random: fix output buffer folding

(As reported by linux@horizon.com) Folding is done to minimize the theoretical possibility of systematic weakness in the particular bits of the SHA1 hash output. The result of this bug is that 16 out of 80 bits are un-folded. Without a major new vulnerability being found in SHA1, this is harmless, but still worth fixing. Signed-off-by: Matt Mackall <mpm@selenic.com> Cc: <linux@horizon.com> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Matt Mackall <mpm@selenic.com> 2007-06-16 17:16:11 (GMT)
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-06-16 20:16:16 (GMT)
commit: 679ce0ace6b1a07043bc3b405a34ddccad808886 (patch)
tree: af185e76fdcae99d9450a3fef7b8c8005eae1cc4 /drivers
parent: 39a279026609c205d331ec39fea11b2fd470a054 (diff)
download: linux-fsl-qoriq-679ce0ace6b1a07043bc3b405a34ddccad808886.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 0474cac..7f52712 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -794,7 +794,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
 
 	buf[0] ^= buf[3];
 	buf[1] ^= buf[4];
-	buf[0] ^= rol32(buf[3], 16);
+	buf[2] ^= rol32(buf[2], 16);
 	memcpy(out, buf, EXTRACT_SIZE);
 	memset(buf, 0, sizeof(buf));
 }
author	Matt Mackall <mpm@selenic.com>	2007-06-16 17:16:11 (GMT)
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-06-16 20:16:16 (GMT)
commit	679ce0ace6b1a07043bc3b405a34ddccad808886 (patch)
tree	af185e76fdcae99d9450a3fef7b8c8005eae1cc4 /drivers
parent	39a279026609c205d331ec39fea11b2fd470a054 (diff)
download	linux-fsl-qoriq-679ce0ace6b1a07043bc3b405a34ddccad808886.tar.xz