From 679ce0ace6b1a07043bc3b405a34ddccad808886 Mon Sep 17 00:00:00 2001 From: Matt Mackall Date: Sat, 16 Jun 2007 10:16:11 -0700 Subject: [PATCH] random: fix output buffer folding (As reported by linux@horizon.com) Folding is done to minimize the theoretical possibility of systematic weakness in the particular bits of the SHA1 hash output. The result of this bug is that 16 out of 80 bits are un-folded. Without a major new vulnerability being found in SHA1, this is harmless, but still worth fixing. Signed-off-by: Matt Mackall Cc: Cc: Theodore Ts'o Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 0474cac4a84..7f5271272f9 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) buf[0] ^= buf[3]; buf[1] ^= buf[4]; - buf[0] ^= rol32(buf[3], 16); + buf[2] ^= rol32(buf[2], 16); memcpy(out, buf, EXTRACT_SIZE); memset(buf, 0, sizeof(buf)); } -- 2.41.1