The variable s->s3->tmp.ecdh is set in ssl3_send_server_key_exchange() or dtls1_send_server_key_exchange(), after it is checked if it points to NULL. Later it is read only once in ssl3_get_client_key_exchange(), but then not freed and set to NULL again. When a renegotiation with a full handshake is performed, to compute new key material, the procedure is the same and s->s3->tmp.ecdh should be set in the send_server_key_exchange() functions. This fails because is has not been set to NULL in advance, so no renegotiation is possible, even worse, it causes to connection to fail. This patch adds two lines to free the variable right after it has been used, to allow it to be set again during following renegotiations.
--- ssl/s3_srvr.c 22 Apr 2009 15:40:54 -0000 1.171.2.3
+++ ssl/s3_srvr.c 10 Jun 2009 08:30:11 -0000
@@ -2388,6 +2399,8 @@
EC_POINT_free(clnt_ecpoint);
EC_KEY_free(srvr_ecdh);
BN_CTX_free(bn_ctx);
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
/* Compute the master secret */
s->session->master_key_length = s->method->ssl3_enc-> \
ecdh-bug.patch
Description: Binary data
