSL_ST_CONNECT, it also prevents to use the value after the handshake  
is done. So the redundant memset call should be removed. This is  
important for the TLS key material extractor feature which relies on  
the client_random value.


--- ssl/d1_clnt.c       2008-06-04 20:35:25.000000000 +0200
+++ ssl/d1_clnt.c       2009-01-22 16:54:27.000000000 +0100
@@ -426,8 +426,6 @@
                                s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
-                       /* mark client_random uninitialized */
-                       memset 
(s->s3->client_random,0,sizeof(s->s3->client_random));

                        break;

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to