Fix SSL handshake functions and SSL_clear() such that SSL_clear()

[openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 10de5ec3dbce88c50d1e42e8f087ee0b66e1d868..f849e2b32a5b68f0d0b00e6526676a873793e6fb 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -119,8 +119,8 @@ int ssl2_accept(SSL *s)
                cb=s->ctx->info_callback;
 
        /* init things to blank */
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
        s->in_handshake++;
+       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        if (s->cert == NULL)
                {
@@ -405,12 +405,13 @@ static int get_client_master_key(SSL *s)
        /* bad decrypt */
 #if 1
        /* If a bad decrypt, continue with protocol but with a
-        * dud master secret */
+        * random master secret (Bleichenbacher attack) */
        if ((i < 0) ||
                ((!is_export && (i != EVP_CIPHER_key_length(c)))
                || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
                        EVP_CIPHER_key_length(c))))))
                {
+               ERR_clear_error();
                if (is_export)
                        i=ek;
                else
@@ -909,7 +910,8 @@ static int request_certificate(SSL *s)
                EVP_MD_CTX ctx;
                EVP_PKEY *pkey=NULL;
 
-               EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+               EVP_MD_CTX_init(&ctx);
+               EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
                EVP_VerifyUpdate(&ctx,s->s2->key_material,
                        (unsigned int)s->s2->key_material_length);
                EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
@@ -930,7 +932,7 @@ static int request_certificate(SSL *s)
                if (pkey == NULL) goto end;
                i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
                EVP_PKEY_free(pkey);
-               memset(&ctx,0,sizeof(ctx));
+               EVP_MD_CTX_cleanup(&ctx);
 
                if (i) 
                        {