Fix Bleichenbacher PKCS #1 1.5 countermeasure.

[oweals/openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 1ed02540aec4d7bdc6521c501801370fbf6a8bd3..2fa2f310a8eded974e762d1d00222a10b96df485 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -405,12 +405,13 @@ static int get_client_master_key(SSL *s)
        /* bad decrypt */
 #if 1
        /* If a bad decrypt, continue with protocol but with a
-        * dud master secret */
+        * random master secret (Bleichenbacher attack) */
        if ((i < 0) ||
                ((!is_export && (i != EVP_CIPHER_key_length(c)))
                || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
                        EVP_CIPHER_key_length(c))))))
                {
+               ERR_clear_error();
                if (is_export)
                        i=ek;
                else