github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
f99510dc9a
linux/lib
History
Daniel Borkmann e29507fecb random32: fix off-by-one in seeding requirement 
[ Upstream commit 51c37a70aa ]

For properly initialising the Tausworthe generator [1], we have
a strict seeding requirement, that is, s1 > 1, s2 > 7, s3 > 15.

Commit 697f8d0348 ("random32: seeding improvement") introduced
a __seed() function that imposes boundary checks proposed by the
errata paper [2] to properly ensure above conditions.

However, we're off by one, as the function is implemented as:
"return (x < m) ? x + m : x;", and called with __seed(X, 1),
__seed(X, 7), __seed(X, 15). Thus, an unwanted seed of 1, 7, 15
would be possible, whereas the lower boundary should actually
be of at least 2, 8, 16, just as GSL does. Fix this, as otherwise
an initialization with an unwanted seed could have the effect
that Tausworthe's PRNG properties cannot not be ensured.

Note that this PRNG is *not* used for cryptography in the kernel.

 [1] http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
 [2] http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme2.ps

Joint work with Hannes Frederic Sowa.

Fixes: 697f8d0348 ("random32: seeding improvement")
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-12-08 07:29:24 -08:00
..
lzo lib/lzo: Update LZO compression to current upstream version 2013-02-20 19:36:01 +01:00
mpi lib/mpi/mpicoder.c: looping issue, need stop when equal to zero, found by 'EXTRA_FLAGS=-W'. 2013-06-12 16:29:44 -07:00
raid6
reed_solomon
xz decompressors: fix typo "POWERPC" 2013-03-13 15:21:48 -07:00
zlib_deflate
zlib_inflate
.gitignore
argv_split.c argv_split(): teach it to handle mutable strings 2013-04-29 18:28:19 -07:00
asn1_decoder.c
atomic64_test.c
atomic64.c
audit.c
average.c
bcd.c
bch.c
bitmap.c
bitrev.c
bsearch.c
btree.c
bug.c
build_OID_registry
bust_spinlocks.c printk: Provide a wake_up_klogd() off-case 2013-03-22 16:41:20 -07:00
check_signature.c
checksum.c asm-generic headers: Allow yet more arch overrides in checksum.h 2013-02-11 20:00:33 +05:30
clz_tab.c
cmdline.c
cordic.c
cpu_rmap.c
cpu-notifier-error-inject.c
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc7.c
crc8.c
crc16.c
crc32.c
crc32defs.h
ctype.c
debug_locks.c
debugobjects.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
dec_and_lock.c
decompress_bunzip2.c
decompress_inflate.c
decompress_unlzma.c
decompress_unlzo.c lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c 2013-02-20 19:36:00 +01:00
decompress_unxz.c
decompress.c lib/decompress.c: fix initconst 2013-04-30 17:04:09 -07:00
devres.c lib/devres.c: fix misplaced #endif 2013-02-27 19:10:09 -08:00
digsig.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-02-21 08:18:12 -08:00
div64.c Revert "math64: New div64_u64_rem helper" 2013-04-30 19:13:05 +02:00
dma-debug.c dma-debug: update DMA debug API to better handle multiple mappings of a buffer 2013-03-22 16:41:20 -07:00
dump_stack.c dump_stack: consolidate dump_stack() implementations and unify their behaviors 2013-04-30 17:04:02 -07:00
dynamic_debug.c dynamic_debug: reuse generic string_unescape function 2013-04-30 17:04:03 -07:00
dynamic_queue_limits.c
earlycpio.c
extable.c
fault-inject.c lib/: rename random32() to prandom_u32() 2013-04-29 18:28:42 -07:00
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
fdt.c
find_last_bit.c
find_next_bit.c
flex_array.c
flex_proportions.c
