use SSL_kECDHE throughout instead of SSL_kEECDH

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 87d738cdf9e2dfcf2a3a825dd5a968c899805b38..0054e7f25d57d00cba53f2ca50f679891fc8fe4e 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -688,7 +688,7 @@ int ssl3_client_hello(SSL *s)
        unsigned char *buf;
        unsigned char *p,*d;
        int i;
-       unsigned long Time,l;
+       unsigned long l;
 #ifndef OPENSSL_NO_COMP
        int j;
        SSL_COMP *comp;
@@ -768,12 +768,8 @@ int ssl3_client_hello(SSL *s)
                        i = 1;
 
                if (i)
-                       {
-                       Time=(unsigned long)time(NULL); /* Time */
-                       l2n(Time,p);
-                       RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-                                       
-                       }
+                       ssl_fill_hello_random(s, 0, p,
+                                             sizeof(s->s3->client_random));
 
                /* Do the message type and length last */
                d=p= ssl_handshake_start(s);
@@ -928,7 +924,7 @@ int ssl3_get_server_hello(SSL *s)
        /* Hello verify request and/or server hello version may not
         * match so set first packet if we're negotiating version.
         */
-       if (s->method->version == DTLS_ANY_VERSION)
+       if (SSL_IS_DTLS(s))
                s->first_packet = 1;
 
        n=s->method->ssl_get_message(s,
@@ -1073,6 +1069,11 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
                goto f_err;
                }
+       /* Set version disabled mask now we know version */
+       if (!SSL_USE_TLS1_2_CIPHERS(s))
+               ct->mask_ssl = SSL_TLSV1_2;
+       else
+               ct->mask_ssl = 0;
        /* If it is a disabled cipher we didn't send it in client hello,
         * so return an error.
         */
@@ -1733,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_ECDH
-       else if (alg_k & SSL_kEECDH)
+       else if (alg_k & SSL_kECDHE)
                {
                EC_GROUP *ngroup;
                const EC_GROUP *group;
@@ -2684,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_ECDH 
-               else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+               else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
                        {
                        const EC_GROUP *srvr_group = NULL;
                        EC_KEY *tkey;
@@ -3564,9 +3565,11 @@ int ssl3_check_finished(SSL *s)
        {
        int ok;
        long n;
-/*     Read the message to see if it is supplemental data, regardless if there is a session ticket
-       this function is called when we really expect a Certificate
-       message, so permit appropriate message length */
+
+       /* Read the message to see if it is supplemental data,
+        * regardless if there is a session ticket this function is
+        * called when we really expect a Certificate message, so
+        * permit appropriate message length */
        n=s->method->ssl_get_message(s,
                SSL3_ST_CR_CERT_A,
                SSL3_ST_CR_CERT_B,
@@ -3577,9 +3580,7 @@ int ssl3_check_finished(SSL *s)
        s->s3->tmp.reuse_message = 1;
 
        if (s->s3->tmp.message_type == SSL3_MT_SUPPLEMENTAL_DATA)
-               {
                return 3;
-               }
        /* If we have no ticket it cannot be a resumed session. */
        if (!s->session->tlsext_tick)
                return 1;
@@ -3727,7 +3728,7 @@ int tls1_get_server_supplemental_data(SSL *s)
                goto f_err;
                }
        n2l3(p, supp_data_len);
-       while (p<d+supp_data_len)
+       while (p < d+supp_data_len)
                {
                n2s(p, supp_data_entry_type);
                n2s(p, supp_data_entry_len);
@@ -3744,7 +3745,7 @@ int tls1_get_server_supplemental_data(SSL *s)
                                        }
                                }
                        }
-               p+=supp_data_entry_len;
+               p += supp_data_entry_len;
                }
        return 1;
 f_err: