diff options
author | David Gwynne <dlg@cvs.openbsd.org> | 2018-02-07 01:50:49 +0000 |
---|---|---|
committer | David Gwynne <dlg@cvs.openbsd.org> | 2018-02-07 01:50:49 +0000 |
commit | 1e4d909200c81879d77914234c3a7bf587a7beb5 (patch) | |
tree | 5a6628a5c614c766a1425d28ae7a09dcb55561d8 /sys/net | |
parent | 173b776a9b3e108d364069e4b178f093c8ec36f0 (diff) |
unbreak strict alignment archs by using SIPHASH_KEY for siphash
keys, not uint8_t array.
found by sparc64.
probably ok henning@, but he's at coffee
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf_syncookies.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/sys/net/pf_syncookies.c b/sys/net/pf_syncookies.c index c0ee1f85501..511eb381997 100644 --- a/sys/net/pf_syncookies.c +++ b/sys/net/pf_syncookies.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_syncookies.c,v 1.1 2018/02/06 23:37:24 henning Exp $ */ +/* $OpenBSD: pf_syncookies.c,v 1.2 2018/02/07 01:50:48 dlg Exp $ */ /* Copyright (c) 2016,2017 Henning Brauer <henning@openbsd.org> * Copyright (c) 2016 Alexandr Nedvedicky <sashan@openbsd.org> @@ -110,13 +110,13 @@ union pf_syncookie { } flags; }; -#define PF_SYNCOOKIE_SECRET_SIZE 16 +#define PF_SYNCOOKIE_SECRET_SIZE SIPHASH_KEY_LENGTH #define PF_SYNCOOKIE_SECRET_LIFETIME 15 /* seconds */ static struct { struct timeout keytimeout; volatile uint oddeven; - uint8_t key[2][PF_SYNCOOKIE_SECRET_SIZE]; + SIPHASH_KEY key[2]; uint32_t hiwat; /* absolute; # of states */ uint32_t lowat; } pf_syncookie_status; @@ -241,8 +241,10 @@ pf_syncookie_rotate(void *arg) if (!pf_status.syncookies_active && pf_status.syncookies_inflight[0] == 0 && pf_status.syncookies_inflight[1] == 0) { - memset(pf_syncookie_status.key[0], 0, PF_SYNCOOKIE_SECRET_SIZE); - memset(pf_syncookie_status.key[1], 0, PF_SYNCOOKIE_SECRET_SIZE); + memset(&pf_syncookie_status.key[0], 0, + PF_SYNCOOKIE_SECRET_SIZE); + memset(&pf_syncookie_status.key[1], 0, + PF_SYNCOOKIE_SECRET_SIZE); return; } @@ -255,7 +257,7 @@ pf_syncookie_newkey(void) { pf_syncookie_status.oddeven = (pf_syncookie_status.oddeven + 1) & 0x1; pf_status.syncookies_inflight[pf_syncookie_status.oddeven] = 0; - arc4random_buf(pf_syncookie_status.key[pf_syncookie_status.oddeven], + arc4random_buf(&pf_syncookie_status.key[pf_syncookie_status.oddeven], PF_SYNCOOKIE_SECRET_SIZE); timeout_add_sec(&pf_syncookie_status.keytimeout, PF_SYNCOOKIE_SECRET_LIFETIME); @@ -287,8 +289,7 @@ pf_syncookie_mac(struct pf_pdesc *pd, union pf_syncookie cookie, uint32_t seq) KASSERT(pd->proto == IPPROTO_TCP); - SipHash24_Init(&ctx, - (SIPHASH_KEY *)&pf_syncookie_status.key[cookie.flags.oddeven]); + SipHash24_Init(&ctx, &pf_syncookie_status.key[cookie.flags.oddeven]); switch (pd->af) { case AF_INET: |