From owner-svn-src-stable@FreeBSD.ORG Thu Apr 17 20:09:42 2014 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CF3BEFB7; Thu, 17 Apr 2014 20:09:42 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC4561CA9; Thu, 17 Apr 2014 20:09:42 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3HK9gYS024029; Thu, 17 Apr 2014 20:09:42 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3HK9g4P024028; Thu, 17 Apr 2014 20:09:42 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201404172009.s3HK9g4P024028@svn.freebsd.org> From: Xin LI Date: Thu, 17 Apr 2014 20:09:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r264624 - in stable: 8/crypto/openssl/crypto/rand 9/crypto/openssl/crypto/rand X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2014 20:09:42 -0000 Author: delphij Date: Thu Apr 17 20:09:41 2014 New Revision: 264624 URL: http://svnweb.freebsd.org/changeset/base/264624 Log: Cherry-pick OpenSSL changeset 5be1ae2: ==== Author: Dr. Stephen Henson Treat a zero length passed to ssleay_rand_add a no op: the existing logic zeroes the md value which is very bad. OpenSSL itself never does this internally and the actual call doesn't make sense as it would be passing zero bytes of entropy. Thanks to Marcus Meissner for reporting this bug. ==== This is a direct commit to stable/8 and stable/9. -HEAD and stable/10 already have this fix as part of OpenSSL 1.0.1g. Noticed by: koobs Reviewed by: benl (maintainer) Modified: stable/8/crypto/openssl/crypto/rand/md_rand.c Changes in other areas also in this revision: Modified: stable/9/crypto/openssl/crypto/rand/md_rand.c Modified: stable/8/crypto/openssl/crypto/rand/md_rand.c ============================================================================== --- stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 19:37:12 2014 (r264623) +++ stable/8/crypto/openssl/crypto/rand/md_rand.c Thu Apr 17 20:09:41 2014 (r264624) @@ -199,6 +199,9 @@ static void ssleay_rand_add(const void * EVP_MD_CTX m; int do_not_lock; + if (!num) + return; + /* * (Based on the rand(3) manpage) *