aboutsummaryrefslogtreecommitdiff
path: root/sys/dev/random
diff options
context:
space:
mode:
authorMark Murray <markm@FreeBSD.org>2001-03-28 06:27:42 +0000
committerMark Murray <markm@FreeBSD.org>2001-03-28 06:27:42 +0000
commitd2de224265fcf2acd9e572fddeae27268a62f4e0 (patch)
tree33809e9c217d4a33b44584af407c317f51622295 /sys/dev/random
parent0d5b5df5cb1644d2b0ab75c5982c3bf00ce1d7e2 (diff)
downloadsrc-d2de224265fcf2acd9e572fddeae27268a62f4e0.tar.gz
src-d2de224265fcf2acd9e572fddeae27268a62f4e0.zip
Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result. Hard work done by: jhb
Notes
Notes: svn path=/head/; revision=74908
Diffstat (limited to 'sys/dev/random')
-rw-r--r--sys/dev/random/yarrow.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
index 542bece74af7..4e3f1743b83e 100644
--- a/sys/dev/random/yarrow.c
+++ b/sys/dev/random/yarrow.c
@@ -255,9 +255,9 @@ reseed(u_int fastslow)
u_int
read_random_real(void *buf, u_int count)
{
- static u_int64_t genval;
static int cur = 0;
static int gate = 1;
+ static u_char genval[KEYSIZE];
u_int i;
u_int retval;
@@ -274,8 +274,8 @@ read_random_real(void *buf, u_int count)
for (i = 0; i < count; i += sizeof(random_state.counter)) {
random_state.counter[0]++;
yarrow_encrypt(&random_state.key, random_state.counter,
- &genval);
- memcpy((char *)buf + i, &genval,
+ genval);
+ memcpy((char *)buf + i, genval,
sizeof(random_state.counter));
if (++random_state.outputblocks >=
random_state.gengateinterval) {
@@ -289,8 +289,8 @@ read_random_real(void *buf, u_int count)
if (!cur) {
random_state.counter[0]++;
yarrow_encrypt(&random_state.key, random_state.counter,
- &genval);
- memcpy(buf, &genval, count);
+ genval);
+ memcpy(buf, genval, count);
cur = sizeof(random_state.counter) - count;
if (++random_state.outputblocks >=
random_state.gengateinterval) {
@@ -301,9 +301,7 @@ read_random_real(void *buf, u_int count)
}
else {
retval = cur < count ? cur : count;
- memcpy(buf,
- (char *)&genval +
- (sizeof(random_state.counter) - cur),
+ memcpy(buf, &genval[sizeof(random_state.counter) - cur],
retval);
cur -= retval;
}