svn commit: r264624 - in stable: 8/crypto/openssl/crypto/rand 9/crypto/openssl/crypto/rand
Xin LI
delphij at FreeBSD.org
Thu Apr 17 20:09:42 UTC 2014
Author: delphij
Date: Thu Apr 17 20:09:41 2014
New Revision: 264624
URL: http://svnweb.freebsd.org/changeset/base/264624
Log:
Cherry-pick OpenSSL changeset 5be1ae2:
====
Author: Dr. Stephen Henson <steve at openssl.org>
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.
Thanks to Marcus Meissner <meissner at suse.de> for reporting this bug.
====
This is a direct commit to stable/8 and stable/9. -HEAD and stable/10
already have this fix as part of OpenSSL 1.0.1g.
Noticed by: koobs
Reviewed by: benl (maintainer)
Modified:
stable/8/crypto/openssl/crypto/rand/md_rand.c
Changes in other areas also in this revision:
Modified:
stable/9/crypto/openssl/crypto/rand/md_rand.c
Modified: stable/8/crypto/openssl/crypto/rand/md_rand.c
==============================================================================
--- stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 19:37:12 2014 (r264623)
+++ stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 20:09:41 2014 (r264624)
@@ -199,6 +199,9 @@ static void ssleay_rand_add(const void *
EVP_MD_CTX m;
int do_not_lock;
+ if (!num)
+ return;
+
/*
* (Based on the rand(3) manpage)
*
More information about the svn-src-all
mailing list