diff options
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r-- | crypto/openssl/ssl/s3_srvr.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index deb3cffabeb5..44248ba55941 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -125,6 +125,7 @@ #include <openssl/krb5_asn.h> #endif #include <openssl/md5.h> +#include <openssl/fips.h> static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); @@ -955,7 +956,8 @@ static int ssl3_send_server_hello(SSL *s) p=s->s3->server_random; Time=time(NULL); /* Time */ l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); + if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0) + return -1; /* Do the message type and length last */ d=p= &(buf[4]); @@ -1216,8 +1218,16 @@ static int ssl3_send_server_key_exchange(SSL *s) EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(d[4]),n); +#ifdef OPENSSL_FIPS + if(s->version == TLS1_VERSION && num == 2) + FIPS_allow_md5(1); +#endif EVP_DigestFinal_ex(&md_ctx,q, (unsigned int *)&i); +#ifdef OPENSSL_FIPS + if(s->version == TLS1_VERSION && num == 2) + FIPS_allow_md5(0); +#endif q+=i; j+=i; } @@ -1491,7 +1501,8 @@ static int ssl3_get_client_key_exchange(SSL *s) i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; - RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ + if(RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ + goto err; } s->session->master_key_length= |