Skip to content

Commit

Permalink
random: fix output buffer folding
Browse files Browse the repository at this point in the history 
(As reported by linux@horizon.com)

Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output.  The result of
this bug is that 16 out of 80 bits are un-folded.  Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Matt Mackall authored and Linus Torvalds committed Jun 16, 2007
1 parent 39a2790 commit 679ce0a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/char/random.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)

buf[0] ^= buf[3];
buf[1] ^= buf[4];
buf[0] ^= rol32(buf[3], 16);
buf[2] ^= rol32(buf[2], 16);
memcpy(out, buf, EXTRACT_SIZE);
memset(buf, 0, sizeof(buf));
}
Expand Down

0 comments on commit 679ce0a

Please sign in to comment.