|
 |
8362713 |
Stephan Mueller reported to me recently a error in random number generation in
|
|
|
8362713 |
the ansi cprng. If several small requests are made that are less than the
|
|
|
8362713 |
instances block size, the remainder for loop code doesn't increment
|
|
|
8362713 |
rand_data_valid in the last iteration, meaning that the last bytes in the
|
|
|
8362713 |
rand_data buffer gets reused on the subsequent smaller-than-a-block request for
|
|
|
8362713 |
random data.
|
|
|
8362713 |
|
|
|
8362713 |
The fix is pretty easy, just re-code the for loop to make sure that
|
|
|
8362713 |
rand_data_valid gets incremented appropriately
|
|
|
8362713 |
|
|
|
8362713 |
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
|
|
8362713 |
Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
|
|
|
8362713 |
CC: Stephan Mueller <stephan.mueller@atsec.com>
|
|
|
8362713 |
CC: Petr Matousek <pmatouse@redhat.com>
|
|
|
8362713 |
CC: Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
8362713 |
CC: "David S. Miller" <davem@davemloft.net>
|
|
|
8362713 |
---
|
|
|
8362713 |
crypto/ansi_cprng.c | 4 ++--
|
|
|
8362713 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
8362713 |
|
|
|
8362713 |
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
|
|
|
8362713 |
index c0bb377..666f196 100644
|
|
|
8362713 |
--- a/crypto/ansi_cprng.c
|
|
|
8362713 |
+++ b/crypto/ansi_cprng.c
|
|
|
8362713 |
@@ -230,11 +230,11 @@ remainder:
|
|
|
8362713 |
*/
|
|
|
8362713 |
if (byte_count < DEFAULT_BLK_SZ) {
|
|
|
8362713 |
empty_rbuf:
|
|
|
8362713 |
- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
|
|
|
8362713 |
- ctx->rand_data_valid++) {
|
|
|
8362713 |
+ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
|
|
|
8362713 |
*ptr = ctx->rand_data[ctx->rand_data_valid];
|
|
|
8362713 |
ptr++;
|
|
|
8362713 |
byte_count--;
|
|
|
8362713 |
+ ctx->rand_data_valid++;
|
|
|
8362713 |
if (byte_count == 0)
|
|
|
8362713 |
goto done;
|
|
|
8362713 |
}
|
|
|
8362713 |
--
|
|
|
8362713 |
1.8.3.1
|