Create a RECORD_LAYER structure and move read_ahead into it.

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 81381efa78e9dce48f63e5e4e87ea11a118fccb0..6da125897d35d97db970cf486b188c2fa6e209f6 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1380,22 +1380,16 @@ int ssl3_get_key_exchange(SSL *s)
     param = p = (unsigned char *)s->init_msg;
     if (s->session->sess_cert != NULL) {
 #ifndef OPENSSL_NO_RSA
-        if (s->session->sess_cert->peer_rsa_tmp != NULL) {
-            RSA_free(s->session->sess_cert->peer_rsa_tmp);
-            s->session->sess_cert->peer_rsa_tmp = NULL;
-        }
+        RSA_free(s->session->sess_cert->peer_rsa_tmp);
+        s->session->sess_cert->peer_rsa_tmp = NULL;
 #endif
 #ifndef OPENSSL_NO_DH
-        if (s->session->sess_cert->peer_dh_tmp) {
-            DH_free(s->session->sess_cert->peer_dh_tmp);
-            s->session->sess_cert->peer_dh_tmp = NULL;
-        }
+        DH_free(s->session->sess_cert->peer_dh_tmp);
+        s->session->sess_cert->peer_dh_tmp = NULL;
 #endif
 #ifndef OPENSSL_NO_EC
-        if (s->session->sess_cert->peer_ecdh_tmp) {
-            EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-            s->session->sess_cert->peer_ecdh_tmp = NULL;
-        }
+        EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+        s->session->sess_cert->peer_ecdh_tmp = NULL;
 #endif
     } else {
         s->session->sess_cert = ssl_sess_cert_new();
@@ -1722,11 +1716,6 @@ int ssl3_get_key_exchange(SSL *s)
 
         s->session->sess_cert->peer_dh_tmp = dh;
         dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
     }
 #endif                          /* !OPENSSL_NO_DH */
 
@@ -1960,18 +1949,15 @@ int ssl3_get_key_exchange(SSL *s)
  err:
     EVP_PKEY_free(pkey);
 #ifndef OPENSSL_NO_RSA
-    if (rsa != NULL)
-        RSA_free(rsa);
+    RSA_free(rsa);
 #endif
 #ifndef OPENSSL_NO_DH
-    if (dh != NULL)
-        DH_free(dh);
+    DH_free(dh);
 #endif
 #ifndef OPENSSL_NO_EC
     BN_CTX_free(bn_ctx);
     EC_POINT_free(srvr_ecpoint);
-    if (ecdh != NULL)
-        EC_KEY_free(ecdh);
+    EC_KEY_free(ecdh);
 #endif
     EVP_MD_CTX_cleanup(&md_ctx);
     return (-1);
@@ -2771,8 +2757,7 @@ int ssl3_send_client_key_exchange(SSL *s)
             BN_CTX_free(bn_ctx);
             if (encodedPoint != NULL)
                 OPENSSL_free(encodedPoint);
-            if (clnt_ecdh != NULL)
-                EC_KEY_free(clnt_ecdh);
+            EC_KEY_free(clnt_ecdh);
             EVP_PKEY_free(srvr_pub_pkey);
         }
 #endif                          /* !OPENSSL_NO_EC */
@@ -2821,7 +2806,12 @@ int ssl3_send_client_key_exchange(SSL *s)
 
             EVP_PKEY_encrypt_init(pkey_ctx);
             /* Generate session key */
-            RAND_bytes(pms, pmslen);
+            if (RAND_bytes(pms, pmslen) <= 0) {
+                EVP_PKEY_CTX_free(pkey_ctx);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            };
             /*
              * If we have client certificate, use its secret as peer key
              */
@@ -3075,8 +3065,7 @@ int ssl3_send_client_key_exchange(SSL *s)
     BN_CTX_free(bn_ctx);
     if (encodedPoint != NULL)
         OPENSSL_free(encodedPoint);
-    if (clnt_ecdh != NULL)
-        EC_KEY_free(clnt_ecdh);
+    EC_KEY_free(clnt_ecdh);
     EVP_PKEY_free(srvr_pub_pkey);
 #endif
     return (-1);