projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
*** empty log message ***
[oweals/openssl.git]
/
ssl
/
s3_clnt.c
diff --git
a/ssl/s3_clnt.c
b/ssl/s3_clnt.c
index b8f6a8673ec09d9bec59c08557a8da54651007c7..279d2c01983591932e180b9095d38a33c7e42e7b 100644
(file)
--- a/
ssl/s3_clnt.c
+++ b/
ssl/s3_clnt.c
@@
-110,7
+110,7
@@
int ssl3_connect(SSL *s)
int ret= -1;
int new_state,state,skip=0;;
int ret= -1;
int new_state,state,skip=0;;
- RAND_
seed(&Time,sizeof(Time)
);
+ RAND_
add(&Time,sizeof(Time),0
);
ERR_clear_error();
clear_sys_error();
ERR_clear_error();
clear_sys_error();
@@
-466,7
+466,7
@@
static int ssl3_client_hello(SSL *s)
p=s->s3->client_random;
Time=time(NULL); /* Time */
l2n(Time,p);
p=s->s3->client_random;
Time=time(NULL); /* Time */
l2n(Time,p);
- RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+ RAND_
pseudo_
bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[4]);
/* Do the message type and length last */
d=p= &(buf[4]);
@@
-1225,7
+1225,7
@@
fclose(out);
if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
{
if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
{
- /* If netscape tol
l
erance is on, ignore errors */
+ /* If netscape tolerance is on, ignore errors */
if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
goto cont;
else
if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
goto cont;
else
@@
-1258,7
+1258,7
@@
cont:
ERR_clear_error();
}
ERR_clear_error();
}
- /* we should setup a certficate to return.... */
+ /* we should setup a cert
i
ficate to return.... */
s->s3->tmp.cert_req=1;
s->s3->tmp.ctype_num=ctype_num;
if (s->s3->tmp.ca_names != NULL)
s->s3->tmp.cert_req=1;
s->s3->tmp.ctype_num=ctype_num;
if (s->s3->tmp.ca_names != NULL)
@@
-1341,7
+1341,8
@@
static int ssl3_send_client_key_exchange(SSL *s)
tmp_buf[0]=s->client_version>>8;
tmp_buf[1]=s->client_version&0xff;
tmp_buf[0]=s->client_version>>8;
tmp_buf[1]=s->client_version&0xff;
- RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+ if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+ goto err;
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
@@
-1687,13
+1688,13
@@
static int ssl3_check_cert_and_algorithm(SSL *s)
#endif
#endif
#endif
#endif
- if (SSL_
IS_EXPORT(algs
) && !has_bits(i,EVP_PKT_EXP))
+ if (SSL_
C_IS_EXPORT(s->s3->tmp.new_cipher
) && !has_bits(i,EVP_PKT_EXP))
{
#ifndef NO_RSA
if (algs & SSL_kRSA)
{
if (rsa == NULL
{
#ifndef NO_RSA
if (algs & SSL_kRSA)
{
if (rsa == NULL
- || RSA_size(rsa) > SSL_
EXPORT_PKEYLENGTH(algs
))
+ || RSA_size(rsa) > SSL_
C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher
))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@@
-1705,7
+1706,7
@@
static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
- || DH_size(dh) > SSL_
EXPORT_PKEYLENGTH(algs
))
+ || DH_size(dh) > SSL_
C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher
))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;