Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled

[openssl.git] / ssl / s2_clnt.c

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index da88460259fb20d9d2c11bc62132cf9d3a7873f0..33ea7592c489b72847a91241550c69fdb11f70e3 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -584,7 +584,7 @@ static int client_hello(SSL *s)
                s2n(SSL2_VERSION,p);                    /* version */
                n=j=0;
 
-               n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
+               n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
                d+=n;
 
                if (n == 0)
@@ -612,7 +612,8 @@ static int client_hello(SSL *s)
                s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
                s2n(SSL2_CHALLENGE_LENGTH,p);           /* challenge length */
                /*challenge id data*/
-               RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+               if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
+                       return -1;
                memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
                d+=SSL2_CHALLENGE_LENGTH;
 
@@ -660,7 +661,9 @@ static int client_master_key(SSL *s)
                        SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
                        return -1;
                        }
-               if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+               if (i > 0)
+                       if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
+                               return -1;
 
                /* make a master key */
                i=EVP_CIPHER_key_length(c);
@@ -1034,7 +1037,7 @@ static int get_server_finished(SSL *s)
        }
 
 /* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
        {
        STACK_OF(X509) *sk=NULL;
        EVP_PKEY *pkey=NULL;