diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2011-01-01 19:43:05 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2011-01-01 19:43:05 +0000 |
| commit | 25ac652a8e006039c713396c0af30b341fc0d6f1 (patch) | |
| tree | 63fb3a293db84a2deded3330cb2133150669d6b5 /sys | |
| parent | 861557df55456939af292f50e35805d1626a90c3 (diff) | |
Do not fold the MD5 in half. This might have made sense to someone when
we were feeding the MD5 output direct to consumers, but now we only feed
the RC4, so the effect is to throw away half of the stretched data.
ok tedu djm, initial discussion started by kjell
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/dev/rnd.c | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 9eaeab366ee..3225b82a10b 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.120 2011/01/01 01:41:02 deraadt Exp $ */ +/* $OpenBSD: rnd.c,v 1.121 2011/01/01 19:43:04 deraadt Exp $ */ /* * Copyright (c) 1996, 1997, 2000-2002 Michael Shalayeff. @@ -351,10 +351,7 @@ extract_entropy(u_int8_t *buf, int nbytes) add_timer_randomness(nbytes); while (nbytes) { - if (nbytes < sizeof(buffer) / 2) - i = nbytes; - else - i = sizeof(buffer) / 2; + i = MIN(nbytes, sizeof(buffer)); /* Hash the pool to get the output */ MD5Init(&tmp); @@ -368,19 +365,6 @@ extract_entropy(u_int8_t *buf, int nbytes) mtx_leave(&rndlock); MD5Final(buffer, &tmp); - /* - * In case the hash function has some recognizable - * output pattern, we fold it in half. - */ - buffer[0] ^= buffer[15]; - buffer[1] ^= buffer[14]; - buffer[2] ^= buffer[13]; - buffer[3] ^= buffer[12]; - buffer[4] ^= buffer[11]; - buffer[5] ^= buffer[10]; - buffer[6] ^= buffer[ 9]; - buffer[7] ^= buffer[ 8]; - /* Copy data to destination buffer */ bcopy(buffer, buf, i); nbytes -= i; |