← Back to branch summary

~ubuntu-branches/ubuntu/maverick/openssl/maverick

« back to all changes in this revision

Viewing changes to ssl/s3_srvr.c

  • Committer: Bazaar Package Importer
  • Author(s): Christoph Martin
  • Date: 2004-12-16 18:41:29 UTC
  • mto: (11.1.1 lenny)
  • mto: This revision was merged to the branch mainline in revision 3.
  • Revision ID: james.westby@ubuntu.com-20041216184129-z7xjkul57mh1jiha
Tags: upstream-0.9.7e
ImportĀ upstreamĀ versionĀ 0.9.7e

Show diffs side-by-side

added added

removed removed

Lines of Context:
ssl/s3_srvr.c
125
125
#include <openssl/krb5_asn.h>
126
126
#endif
127
127
#include <openssl/md5.h>
 
128
#include <openssl/fips.h>
128
129
 
129
130
static SSL_METHOD *ssl3_get_server_method(int ver);
130
131
static int ssl3_get_client_hello(SSL *s);
955
956
                p=s->s3->server_random;
956
957
                Time=time(NULL);                        /* Time */
957
958
                l2n(Time,p);
958
 
                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 
959
                if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0)
 
960
                        return -1;
959
961
                /* Do the message type and length last */
960
962
                d=p= &(buf[4]);
961
963
 
1216
1218
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1217
1219
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1218
1220
                                        EVP_DigestUpdate(&md_ctx,&(d[4]),n);
 
1221
#ifdef OPENSSL_FIPS
 
1222
                                        if(s->version == TLS1_VERSION && num == 2)
 
1223
                                                FIPS_allow_md5(1);
 
1224
#endif
1219
1225
                                        EVP_DigestFinal_ex(&md_ctx,q,
1220
1226
                                                (unsigned int *)&i);
 
1227
#ifdef OPENSSL_FIPS
 
1228
                                        if(s->version == TLS1_VERSION && num == 2)
 
1229
                                                FIPS_allow_md5(0);
 
1230
#endif
1221
1231
                                        q+=i;
1222
1232
                                        j+=i;
1223
1233
                                        }
1491
1501
                        i = SSL_MAX_MASTER_KEY_LENGTH;
1492
1502
                        p[0] = s->client_version >> 8;
1493
1503
                        p[1] = s->client_version & 0xff;
1494
 
                        RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
 
1504
                        if(RAND_pseudo_bytes(p+2, i-2) <= 0)  /* should be RAND_bytes, but we cannot work around a failure */
 
1505
                                goto err;
1495
1506
                        }
1496
1507
        
1497
1508
                s->session->master_key_length=