diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-04-21 15:20:41 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2015-04-21 15:20:41 +0100 |
commit | a580a748b7c70b25a4c9b0cd4250919393c7c671 (patch) | |
tree | 36ca5f76e57f57920ab578e1ecf034103db2ce7a /src | |
parent | 89ab03e9b072862caf3c9727264836688a458f8d (diff) | |
download | rspamd-a580a748b7c70b25a4c9b0cd4250919393c7c671.tar.gz rspamd-a580a748b7c70b25a4c9b0cd4250919393c7c671.zip |
Use non-predictable hash seed to avoid collision attacks.
Diffstat (limited to 'src')
-rw-r--r-- | src/libserver/cfg_utils.c | 2 | ||||
-rw-r--r-- | src/libutil/keypairs_cache.c | 2 | ||||
-rw-r--r-- | src/libutil/logger.c | 2 | ||||
-rw-r--r-- | src/libutil/util.c | 18 | ||||
-rw-r--r-- | src/libutil/util.h | 6 | ||||
-rw-r--r-- | src/main.c | 16 |
6 files changed, 32 insertions, 14 deletions
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c index cee241bbc..450bde0a7 100644 --- a/src/libserver/cfg_utils.c +++ b/src/libserver/cfg_utils.c @@ -791,7 +791,7 @@ rspamd_ucl_fin_cb (rspamd_mempool_t * pool, struct map_cb_data *data) return; } - checksum = XXH32 (cbdata->buf->str, cbdata->buf->len, 0xdead); + checksum = XXH64 (cbdata->buf->str, cbdata->buf->len, 0); if (data->map->checksum != checksum) { /* New data available */ parser = ucl_parser_new (0); diff --git a/src/libutil/keypairs_cache.c b/src/libutil/keypairs_cache.c index 20e7678e1..532eaa373 100644 --- a/src/libutil/keypairs_cache.c +++ b/src/libutil/keypairs_cache.c @@ -53,7 +53,7 @@ rspamd_keypair_hash (gconstpointer ptr) { struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr; - return XXH32 (elt->pair, sizeof (elt->pair), 0xdeadbabe); + return XXH64 (elt->pair, sizeof (elt->pair), rspamd_hash_seed ()); } static gboolean diff --git a/src/libutil/logger.c b/src/libutil/logger.c index 65a85c753..fdfc79ba7 100644 --- a/src/libutil/logger.c +++ b/src/libutil/logger.c @@ -86,7 +86,7 @@ file_log_function (const gchar * log_domain, const gchar *function, static inline guint32 rspamd_log_calculate_cksum (const gchar *message, size_t mlen) { - return XXH32 (message, mlen, 0xdeadbeef); + return XXH32 (message, mlen, rspamd_hash_seed ()); } /* diff --git a/src/libutil/util.c b/src/libutil/util.c index 9d79237de..efb2f7e13 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -1271,7 +1271,7 @@ rspamd_icase_hash (const gchar *in, gsize len) XXH64_state_t st; fp = len - leftover; - XXH64_reset (&st, 0xdeadbabe); + XXH64_reset (&st, rspamd_hash_seed ()); for (i = 0; i != fp; i += 4) { u.c.c1 = s[i], u.c.c2 = s[i + 1], u.c.c3 = s[i + 2], u.c.c4 = s[i + 3]; @@ -1315,7 +1315,7 @@ rspamd_str_hash (gconstpointer key) len = strlen ((const gchar *)key); - return XXH64 (key, len, 0xdeadbabe); + return XXH64 (key, len, rspamd_hash_seed ()); } gboolean @@ -1545,7 +1545,7 @@ rspamd_url_hash (gconstpointer u) const struct rspamd_url *url = u; XXH64_state_t st; - XXH64_reset (&st, 0xdeadbabe); + XXH64_reset (&st, rspamd_hash_seed ()); if (url->hostlen > 0) { XXH64_update (&st, url->host, url->hostlen); @@ -2411,3 +2411,15 @@ rspamd_init_libs (void) g_mime_init (0); #endif } + +guint64 +rspamd_hash_seed (void) +{ + static guint64 seed; + + if (seed == 0) { + seed = ottery_rand_uint64 (); + } + + return seed; +} diff --git a/src/libutil/util.h b/src/libutil/util.h index b3d7f42e0..6b8b7f3ad 100644 --- a/src/libutil/util.h +++ b/src/libutil/util.h @@ -460,4 +460,10 @@ void rspamd_array_free_hard (gpointer p); */ void rspamd_init_libs (void); +/** + * Returns some statically initialized random hash seed + * @return hash seed + */ +guint64 rspamd_hash_seed (void); + #endif diff --git a/src/main.c b/src/main.c index 4d541c4e4..c1f3f8a4b 100644 --- a/src/main.c +++ b/src/main.c @@ -593,30 +593,30 @@ fork_delayed (struct rspamd_main *rspamd) static inline uintptr_t make_listen_key (struct rspamd_worker_bind_conf *cf) { - gpointer xxh; + XXH64_state_t st; guint i, keylen; guint8 *key; rspamd_inet_addr_t *addr; guint16 port; - xxh = XXH32_init (0xdeadbeef); + XXH64_reset (&st, rspamd_hash_seed ()); if (cf->is_systemd) { - XXH32_update (xxh, "systemd", sizeof ("systemd")); - XXH32_update (xxh, &cf->cnt, sizeof (cf->cnt)); + XXH64_update (&st, "systemd", sizeof ("systemd")); + XXH64_update (&st, &cf->cnt, sizeof (cf->cnt)); } else { - XXH32_update (xxh, cf->name, strlen (cf->name)); + XXH64_update (&st, cf->name, strlen (cf->name)); for (i = 0; i < cf->cnt; i ++) { addr = g_ptr_array_index (cf->addrs, i); key = rspamd_inet_address_get_radix_key ( addr, &keylen); - XXH32_update (xxh, key, keylen); + XXH64_update (&st, key, keylen); port = rspamd_inet_address_get_port (addr); - XXH32_update (xxh, &port, sizeof (port)); + XXH64_update (&st, &port, sizeof (port)); } } - return XXH32_digest (xxh); + return XXH64_digest (&st); } static void |