From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 169365A0271 for ; Thu, 28 Sep 2023 03:21:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1695864065; bh=HKAdz01TsEDkzQrmFtiaXyZqt8mZoQymnEw6qNM3rPc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hZZ4tJ4ARpryS0SpCoezCqj6V8iWLwC565ycafQVBXIgL+fTk6krla/NZW1BY4PeT TW57DTfASER8L+kpJkCQZgsO1tKZyLS0lZqrydcgyRWE8vwXMbYUBxpYxzY9Du9USn SlI0WUo9LTbKS8llUkVWhIOvJ7GEZgchTsT38r+k= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4RwwfT050Xz4xRx; Thu, 28 Sep 2023 11:21:05 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH v2 05/10] siphash: Fix bug in state initialisation Date: Thu, 28 Sep 2023 11:20:57 +1000 Message-ID: <20230928012102.1446180-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230928012102.1446180-1-david@gibson.dropbear.id.au> References: <20230928012102.1446180-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: JMI5TVDK55L47BC5MRX3YV6USZU3TUJG X-Message-ID-Hash: JMI5TVDK55L47BC5MRX3YV6USZU3TUJG X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The SipHash algorithm starts with initializing the 32 bytes of internal state with some magic numbers XORed with the hash key. However, our implementation has a bug - rather than XORing the hash key, it *sets* the initial state to copies of the key. I don't know if that affects any of the cryptographic properties of SipHash but it's not what we should be doing. Fix it. Signed-off-by: David Gibson --- siphash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/siphash.c b/siphash.c index ec39793..6932da2 100644 --- a/siphash.c +++ b/siphash.c @@ -65,7 +65,7 @@ \ do { \ for (__i = sizeof(v) / sizeof(v[0]) - 1; __i >= 0; __i--) \ - v[__i] = k[__i % 2]; \ + v[__i] ^= k[__i % 2]; \ } while (0) /** -- 2.41.0