Everytime a new handshake is initialized the value s->s3-
>client_random gets filled with random numbers for the ClientHello.

The value has to be reused if the ClientHello has to be repeated
because the server sent a HelloVerifyRequest. In the function
dtls1_client_hello() is checked if client_random is still zero or
already set to decide whether new random numbers have to be
generated. In the state SSL3_ST_CW_FINISHED_A the client_random is
overwritten with zeros to indicate that the next time a ClientHello
is sent new random values have to be generated. This is not only
redundant with the memset call at the beginning of the handshake in
state SSL_ST_CONNECT, it also prevents to use the value after the
handshake is done. So the redundant memset call should be removed.

This is important for the TLS extractor function (http://www.ietf.org/
internet-drafts/draft-ietf-tls-extractor-03.txt) which relies on the
client_random value. It can only be used within the handshake until
now. Every call after the handshake generates different results for
the server and client.


--- ssl/d1_clnt.c~ 2008-06-04 20:35:25.000000000 +0200
+++ ssl/d1_clnt.c 2008-11-06 14:56:00.000000000 +0100
@@ -426,9 +526,6 @@
s->s3-
>tmp.next_state=SSL3_ST_CR_FINISHED_A;

}
s->init_num=0;
- /* mark client_random uninitialized */
- memset (s->s3->client_random,0,sizeof(s->s3-
>client_random));

-
break;

case SSL3_ST_CR_FINISHED_A:

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org