This commit was manufactured by cvs2svn to create branch

[oweals/openssl.git] / ssl / s23_srvr.c

diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 442c95aa9b545a08d6769269b7a73375865b8680..92f3391f601e1f0dc578c0cccbd5fc79c62af558 100644 (file)
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -407,6 +407,15 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (s->version < TLS1_VERSION))
+               {
+               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               goto err;
+               }
+#endif
+
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -512,7 +521,7 @@ int ssl23_get_client_hello(SSL *s)
 
                if (s->s3 != NULL) ssl3_free(s);
 
-               if (!BUF_MEM_grow(s->init_buf,
+               if (!BUF_MEM_grow_clean(s->init_buf,
                        SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
                        {
                        goto err;