Skip to content
Commit f74fa33b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Return if ssleay_rand_add called with zero num.

Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
(cherry picked from commit 5be1ae28)
parent 731f4314
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment