Improve clarity.

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 1a4a98bbd7ef05c4e79394dad1e3d71c39b6fe32..d6158dbc65e76c03e4e32dd5f3ac023d3ef75ca3 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -113,7 +113,7 @@ int ssl3_accept(SSL *s)
        int ret= -1;
        int new_state,state,skip=0;
 
-       RAND_seed(&Time,sizeof(Time));
+       RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
        clear_sys_error();
 
@@ -270,8 +270,8 @@ int ssl3_accept(SSL *s)
                            || (l & (SSL_DH|SSL_kFZA))
                            || ((l & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                                   || (SSL_IS_EXPORT(l)
-                                       && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+                                   || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+                                       && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
                                        )
                                    )
                                )
@@ -368,10 +368,10 @@ int ssl3_accept(SSL *s)
                         * a client cert, it can be verified */ 
                        s->method->ssl3_enc->cert_verify_mac(s,
                                &(s->s3->finish_dgst1),
-                               &(s->s3->tmp.finish_md[0]));
+                               &(s->s3->tmp.cert_verify_md[0]));
                        s->method->ssl3_enc->cert_verify_mac(s,
                                &(s->s3->finish_dgst2),
-                               &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+                               &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
 
                        break;
 
@@ -503,7 +503,7 @@ static int ssl3_send_hello_request(SSL *s)
        if (s->state == SSL3_ST_SW_HELLO_REQ_A)
                {
                p=(unsigned char *)s->init_buf->data;
-               *(p++)=SSL3_MT_CLIENT_REQUEST;
+               *(p++)=SSL3_MT_HELLO_REQUEST;
                *(p++)=0;
                *(p++)=0;
                *(p++)=0;
@@ -816,7 +816,7 @@ static int ssl3_send_server_hello(SSL *s)
                p=s->s3->server_random;
                Time=time(NULL);                        /* Time */
                l2n(Time,p);
-               RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
                /* Do the message type and length last */
                d=p= &(buf[4]);
 
@@ -900,6 +900,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
        int j,num;
        RSA *rsa;
        unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+       unsigned int u;
 #endif
 #ifndef NO_DH
        DH *dh,*dhp;
@@ -907,7 +908,6 @@ static int ssl3_send_server_key_exchange(SSL *s)
        EVP_PKEY *pkey;
        unsigned char *p,*d;
        int al,i;
-       unsigned int u;
        unsigned long type;
        int n;
        CERT *cert;
@@ -1292,7 +1292,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                                {
                                p[0]=(s->version>>8);
                                p[1]=(s->version & 0xff);
-                               RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+                               RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
                                i=SSL_MAX_MASTER_KEY_LENGTH;
                                }
                        /* else, an SSLeay bug, ssl only server, tls client */
@@ -1484,7 +1484,7 @@ static int ssl3_get_cert_verify(SSL *s)
 #ifndef NO_RSA 
        if (pkey->type == EVP_PKEY_RSA)
                {
-               i=RSA_verify(NID_md5_sha1, s->s3->tmp.finish_md,
+               i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
                        MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
                                                        pkey->pkey.rsa);
                if (i < 0)
@@ -1506,7 +1506,7 @@ static int ssl3_get_cert_verify(SSL *s)
                if (pkey->type == EVP_PKEY_DSA)
                {
                j=DSA_verify(pkey->save_type,
-                       &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+                       &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
                        SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
                if (j <= 0)
                        {