forked from rpms/kernel
		
	
		
			
				
	
	
		
			41 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Stephan Mueller reported to me recently a error in random number generation in
 | |
| the ansi cprng. If several small requests are made that are less than the
 | |
| instances block size, the remainder for loop code doesn't increment
 | |
| rand_data_valid in the last iteration, meaning that the last bytes in the
 | |
| rand_data buffer gets reused on the subsequent smaller-than-a-block request for
 | |
| random data.
 | |
| 
 | |
| The fix is pretty easy, just re-code the for loop to make sure that
 | |
| rand_data_valid gets incremented appropriately
 | |
| 
 | |
| Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
 | |
| Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
 | |
| CC: Stephan Mueller <stephan.mueller@atsec.com>
 | |
| CC: Petr Matousek <pmatouse@redhat.com>
 | |
| CC: Herbert Xu <herbert@gondor.apana.org.au>
 | |
| CC: "David S. Miller" <davem@davemloft.net>
 | |
| ---
 | |
|  crypto/ansi_cprng.c | 4 ++--
 | |
|  1 file changed, 2 insertions(+), 2 deletions(-)
 | |
| 
 | |
| diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
 | |
| index c0bb377..666f196 100644
 | |
| --- a/crypto/ansi_cprng.c
 | |
| +++ b/crypto/ansi_cprng.c
 | |
| @@ -230,11 +230,11 @@ remainder:
 | |
|  	 */
 | |
|  	if (byte_count < DEFAULT_BLK_SZ) {
 | |
|  empty_rbuf:
 | |
| -		for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
 | |
| -			ctx->rand_data_valid++) {
 | |
| +		while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
 | |
|  			*ptr = ctx->rand_data[ctx->rand_data_valid];
 | |
|  			ptr++;
 | |
|  			byte_count--;
 | |
| +			ctx->rand_data_valid++;
 | |
|  			if (byte_count == 0)
 | |
|  				goto done;
 | |
|  		}
 | |
| -- 
 | |
| 1.8.3.1
 |