diff options
author | markm <markm@FreeBSD.org> | 2001-03-28 06:27:42 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2001-03-28 06:27:42 +0000 |
commit | e636d5eb802c973f2ec359fa6ba85e5aa6b47b6a (patch) | |
tree | 844517e61d77ec41dbf8d3813f73ff3b34cbb3d2 /sys/dev/random | |
parent | 0d2956305c981bdb8b1996f5cf2987ed4f991faf (diff) | |
download | FreeBSD-src-e636d5eb802c973f2ec359fa6ba85e5aa6b47b6a.zip FreeBSD-src-e636d5eb802c973f2ec359fa6ba85e5aa6b47b6a.tar.gz |
Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result.
Hard work done by: jhb
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/yarrow.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c index 542bece..4e3f174 100644 --- a/sys/dev/random/yarrow.c +++ b/sys/dev/random/yarrow.c @@ -255,9 +255,9 @@ reseed(u_int fastslow) u_int read_random_real(void *buf, u_int count) { - static u_int64_t genval; static int cur = 0; static int gate = 1; + static u_char genval[KEYSIZE]; u_int i; u_int retval; @@ -274,8 +274,8 @@ read_random_real(void *buf, u_int count) for (i = 0; i < count; i += sizeof(random_state.counter)) { random_state.counter[0]++; yarrow_encrypt(&random_state.key, random_state.counter, - &genval); - memcpy((char *)buf + i, &genval, + genval); + memcpy((char *)buf + i, genval, sizeof(random_state.counter)); if (++random_state.outputblocks >= random_state.gengateinterval) { @@ -289,8 +289,8 @@ read_random_real(void *buf, u_int count) if (!cur) { random_state.counter[0]++; yarrow_encrypt(&random_state.key, random_state.counter, - &genval); - memcpy(buf, &genval, count); + genval); + memcpy(buf, genval, count); cur = sizeof(random_state.counter) - count; if (++random_state.outputblocks >= random_state.gengateinterval) { @@ -301,9 +301,7 @@ read_random_real(void *buf, u_int count) } else { retval = cur < count ? cur : count; - memcpy(buf, - (char *)&genval + - (sizeof(random_state.counter) - cur), + memcpy(buf, &genval[sizeof(random_state.counter) - cur], retval); cur -= retval; } |