leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipv4: use siphash instead of Jenkins in fnhe_hashfun()

Browse Source 
A group of security researchers brought to our attention
the weakness of hash function used in fnhe_hashfun().

Lets use siphash instead of Jenkins Hash, to considerably
reduce security risks.

Also remove the inline keyword, this really is distracting.

Fixes: d546c62154 ("ipv4: harden fnhe_hashfun()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Keyu Man <kman001@ucr.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet 2021-08-25 16:17:29 -07:00 committed by David S. Miller
parent 4785305c05
commit 6457378fe7
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/ipv4/route.c
View File

@ -600,14 +600,14 @@ static struct fib_nh_exception *fnhe_oldest(struct fnhe_hash_bucket *hash)
return oldest; return oldest;
} }
static inline u32 fnhe_hashfun(__be32 daddr) static u32 fnhe_hashfun(__be32 daddr)
{ {
static u32 fnhe_hashrnd __read_mostly; static siphash_key_t fnhe_hash_key __read_mostly;
u32 hval; u64 hval;
net_get_random_once(&fnhe_hashrnd, sizeof(fnhe_hashrnd)); net_get_random_once(&fnhe_hash_key, sizeof(fnhe_hash_key));
hval = jhash_1word((__force u32)daddr, fnhe_hashrnd); hval = siphash_1u32((__force u32)daddr, &fnhe_hash_key);
return hash_32(hval, FNHE_HASH_SHIFT); return hash_64(hval, FNHE_HASH_SHIFT);
} }
static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe) static void fill_route_from_fnhe(struct rtable *rt, struct fib_nh_exception *fnhe)