X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=279d2c01983591932e180b9095d38a33c7e42e7b;hb=ce76ce43ae024cf0e4b76b66187ed50b609ba146;hp=b8f6a8673ec09d9bec59c08557a8da54651007c7;hpb=c44f75404776af0d046ae05258b055389fb5686a;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b8f6a8673e..279d2c0198 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -110,7 +110,7 @@ int ssl3_connect(SSL *s)
 	int ret= -1;
 	int new_state,state,skip=0;;
 
-	RAND_seed(&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -466,7 +466,7 @@ static int ssl3_client_hello(SSL *s)
 		p=s->s3->client_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
@@ -1225,7 +1225,7 @@ fclose(out);
 
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
 			{
-			/* If netscape tollerance is on, ignore errors */
+			/* If netscape tolerance is on, ignore errors */
 			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
 				goto cont;
 			else
@@ -1258,7 +1258,7 @@ cont:
 		ERR_clear_error();
 		}
 
-	/* we should setup a certficate to return.... */
+	/* we should setup a certificate to return.... */
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;
 	if (s->s3->tmp.ca_names != NULL)
@@ -1341,7 +1341,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
 				
 			tmp_buf[0]=s->client_version>>8;
 			tmp_buf[1]=s->client_version&0xff;
-			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+			if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+					goto err;
 
 			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
 
@@ -1687,13 +1688,13 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 #endif
 #endif
 
-	if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
+	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
 		{
 #ifndef NO_RSA
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
-			    || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
+			    || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1705,7 +1706,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
-				|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
+				|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;