Don't set client_version to the ServerHello version.

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 86c06e2ba83929e97004bf8a1f69933134a2a9af..f0291b115f4a8dcc9042b8e77a5334a4a83e29c7 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -828,6 +828,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
                }
        return rv;
        }
+#ifndef OPENSSL_NO_ECDH
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
        {
@@ -894,6 +895,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
        return tls1_check_ec_key(s, curve_id, NULL);
 #endif
        }
+#endif /* OPENSSL_NO_ECDH */
 
 #else
 
@@ -3599,10 +3601,8 @@ static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
 const EVP_MD *tls12_get_hash(unsigned char hash_alg)
        {
        const tls12_hash_info *inf;
-#ifndef OPENSSL_FIPS
        if (hash_alg == TLSEXT_hash_md5 && FIPS_mode())
                return NULL;
-#endif
        inf = tls12_get_hash_info(hash_alg);
        if (!inf || !inf->mfunc)
                return NULL; 
@@ -4005,6 +4005,11 @@ tls1_process_heartbeat(SSL *s)
                 * payload, plus padding
                 */
                buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               if (buffer == NULL)
+                       {
+                       SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+                       return -1;
+                       }
                bp = buffer;
                
                /* Enter response type, length and copy payload */
@@ -4091,6 +4096,11 @@ tls1_heartbeat(SSL *s)
         *  - Padding
         */
        buf = OPENSSL_malloc(1 + 2 + payload + padding);
+       if (buf == NULL)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+               return -1;
+               }
        p = buf;
        /* Message Type */
        *p++ = TLS1_HB_REQUEST;