svn commit: r338241 - head/sys/netinet

Michael Tuexen tuexen at FreeBSD.org
Thu Aug 23 06:04:00 UTC 2018 

Author: tuexen
Date: Thu Aug 23 06:03:59 2018
New Revision: 338241
URL: https://svnweb.freebsd.org/changeset/base/338241

Log:
  Don't use the explicit number 32 for the length of the secrets,
  use sizeof() or explicit #definesi instead. No functional change.
  This was suggested by jmg at .
  
  MFC after:		1 month
  XMFC with:		r338053
  Sponsored by:		Netflix, Inc.

Modified:
  head/sys/netinet/tcp_subr.c

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Thu Aug 23 05:08:38 2018	(r338240)
+++ head/sys/netinet/tcp_subr.c	Thu Aug 23 06:03:59 2018	(r338241)
@@ -233,7 +233,8 @@ VNET_DEFINE(uma_zone_t, sack_hole_zone);
 VNET_DEFINE(struct hhook_head *, tcp_hhh[HHOOK_TCP_LAST+1]);
 #endif
 
-VNET_DEFINE_STATIC(u_char, ts_offset_secret[32]);
+#define TS_OFFSET_SECRET_LENGTH 32
+VNET_DEFINE_STATIC(u_char, ts_offset_secret[TS_OFFSET_SECRET_LENGTH]);
 #define	V_ts_offset_secret	VNET(ts_offset_secret)
 
 static int	tcp_default_fb_init(struct tcpcb *tp);
@@ -2608,7 +2609,7 @@ out:
 #endif /* INET6 */
 
 static uint32_t
-tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
+tcp_keyed_hash(struct in_conninfo *inc, u_char *key, u_int len)
 {
 	MD5_CTX ctx;
 	uint32_t hash[4];
@@ -2630,7 +2631,7 @@ tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
 		break;
 #endif
 	}
-	MD5Update(&ctx, key, 32);
+	MD5Update(&ctx, key, len);
 	MD5Final((unsigned char *)hash, &ctx);
 
 	return (hash[0]);
@@ -2639,7 +2640,8 @@ tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
 uint32_t
 tcp_new_ts_offset(struct in_conninfo *inc)
 {
-	return (tcp_keyed_hash(inc, V_ts_offset_secret));
+	return (tcp_keyed_hash(inc, V_ts_offset_secret,
+	    sizeof(V_ts_offset_secret)));
 }
 
 /*
@@ -2689,8 +2691,9 @@ tcp_new_ts_offset(struct in_conninfo *inc)
 #define ISN_BYTES_PER_SECOND 1048576
 #define ISN_STATIC_INCREMENT 4096
 #define ISN_RANDOM_INCREMENT (4096 - 1)
+#define ISN_SECRET_LENGTH    32
 
-VNET_DEFINE_STATIC(u_char, isn_secret[32]);
+VNET_DEFINE_STATIC(u_char, isn_secret[ISN_SECRET_LENGTH]);
 VNET_DEFINE_STATIC(int, isn_last);
 VNET_DEFINE_STATIC(int, isn_last_reseed);
 VNET_DEFINE_STATIC(u_int32_t, isn_offset);
@@ -2718,7 +2721,8 @@ tcp_new_isn(struct in_conninfo *inc)
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	new_isn = (tcp_seq)tcp_keyed_hash(inc, V_isn_secret);
+	new_isn = (tcp_seq)tcp_keyed_hash(inc, V_isn_secret,
+	    sizeof(V_isn_secret));
 	V_isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);
 	if (ticks != V_isn_last) {

More information about the svn-src-head mailing list