projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96db902) | patch
Return if ssleay_rand_add called with zero num.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 6 Apr 2014 22:11:20 +0000 (23:11 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 7 Apr 2014 16:53:31 +0000 (17:53 +0100)
commit5be1ae28ef3c4bdec95b94f14e0e939157be550a
tree728dcb268498d393440a84aad3fd4613ffb08469tree | snapshot
parent96db9023b881d7cd9f379b0c154650d6c108e9a3commit | diff
Return if ssleay_rand_add called with zero num.

Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
crypto/rand/md_rand.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.