Everytime a new handshake is initialized the value s->s3- >client_random gets filled with random numbers for the ClientHello. The value has to be reused if the ClientHello has to be repeated because the server sent a HelloVerifyRequest. In the function dtls1_client_hello() is checked if client_random is still zero or already set to decide whether new random numbers have to be generated. In the state SSL3_ST_CW_FINISHED_A the client_random is overwritten with zeros to indicate that the next time a ClientHello is sent new random values have to be generated. This is not only redundant with the memset call at the beginning of the handshake in state SSL_ST_CONNECT, it also prevents to use the value after the handshake is done. So the redundant memset call should be removed. This is important for the TLS key material extractor feature which relies on the client_random value.
--- ssl/d1_clnt.c 2008-06-04 20:35:25.000000000 +0200 +++ ssl/d1_clnt.c 2009-01-22 16:54:27.000000000 +0100 @@ -426,8 +426,6 @@ s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } s->init_num=0; - /* mark client_random uninitialized */ - memset (s->s3->client_random,0,sizeof(s->s3->client_random)); break; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org