PR: 1952

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

ECDH negotiation bug.

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 4723feecaf30ff7a3f60c4a24618d31c3f132aca..7dc4ceae8e61207c16fddc842cd7b7e6f3c6ea4c 100644 (file)
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -177,8 +177,8 @@ int RAND_write_file(const char *file)
        
        i=stat(file,&sb);
        if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
-         if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+#if defined(S_ISBLK) && defined(S_ISCHR)
+         if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
            /* this file is a device. we don't write back to it. 
             * we "succeed" on the assumption this is some sort 
             * of random device. Otherwise attempting to write to 

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ffa031f61e0ca712ab1ff8ce79fc95207614a080..44065d7e894103239ad72148e45955acbef58da4 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2388,6 +2388,8 @@ int ssl3_get_client_key_exchange(SSL *s)
                EC_POINT_free(clnt_ecpoint);
                EC_KEY_free(srvr_ecdh);
                BN_CTX_free(bn_ctx);
+               EC_KEY_free(s->s3->tmp.ecdh);
+               s->s3->tmp.ecdh = NULL; 
 
                /* Compute the master secret */
                s->session->master_key_length = s->method->ssl3_enc-> \