Don't set client_version to the ServerHello version.

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 7765de176f29c96471aebce3b154ff7a8179cd6c..66f52801794e968dcddf5c272a7ea2a7dda22809 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -616,6 +616,11 @@ int ssl3_digest_cached_records(SSL *s)
        /* Allocate handshake_dgst array */
        ssl3_free_digest_list(s);
        s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+       if (s->s3->handshake_dgst == NULL)
+               {
+               SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
        memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
        if (hdatalen <= 0)
@@ -630,13 +635,11 @@ int ssl3_digest_cached_records(SSL *s)
                if ((mask & ssl_get_algorithm2(s)) && md) 
                        {
                        s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-#ifdef OPENSSL_FIPS
                        if (EVP_MD_nid(md) == NID_md5)
                                {
                                EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
                                                EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                }
-#endif
                        EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
                        EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
                        }