aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2005-02-25 05:39:05 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2005-02-25 05:39:05 +0000
commit6be8ae0724a74a8210e92579a2e3e25fc6a9cb26 (patch)
tree4a7be4ade5df61ca3631c0937c1fc399944ea1cc /crypto/openssl/ssl/s3_srvr.c
parent01c0bb1d8aa44607627bf7edb3feee626044350c (diff)
downloadsrc-6be8ae0724a74a8210e92579a2e3e25fc6a9cb26.tar.gz
src-6be8ae0724a74a8210e92579a2e3e25fc6a9cb26.zip
Vendor import of OpenSSL 0.9.7e.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=142425
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r--crypto/openssl/ssl/s3_srvr.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index deb3cffabeb5..44248ba55941 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -125,6 +125,7 @@
#include <openssl/krb5_asn.h>
#endif
#include <openssl/md5.h>
+#include <openssl/fips.h>
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@@ -955,7 +956,8 @@ static int ssl3_send_server_hello(SSL *s)
p=s->s3->server_random;
Time=time(NULL); /* Time */
l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+ if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0)
+ return -1;
/* Do the message type and length last */
d=p= &(buf[4]);
@@ -1216,8 +1218,16 @@ static int ssl3_send_server_key_exchange(SSL *s)
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+#ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION && num == 2)
+ FIPS_allow_md5(1);
+#endif
EVP_DigestFinal_ex(&md_ctx,q,
(unsigned int *)&i);
+#ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION && num == 2)
+ FIPS_allow_md5(0);
+#endif
q+=i;
j+=i;
}
@@ -1491,7 +1501,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
i = SSL_MAX_MASTER_KEY_LENGTH;
p[0] = s->client_version >> 8;
p[1] = s->client_version & 0xff;
- RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+ if(RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
+ goto err;
}
s->session->master_key_length=