diff options
Diffstat (limited to 'src/lib/libssl/s23_clnt.c')
| -rw-r--r-- | src/lib/libssl/s23_clnt.c | 23 |
1 files changed, 2 insertions, 21 deletions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index 779e94a35c..64ee4269ec 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -235,8 +235,7 @@ static int ssl23_client_hello(SSL *s) | |||
| 235 | #endif | 235 | #endif |
| 236 | 236 | ||
| 237 | p=s->s3->client_random; | 237 | p=s->s3->client_random; |
| 238 | if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) | 238 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); |
| 239 | return -1; | ||
| 240 | 239 | ||
| 241 | /* Do the message type and length last */ | 240 | /* Do the message type and length last */ |
| 242 | d= &(buf[2]); | 241 | d= &(buf[2]); |
| @@ -249,14 +248,6 @@ static int ssl23_client_hello(SSL *s) | |||
| 249 | *(d++)=TLS1_VERSION_MINOR; | 248 | *(d++)=TLS1_VERSION_MINOR; |
| 250 | s->client_version=TLS1_VERSION; | 249 | s->client_version=TLS1_VERSION; |
| 251 | } | 250 | } |
| 252 | #ifdef OPENSSL_FIPS | ||
| 253 | else if(FIPS_mode()) | ||
| 254 | { | ||
| 255 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 256 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 257 | return -1; | ||
| 258 | } | ||
| 259 | #endif | ||
| 260 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 251 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 261 | { | 252 | { |
| 262 | *(d++)=SSL3_VERSION_MAJOR; | 253 | *(d++)=SSL3_VERSION_MAJOR; |
| @@ -305,9 +296,7 @@ static int ssl23_client_hello(SSL *s) | |||
| 305 | i=ch_len; | 296 | i=ch_len; |
| 306 | s2n(i,d); | 297 | s2n(i,d); |
| 307 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); | 298 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); |
| 308 | if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) | 299 | RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
| 309 | return -1; | ||
| 310 | |||
| 311 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 300 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
| 312 | p+=i; | 301 | p+=i; |
| 313 | 302 | ||
| @@ -437,14 +426,6 @@ static int ssl23_get_server_hello(SSL *s) | |||
| 437 | if ((p[2] == SSL3_VERSION_MINOR) && | 426 | if ((p[2] == SSL3_VERSION_MINOR) && |
| 438 | !(s->options & SSL_OP_NO_SSLv3)) | 427 | !(s->options & SSL_OP_NO_SSLv3)) |
| 439 | { | 428 | { |
| 440 | #ifdef OPENSSL_FIPS | ||
| 441 | if(FIPS_mode()) | ||
| 442 | { | ||
| 443 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 444 | SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | ||
| 445 | goto err; | ||
| 446 | } | ||
| 447 | #endif | ||
| 448 | s->version=SSL3_VERSION; | 429 | s->version=SSL3_VERSION; |
| 449 | s->method=SSLv3_client_method(); | 430 | s->method=SSLv3_client_method(); |
| 450 | } | 431 | } |