mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Return if ssleay_rand_add called with zero num.

Browse Source 
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
This commit is contained in:
Dr. Stephen Henson 2014-04-06 23:11:20 +01:00
parent 96db9023b8
commit 5be1ae28ef
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/rand/md_rand.c
View File

@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
EVP_MD_CTX m;
int do_not_lock;
if (!num)
return;
/*
* (Based on the rand(3) manpage)
*