X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_clnt.c;h=5f547bb114ef455d9c203f8c14fd9f66a58b8c1e;hp=24c180c4d7294a961463fe5a49a3fbdf6d9b9b28;hb=ba168244a14bbd056e502d7daa04cae4aabe9d0d;hpb=226751ae4a1f3e00021c43399d7bb51a99c22c17

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 24c180c4d7..5f547bb114 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -688,7 +688,7 @@ int ssl3_client_hello(SSL *s)
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i;
-	unsigned long Time,l;
+	unsigned long l;
 #ifndef OPENSSL_NO_COMP
 	int j;
 	SSL_COMP *comp;
@@ -768,12 +768,8 @@ int ssl3_client_hello(SSL *s)
 			i = 1;
 
 		if (i)
-			{
-			Time=(unsigned long)time(NULL);	/* Time */
-			l2n(Time,p);
-			RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-					
-			}
+			ssl_fill_hello_random(s, 0, p,
+					      sizeof(s->s3->client_random));
 
 		/* Do the message type and length last */
 		d=p= ssl_handshake_start(s);
@@ -928,7 +924,7 @@ int ssl3_get_server_hello(SSL *s)
 	/* Hello verify request and/or server hello version may not
 	 * match so set first packet if we're negotiating version.
 	 */
-	if (s->method->version == DTLS_ANY_VERSION)
+	if (SSL_IS_DTLS(s))
 		s->first_packet = 1;
 
 	n=s->method->ssl_get_message(s,
@@ -1660,7 +1656,7 @@ int ssl3_get_key_exchange(SSL *s)
 		;
 #endif
 #ifndef OPENSSL_NO_DH
-	else if (alg_k & SSL_kEDH)
+	else if (alg_k & SSL_kDHE)
 		{
 		if ((dh=DH_new()) == NULL)
 			{
@@ -1738,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_ECDH
-	else if (alg_k & SSL_kEECDH)
+	else if (alg_k & SSL_kECDHE)
 		{
 		EC_GROUP *ngroup;
 		const EC_GROUP *group;
@@ -2585,7 +2581,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			}
 #endif
 #ifndef OPENSSL_NO_DH
-		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+		else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 			{
 			DH *dh_srvr,*dh_clnt;
 			SESS_CERT *scert = s->session->sess_cert;
@@ -2689,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_ECDH 
-		else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+		else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
 			{
 			const EC_GROUP *srvr_group = NULL;
 			EC_KEY *tkey;
@@ -3473,7 +3469,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		}
 #endif
 #ifndef OPENSSL_NO_DH
-	if ((alg_k & SSL_kEDH) && 
+	if ((alg_k & SSL_kDHE) && 
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -3510,7 +3506,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		else
 #endif
 #ifndef OPENSSL_NO_DH
-			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+			if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
 				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))