Date: Thu, 17 Apr 2014 20:09:42 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r264624 - in stable: 8/crypto/openssl/crypto/rand 9/crypto/openssl/crypto/rand Message-ID: <201404172009.s3HK9g4P024028@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Apr 17 20:09:41 2014 New Revision: 264624 URL: http://svnweb.freebsd.org/changeset/base/264624 Log: Cherry-pick OpenSSL changeset 5be1ae2: ==== Author: Dr. Stephen Henson <steve@openssl.org> Treat a zero length passed to ssleay_rand_add a no op: the existing logic zeroes the md value which is very bad. OpenSSL itself never does this internally and the actual call doesn't make sense as it would be passing zero bytes of entropy. Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug. ==== This is a direct commit to stable/8 and stable/9. -HEAD and stable/10 already have this fix as part of OpenSSL 1.0.1g. Noticed by: koobs Reviewed by: benl (maintainer) Modified: stable/8/crypto/openssl/crypto/rand/md_rand.c Changes in other areas also in this revision: Modified: stable/9/crypto/openssl/crypto/rand/md_rand.c Modified: stable/8/crypto/openssl/crypto/rand/md_rand.c ============================================================================== --- stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 19:37:12 2014 (r264623) +++ stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 20:09:41 2014 (r264624) @@ -199,6 +199,9 @@ static void ssleay_rand_add(const void * EVP_MD_CTX m; int do_not_lock; + if (!num) + return; + /* * (Based on the rand(3) manpage) *
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404172009.s3HK9g4P024028>