PR: 1952

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

ECDH negotiation bug.

crypto/rand/randfile.c

@@ -177,8 +177,8 @@ int RAND_write_file(const char *file)
 	
 	i=stat(file,&sb);
 	if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
-	  if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+#if defined(S_ISBLK) && defined(S_ISCHR)
+	  if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
 	    /* this file is a device. we don't write back to it. 
 	     * we "succeed" on the assumption this is some sort 
 	     * of random device. Otherwise attempting to write to 

ssl/s3_srvr.c

@@ -2388,6 +2388,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 		EC_POINT_free(clnt_ecpoint);
 		EC_KEY_free(srvr_ecdh);
 		BN_CTX_free(bn_ctx);
+		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL; 
 
 		/* Compute the master secret */
 		s->session->master_key_length = s->method->ssl3_enc-> \