projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Harden SSLv2-supporting servers against Bleichenbacher's attack.
[openssl.git] / ssl / s3_clnt.c
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0e5acecabb0677b5c6fc1124652431a6ecde1158..30ca11afb322b26b5fedaf803b2770ef1042b4a7 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2729,7 +2729,10 @@ int ssl3_send_client_key_exchange(SSL *s)
 
             EVP_PKEY_encrypt_init(pkey_ctx);
             /* Generate session key */
-            RAND_bytes(premaster_secret, 32);
+            if(RAND_bytes(premaster_secret, 32) <= 0) {
+                EVP_PKEY_CTX_free(pkey_ctx);
+                goto err;
+            }
             /*
              * If we have client certificate, use its secret as peer key
              */
Unnamed repository; edit this file 'description' to name the repository.