Pandora Sourcecodes - pandora-kernel.git/commit

author	Daniel Borkmann <dborkman@redhat.com>
	Mon, 11 Nov 2013 11:20:32 +0000 (12:20 +0100)
committer	David S. Miller <davem@davemloft.net>
	Mon, 11 Nov 2013 19:32:14 +0000 (14:32 -0500)
commit	51c37a70aaa3f95773af560e6db3073520513912
tree	00da845e9ecfa8ba58e618b9d472d81dc6ddfd41	tree \| snapshot
parent	129596674c00352cbbb1efaf36db50726fd374ef	commit \| diff

random32: fix off-by-one in seeding requirement

For properly initialising the Tausworthe generator [1], we have
a strict seeding requirement, that is, s1 > 1, s2 > 7, s3 > 15.

Commit 697f8d0348 ("random32: seeding improvement") introduced
a __seed() function that imposes boundary checks proposed by the
errata paper [2] to properly ensure above conditions.

However, we're off by one, as the function is implemented as:
"return (x < m) ? x + m : x;", and called with __seed(X, 1),
__seed(X, 7), __seed(X, 15). Thus, an unwanted seed of 1, 7, 15
would be possible, whereas the lower boundary should actually
be of at least 2, 8, 16, just as GSL does. Fix this, as otherwise
an initialization with an unwanted seed could have the effect
that Tausworthe's PRNG properties cannot not be ensured.

Note that this PRNG is *not* used for cryptography in the kernel.

[1] http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
[2] http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme2.ps

Joint work with Hannes Frederic Sowa.

Fixes: 697f8d0348a6 ("random32: seeding improvement")
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/random.h		diff \| blob \| history
lib/random32.c		diff \| blob \| history