summaryrefslogtreecommitdiffhomepage
path: root/src/hashtables.c
AgeCommit message (Collapse)Author
2016-11-29hashtable: use random number each timeJason A. Donenfeld
Otherwise timing information might leak information about prior index entries. We also switch back to an explicit uint64_t because siphash needs something at least that size. (This partially reverts 1550e9ba597946c88e3e7e3e8dcf33c13dd76e5b. Willy's suggestion was wrong.) Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-21headers: cleanup noticesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-15various: nits from willyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-11-05c89: the static keyword is okay in c99, but not in c89Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-09-29Rework headers and includesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-22hashtables: use rdrand() instead of counterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-08-02c: specify static array size in function paramsJason A. Donenfeld
The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-07-22index hashtable: run random indices through siphashJason A. Donenfeld
If /dev/urandom is a NOBUS RNG backdoor, like the infamous Dual_EC_DRBG, then sending 4 bytes of raw RNG output over the wire directly might not be such a great idea. This mitigates that vulnerability by, at some point before the indices are generated, creating a random secret. Then, for each session index, we simply run SipHash24 on an incrementing counter. This is probably overkill because /dev/urandom is probably not a backdoored RNG, and itself already uses several rounds of SHA-1 for mixing. If the kernel RNG is backdoored, there may very well be bigger problems at play. Four bytes is also not so many bytes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-06-25Initial commitJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>