gcd.c
gen_crc32table.c
genalloc.c genalloc: add devres support, allow to find a managed pool by device 2013-04-29 18:28:13 -07:00
halfmd4.c
hexdump.c
hweight.c
idr.c idr: introduce idr_alloc_cyclic() 2013-04-29 18:28:41 -07:00
inflate.c
int_sqrt.c lib/int_sqrt.c: optimize square root algorithm 2013-04-29 18:28:19 -07:00
interval_tree_test_main.c
interval_tree.c
iomap_copy.c
iomap.c
iommu-helper.c
ioremap.c
iovec.c Hoist memcpy_fromiovec/memcpy_toiovec into lib/ 2013-05-20 10:24:22 +09:30
irq_regs.c
is_single_threaded.c
jedec_ddr_data.c
kasprintf.c
Kconfig Move utf16 functions to kernel core and rename 2013-04-15 21:23:03 +01:00
Kconfig.debug lib/Kconfig.debug: Restrict FRAME_POINTER for MIPS 2013-07-28 16:30:12 -07:00
Kconfig.kgdb KGDB/KDB fixes and cleanups 2013-03-02 08:31:39 -08:00
Kconfig.kmemcheck
kfifo.c kfifo: fix kfifo_alloc() and kfifo_init() 2013-02-27 19:10:23 -08:00
klist.c klist: del waiter from klist_remove_waiters before wakeup waitting process 2013-05-21 10:16:39 -07:00
kobject_uevent.c
kobject.c kref: minor cleanup 2013-05-07 16:09:00 -07:00
kstrtox.c
kstrtox.h
lcm.c
libcrc32c.c
list_debug.c
list_sort.c lib/: rename random32() to prandom_u32() 2013-04-29 18:28:42 -07:00
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c lockdep: Selftest: convert spinlock to raw spinlock 2013-02-19 08:43:35 +01:00
lru_cache.c lru_cache: introduce lc_get_cumulative() 2013-03-22 22:17:36 -06:00
Makefile lib: make iovec obj instead of lib 2013-05-23 09:17:11 -07:00
md5.c
memory-notifier-error-inject.c
memweight.c
nlattr.c
notifier-error-inject.c mode_t, whack-a-mole at 11... 2013-04-09 14:13:05 -04:00
notifier-error-inject.h
of-reconfig-notifier-error-inject.c
oid_registry.c Give the OID registry file module info to avoid kernel tainting 2013-05-05 14:38:00 -07:00
parser.c lib/parser.c: fix up comments for valid return values from match_number 2013-02-21 17:22:25 -08:00
pci_iomap.c
percpu_counter.c
percpu-rwsem.c
plist.c
pm-notifier-error-inject.c
prio_heap.c
proportions.c
radix-tree.c
random32.c random32: fix off-by-one in seeding requirement 2013-12-08 07:29:24 -08:00
ratelimit.c
rational.c
rbtree_test.c rbtree_test: add __init/__exit annotations 2013-04-30 17:04:07 -07:00
rbtree.c
reciprocal_div.c
rwsem-spinlock.c rwsem: simplify __rwsem_do_wake 2013-05-07 07:20:16 -07:00
rwsem.c rwsem: check counter to avoid cmpxchg calls 2013-05-07 16:11:51 -07:00
scatterlist.c lib/scatterlist.c: don't flush_kernel_dcache_page on slab page 2013-11-13 12:05:33 +09:00
sha1.c
show_mem.c mm, show_mem: suppress page counts in non-blockable contexts 2013-04-29 15:54:28 -07:00
smp_processor_id.c
sort.c
spinlock_debug.c
stmp_device.c
string_helpers.c lib/string_helpers: introduce generic string_unescape 2013-04-30 17:04:03 -07:00
string.c
strncpy_from_user.c
strnlen_user.c
swiotlb.c x86, kdump: Set crashkernel_low automatically 2013-04-17 12:35:32 -07:00
syscall.c
test-kstrtox.c
test-string_helpers.c lib/string_helpers: introduce generic string_unescape 2013-04-30 17:04:03 -07:00
textsearch.c
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ucs2_string.c Move utf16 functions to kernel core and rename 2013-04-15 21:23:03 +01:00
usercopy.c Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 2013-04-30 17:04:09 -07:00
uuid.c uuid: use prandom_bytes() 2013-04-29 18:28:42 -07:00
vsprintf.c vsprintf: check real user/group id for %pK 2013-12-04 10:56:06 -08:00