This commit was manufactured by cvs2svn to create branch

[oweals/openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 26ce0cb9639d064a0d4b9f75ad52144423580e70..0969476b25fac511c483ddce706cc4ef6222b8b3 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -117,6 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include <openssl/fips.h>
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -534,7 +535,8 @@ static int ssl3_client_hello(SSL *s)
                p=s->s3->client_random;
                Time=time(NULL);                        /* Time */
                l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                   goto err;
 
                /* Do the message type and length last */
                d=p= &(buf[4]);
@@ -1160,11 +1162,14 @@ static int ssl3_get_key_exchange(SSL *s)
                        q=md_buf;
                        for (num=2; num > 0; num--)
                                {
+                               EVP_MD_CTX_set_flags(&md_ctx,
+                                       EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                EVP_DigestInit_ex(&md_ctx,(num == 2)
                                        ?s->ctx->md5:s->ctx->sha1, NULL);
                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                EVP_DigestUpdate(&md_ctx,param,param_len);
+                               
                                EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
                                q+=i;
                                j+=i;