diff options
| author |   Eric Dumazet <edumazet@google.com> | 2019-03-27 12:40:33 -0700 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2019-03-27 14:29:26 -0700 |
| commit | df453700e8d81b1bdafdf684365ee2b9431fb702 (patch) | |
| tree | cb7ea20a23956471c8362fd5d687822fd3ecc5cf /include/linux/siphash.h | |
| parent | net: phy: mdio-bcm-unimac: remove redundant !timeout check (diff) | |
| download | linux-dev-df453700e8d81b1bdafdf684365ee2b9431fb702.tar.xz linux-dev-df453700e8d81b1bdafdf684365ee2b9431fb702.zip | |
inet: switch IP ID generator to siphash
According to Amit Klein and Benny Pinkas, IP ID generation is too weak
and might be used by attackers.
Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
having 64bit key and Jenkins hash is risky.
It is time to switch to siphash and its 128bit keys.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reported-by: Benny Pinkas <benny@pinkas.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/siphash.h')
| -rw-r--r-- | include/linux/siphash.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/siphash.h b/include/linux/siphash.h index fa7a6b9cedbf..bf21591a9e5e 100644 --- a/include/linux/siphash.h +++ b/include/linux/siphash.h @@ -21,6 +21,11 @@ typedef struct { u64 key[2]; } siphash_key_t; +static inline bool siphash_key_is_zero(const siphash_key_t *key) +{ + return !(key->key[0] | key->key[1]); +} + u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key); #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key); |