summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2018-02-07 01:50:49 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2018-02-07 01:50:49 +0000
commit1e4d909200c81879d77914234c3a7bf587a7beb5 (patch)
tree5a6628a5c614c766a1425d28ae7a09dcb55561d8 /sys/net
parent173b776a9b3e108d364069e4b178f093c8ec36f0 (diff)
unbreak strict alignment archs by using SIPHASH_KEY for siphash
keys, not uint8_t array. found by sparc64. probably ok henning@, but he's at coffee
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pf_syncookies.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/sys/net/pf_syncookies.c b/sys/net/pf_syncookies.c
index c0ee1f85501..511eb381997 100644
--- a/sys/net/pf_syncookies.c
+++ b/sys/net/pf_syncookies.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_syncookies.c,v 1.1 2018/02/06 23:37:24 henning Exp $ */
+/* $OpenBSD: pf_syncookies.c,v 1.2 2018/02/07 01:50:48 dlg Exp $ */
/* Copyright (c) 2016,2017 Henning Brauer <henning@openbsd.org>
* Copyright (c) 2016 Alexandr Nedvedicky <sashan@openbsd.org>
@@ -110,13 +110,13 @@ union pf_syncookie {
} flags;
};
-#define PF_SYNCOOKIE_SECRET_SIZE 16
+#define PF_SYNCOOKIE_SECRET_SIZE SIPHASH_KEY_LENGTH
#define PF_SYNCOOKIE_SECRET_LIFETIME 15 /* seconds */
static struct {
struct timeout keytimeout;
volatile uint oddeven;
- uint8_t key[2][PF_SYNCOOKIE_SECRET_SIZE];
+ SIPHASH_KEY key[2];
uint32_t hiwat; /* absolute; # of states */
uint32_t lowat;
} pf_syncookie_status;
@@ -241,8 +241,10 @@ pf_syncookie_rotate(void *arg)
if (!pf_status.syncookies_active &&
pf_status.syncookies_inflight[0] == 0 &&
pf_status.syncookies_inflight[1] == 0) {
- memset(pf_syncookie_status.key[0], 0, PF_SYNCOOKIE_SECRET_SIZE);
- memset(pf_syncookie_status.key[1], 0, PF_SYNCOOKIE_SECRET_SIZE);
+ memset(&pf_syncookie_status.key[0], 0,
+ PF_SYNCOOKIE_SECRET_SIZE);
+ memset(&pf_syncookie_status.key[1], 0,
+ PF_SYNCOOKIE_SECRET_SIZE);
return;
}
@@ -255,7 +257,7 @@ pf_syncookie_newkey(void)
{
pf_syncookie_status.oddeven = (pf_syncookie_status.oddeven + 1) & 0x1;
pf_status.syncookies_inflight[pf_syncookie_status.oddeven] = 0;
- arc4random_buf(pf_syncookie_status.key[pf_syncookie_status.oddeven],
+ arc4random_buf(&pf_syncookie_status.key[pf_syncookie_status.oddeven],
PF_SYNCOOKIE_SECRET_SIZE);
timeout_add_sec(&pf_syncookie_status.keytimeout,
PF_SYNCOOKIE_SECRET_LIFETIME);
@@ -287,8 +289,7 @@ pf_syncookie_mac(struct pf_pdesc *pd, union pf_syncookie cookie, uint32_t seq)
KASSERT(pd->proto == IPPROTO_TCP);
- SipHash24_Init(&ctx,
- (SIPHASH_KEY *)&pf_syncookie_status.key[cookie.flags.oddeven]);
+ SipHash24_Init(&ctx, &pf_syncookie_status.key[cookie.flags.oddeven]);
switch (pd->af) {
case AF_INET: