From 21b25ed4b83334b0296aa5b33a250f1f7488de4c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 13 Jun 2009 20:46:30 +0000
Subject: [PATCH] PR: 1952 Submitted by: Robin Seggelmann
 <seggelmann@fh-muenster.de> Reviewed by: steve@openssl.org

ECDH negotiation bug.
---
 crypto/rand/randfile.c | 4 ++--
 ssl/s3_srvr.c          | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 4723feecaf..7dc4ceae8e 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -177,8 +177,8 @@ int RAND_write_file(const char *file)
 	
 	i=stat(file,&sb);
 	if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
-	  if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+#if defined(S_ISBLK) && defined(S_ISCHR)
+	  if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
 	    /* this file is a device. we don't write back to it. 
 	     * we "succeed" on the assumption this is some sort 
 	     * of random device. Otherwise attempting to write to 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ffa031f61e..44065d7e89 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2388,6 +2388,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 		EC_POINT_free(clnt_ecpoint);
 		EC_KEY_free(srvr_ecdh);
 		BN_CTX_free(bn_ctx);
+		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL; 
 
 		/* Compute the master secret */
 		s->session->master_key_length = s->method->ssl3_enc-> \
-- 
2.34.1