diff options
author | Mark Murray <markm@FreeBSD.org> | 2001-03-28 06:27:42 +0000 |
---|---|---|
committer | Mark Murray <markm@FreeBSD.org> | 2001-03-28 06:27:42 +0000 |
commit | d2de224265fcf2acd9e572fddeae27268a62f4e0 (patch) | |
tree | 33809e9c217d4a33b44584af407c317f51622295 /sys/dev/random | |
parent | 0d5b5df5cb1644d2b0ab75c5982c3bf00ce1d7e2 (diff) | |
download | src-d2de224265fcf2acd9e572fddeae27268a62f4e0.tar.gz src-d2de224265fcf2acd9e572fddeae27268a62f4e0.zip |
Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result.
Hard work done by: jhb
Notes
Notes:
svn path=/head/; revision=74908
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/yarrow.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c index 542bece74af7..4e3f1743b83e 100644 --- a/sys/dev/random/yarrow.c +++ b/sys/dev/random/yarrow.c @@ -255,9 +255,9 @@ reseed(u_int fastslow) u_int read_random_real(void *buf, u_int count) { - static u_int64_t genval; static int cur = 0; static int gate = 1; + static u_char genval[KEYSIZE]; u_int i; u_int retval; @@ -274,8 +274,8 @@ read_random_real(void *buf, u_int count) for (i = 0; i < count; i += sizeof(random_state.counter)) { random_state.counter[0]++; yarrow_encrypt(&random_state.key, random_state.counter, - &genval); - memcpy((char *)buf + i, &genval, + genval); + memcpy((char *)buf + i, genval, sizeof(random_state.counter)); if (++random_state.outputblocks >= random_state.gengateinterval) { @@ -289,8 +289,8 @@ read_random_real(void *buf, u_int count) if (!cur) { random_state.counter[0]++; yarrow_encrypt(&random_state.key, random_state.counter, - &genval); - memcpy(buf, &genval, count); + genval); + memcpy(buf, genval, count); cur = sizeof(random_state.counter) - count; if (++random_state.outputblocks >= random_state.gengateinterval) { @@ -301,9 +301,7 @@ read_random_real(void *buf, u_int count) } else { retval = cur < count ? cur : count; - memcpy(buf, - (char *)&genval + - (sizeof(random_state.counter) - cur), + memcpy(buf, &genval[sizeof(random_state.counter) - cur], retval); cur -= retval; } |