diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 64ee4269ec..779e94a35c 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -235,7 +235,8 @@ static int ssl23_client_hello(SSL *s) | |||
| 235 | #endif | 235 | #endif |
| 236 | 236 | ||
| 237 | p=s->s3->client_random; | 237 | p=s->s3->client_random; |
| 238 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); | 238 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) |
| 239 | return -1; | ||
| 239 | 240 | ||
| 240 | /* Do the message type and length last */ | 241 | /* Do the message type and length last */ |
| 241 | d= &(buf[2]); | 242 | d= &(buf[2]); |
| @@ -248,6 +249,14 @@ static int ssl23_client_hello(SSL *s) | |||
| 248 | *(d++)=TLS1_VERSION_MINOR; | 249 | *(d++)=TLS1_VERSION_MINOR; |
| 249 | s->client_version=TLS1_VERSION; | 250 | s->client_version=TLS1_VERSION; |
| 250 | } | 251 | } |
| 252 | #ifdef OPENSSL_FIPS | ||
| 253 | else if(FIPS_mode()) | ||
| 254 | { | ||
| 255 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 256 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 257 | return -1; | ||
| 258 | } | ||
| 259 | #endif | ||
| 251 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 260 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 252 | { | 261 | { |
| 253 | *(d++)=SSL3_VERSION_MAJOR; | 262 | *(d++)=SSL3_VERSION_MAJOR; |
| @@ -296,7 +305,9 @@ static int ssl23_client_hello(SSL *s) | |||
| 296 | i=ch_len; | 305 | i=ch_len; |
| 297 | s2n(i,d); | 306 | s2n(i,d); |
| 298 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); | 307 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); |
| 299 | RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 308 | if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) |
| 309 | return -1; | ||
| 310 | |||
| 300 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 311 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
| 301 | p+=i; | 312 | p+=i; |
| 302 | 313 | ||
| @@ -426,6 +437,14 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 426 | if ((p[2] == SSL3_VERSION_MINOR) && | 437 | if ((p[2] == SSL3_VERSION_MINOR) && |
| 427 | !(s->options & SSL_OP_NO_SSLv3)) | 438 | !(s->options & SSL_OP_NO_SSLv3)) |
| 428 | { | 439 | { |
| 440 | #ifdef OPENSSL_FIPS | ||
| 441 | if(FIPS_mode()) | ||
| 442 | { | ||
| 443 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 444 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 445 | goto err; | ||
| 446 | } | ||
| 447 | #endif | ||
| 429 | s->version=SSL3_VERSION; | 448 | s->version=SSL3_VERSION; |
| 430 | s->method=SSLv3_client_method(); | 449 | s->method=SSLv3_client_method(); |
| 431 | } | 450 | } |