diff options
| author |   Matt Mackall <mpm@selenic.com> | 2007-06-16 10:16:11 -0700 |
|---|---|---|
| committer |   Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-06-16 13:16:16 -0700 |
| commit | 679ce0ace6b1a07043bc3b405a34ddccad808886 (patch) | |
| tree | af185e76fdcae99d9450a3fef7b8c8005eae1cc4 /drivers/char | |
| parent | uml: kill x86_64 STACK_TOP_MAX (diff) | |
| download | linux-dev-679ce0ace6b1a07043bc3b405a34ddccad808886.tar.xz linux-dev-679ce0ace6b1a07043bc3b405a34ddccad808886.zip | |
random: fix output buffer folding
(As reported by linux@horizon.com)
Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output. The result of
this bug is that 16 out of 80 bits are un-folded. Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.
Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/char')
| -rw-r--r-- | drivers/char/random.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c index 0474cac4a84e..7f5271272f91 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) buf[0] ^= buf[3]; buf[1] ^= buf[4]; - buf[0] ^= rol32(buf[3], 16); + buf[2] ^= rol32(buf[2], 16); memcpy(out, buf, EXTRACT_SIZE); memset(buf, 0, sizeof(buf)); } |