Initial import of OpenSSL 0.9.6b

author: kris <kris@FreeBSD.org> 2001-07-19 19:59:37 +0000
committer: kris <kris@FreeBSD.org> 2001-07-19 19:59:37 +0000
commit: 3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6 (patch)
tree: 97ecedd5f90991a7abe96b7ca0cb51fa579341b5 /crypto/openssl/ssl/s2_srvr.c
parent: 12896e829e9474d92c70a1528cc64270e9dc08ad (diff)
download: FreeBSD-src-3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6.zip
FreeBSD-src-3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 1ed0254..2fa2f31 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -405,12 +405,13 @@ static int get_client_master_key(SSL *s)
 	/* bad decrypt */
 #if 1
 	/* If a bad decrypt, continue with protocol but with a
-	 * dud master secret */
+	 * random master secret (Bleichenbacher attack) */
 	if ((i < 0) ||
 		((!is_export && (i != EVP_CIPHER_key_length(c)))
 		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
 			EVP_CIPHER_key_length(c))))))
 		{
+		ERR_clear_error();
 		if (is_export)
 			i=ek;
 		else
author	kris <kris@FreeBSD.org>	2001-07-19 19:59:37 +0000
committer	kris <kris@FreeBSD.org>	2001-07-19 19:59:37 +0000
commit	3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6 (patch)
tree	97ecedd5f90991a7abe96b7ca0cb51fa579341b5 /crypto/openssl/ssl/s2_srvr.c
parent	12896e829e9474d92c70a1528cc64270e9dc08ad (diff)
download	FreeBSD-src-3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6.zip FreeBSD-src-3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6.tar.gz