Cherry-pick OpenSSL changeset
5be1ae2:
====
Author: Dr. Stephen Henson <steve@openssl.org>
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.
Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
====
This is a direct commit to stable/8 and stable/9. -HEAD and stable/10
already have this fix as part of OpenSSL 1.0.1g.
Noticed by: koobs
Reviewed by: benl (maintainer)
git-svn-id: svn://svn.freebsd.org/base/stable/9@264624
ccf9f872-aa2e-dd11-9fc8-
001c23d0bc1f
projects / FreeBSD / stable / 9.git / commit