Hi!
When RAND_cleanup() (actually md_rand.c:ssleay_rand_cleanup() is called,
all entropy data is reset, but "initialized" is not reset).
This may lead to a floating point exception in md_rand.c:481
state_index %= state_num;
because state_num can be 0.
Fix: reset initialized to 0 in ssleay_rand_cleanup().
Impact: probably small, since RAND_bytes() is probably called directly
after RAND_cleanup() only under test conditions.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
--- md_rand.c.095a Sat Apr 1 13:09:08 2000
+++ md_rand.c Tue Aug 8 15:21:41 2000
@@ -234,6 +234,7 @@
md_count[0]=0;
md_count[1]=0;
entropy=0;
+ initialized=0;
}
static void ssleay_rand_add(const void *buf, int num, double add)
