On Tue, May 24, 2022 at 09:55:39PM +0300, Stefan Ghinea wrote:
> From: Willy Tarreau <w@xxxxxx>
>
> commit b2d057560b8107c633b39aabe517ff9d93f285e3 upstream
>
> SipHash replaced MD5 in secure_ipv{4,6}_port_ephemeral() via commit
> 7cd23e5300c1 ("secure_seq: use SipHash in place of MD5"), but the output
> remained truncated to 32-bit only. In order to exploit more bits from the
> hash, let's make the functions return the full 64-bit of siphash_3u32().
> We also make sure the port offset calculation in __inet_hash_connect()
> remains done on 32-bit to avoid the need for div_u64_rem() and an extra
> cost on 32-bit systems.
>
> Cc: Jason A. Donenfeld <Jason@xxxxxxxxx>
> Cc: Moshe Kol <moshe.kol@xxxxxxxxxxxxxxx>
> Cc: Yossi Gilad <yossi.gilad@xxxxxxxxxxxxxxx>
> Cc: Amit Klein <aksecurity@xxxxxxxxx>
> Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Signed-off-by: Willy Tarreau <w@xxxxxx>
> Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> [SG: Adjusted context]
> Signed-off-by: Stefan Ghinea <stefan.ghinea@xxxxxxxxxxxxx>
All now queued up, thanks.
greg k-h
