提交 679ce0ac 编写于 作者: M Matt Mackall 提交者: Linus Torvalds

random: fix output buffer folding

(As reported by linux@horizon.com)

Folding is done to minimize the theoretical possibility of systematic
weakness in the particular bits of the SHA1 hash output.  The result of
this bug is that 16 out of 80 bits are un-folded.  Without a major new
vulnerability being found in SHA1, this is harmless, but still worth
fixing.
Signed-off-by: NMatt Mackall <mpm@selenic.com>
Cc: <linux@horizon.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 39a27902
...@@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) ...@@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
buf[0] ^= buf[3]; buf[0] ^= buf[3];
buf[1] ^= buf[4]; buf[1] ^= buf[4];
buf[0] ^= rol32(buf[3], 16); buf[2] ^= rol32(buf[2], 16);
memcpy(out, buf, EXTRACT_SIZE); memcpy(out, buf, EXTRACT_SIZE);
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册