if (init)
{
- memcpy((char *)&SSLv23_client_data,
- (char *)sslv23_base_method(),sizeof(SSL_METHOD));
- SSLv23_client_data.ssl_connect=ssl23_connect;
- SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
- init=0;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+ if (init)
+ {
+ memcpy((char *)&SSLv23_client_data,
+ (char *)sslv23_base_method(),sizeof(SSL_METHOD));
+ SSLv23_client_data.ssl_connect=ssl23_connect;
+ SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+ init=0;
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_client_data);
}
int ssl23_connect(SSL *s)
{
- BUF_MEM *buf;
+ BUF_MEM *buf=NULL;
unsigned long Time=time(NULL);
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
goto end;
}
s->init_buf=buf;
+ buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
}
end:
s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
#endif
p=s->s3->client_random;
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
+ if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+ return -1;
/* Do the message type and length last */
d= &(buf[2]);
*(d++)=TLS1_VERSION_MINOR;
s->client_version=TLS1_VERSION;
}
+#ifdef OPENSSL_FIPS
+ else if(FIPS_mode())
+ {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return -1;
+ }
+#endif
else if (!(s->options & SSL_OP_NO_SSLv3))
{
*(d++)=SSL3_VERSION_MAJOR;
i=ch_len;
s2n(i,d);
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+ if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
+ return -1;
+
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
p+=i;
if (s->s3 != NULL) ssl3_free(s);
- if (!BUF_MEM_grow(s->init_buf,
+ if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
if ((p[2] == SSL3_VERSION_MINOR) &&
!(s->options & SSL_OP_NO_SSLv3))
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ goto err;
+ }
+#endif
s->version=SSL3_VERSION;
s->method=SSLv3_client_method();
}