Switch CRYPTO_BUFFER_POOL to SipHash-2-4.
This hash table, in applications that use pooling, can dedup received
certificates in memory and thus should use a keyed hash.
Change-Id: Idc40dc8f7463025183121642b30ea0de43ebac0e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51125
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/pool/internal.h b/crypto/pool/internal.h
index b39ee42..f9f4838 100644
--- a/crypto/pool/internal.h
+++ b/crypto/pool/internal.h
@@ -39,6 +39,7 @@
struct crypto_buffer_pool_st {
LHASH_OF(CRYPTO_BUFFER) *bufs;
CRYPTO_MUTEX lock;
+ const uint64_t hash_key[2];
};
diff --git a/crypto/pool/pool.c b/crypto/pool/pool.c
index 89bf4c2..e889f52 100644
--- a/crypto/pool/pool.c
+++ b/crypto/pool/pool.c
@@ -19,6 +19,8 @@
#include <openssl/bytestring.h>
#include <openssl/mem.h>
+#include <openssl/rand.h>
+#include <openssl/siphash.h>
#include <openssl/thread.h>
#include "../internal.h"
@@ -26,10 +28,13 @@
static uint32_t CRYPTO_BUFFER_hash(const CRYPTO_BUFFER *buf) {
- return OPENSSL_hash32(buf->data, buf->len);
+ return (uint32_t)SIPHASH_24(buf->pool->hash_key, buf->data, buf->len);
}
static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) {
+ // Only |CRYPTO_BUFFER|s from the same pool have compatible hashes.
+ assert(a->pool != NULL);
+ assert(a->pool == b->pool);
if (a->len != b->len) {
return 1;
}
@@ -50,6 +55,7 @@
}
CRYPTO_MUTEX_init(&pool->lock);
+ RAND_bytes((uint8_t *)&pool->hash_key, sizeof(pool->hash_key));
return pool;
}
@@ -84,6 +90,7 @@
CRYPTO_BUFFER tmp;
tmp.data = (uint8_t *) data;
tmp.len = len;
+ tmp.pool = pool;
CRYPTO_MUTEX_lock_read(&pool->lock);
CRYPTO_BUFFER *duplicate = lh_CRYPTO_BUFFER_retrieve(pool->bufs, &tmp);