From owner-svn-src-head@freebsd.org  Thu Aug 23 06:04:00 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 796F61081DDE;
 Thu, 23 Aug 2018 06:04:00 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1F6FA82373;
 Thu, 23 Aug 2018 06:04:00 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF2391E10E;
 Thu, 23 Aug 2018 06:03:59 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7N63xBB093339;
 Thu, 23 Aug 2018 06:03:59 GMT (envelope-from tuexen@FreeBSD.org)
Received: (from tuexen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7N63xbI093338;
 Thu, 23 Aug 2018 06:03:59 GMT (envelope-from tuexen@FreeBSD.org)
Message-Id: <201808230603.w7N63xbI093338@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: tuexen set sender to
 tuexen@FreeBSD.org using -f
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Thu, 23 Aug 2018 06:03:59 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r338241 - head/sys/netinet
X-SVN-Group: head
X-SVN-Commit-Author: tuexen
X-SVN-Commit-Paths: head/sys/netinet
X-SVN-Commit-Revision: 338241
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2018 06:04:00 -0000

Author: tuexen
Date: Thu Aug 23 06:03:59 2018
New Revision: 338241
URL: https://svnweb.freebsd.org/changeset/base/338241

Log:
  Don't use the explicit number 32 for the length of the secrets,
  use sizeof() or explicit #definesi instead. No functional change.
  This was suggested by jmg@.
  
  MFC after:		1 month
  XMFC with:		r338053
  Sponsored by:		Netflix, Inc.

Modified:
  head/sys/netinet/tcp_subr.c

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Thu Aug 23 05:08:38 2018	(r338240)
+++ head/sys/netinet/tcp_subr.c	Thu Aug 23 06:03:59 2018	(r338241)
@@ -233,7 +233,8 @@ VNET_DEFINE(uma_zone_t, sack_hole_zone);
 VNET_DEFINE(struct hhook_head *, tcp_hhh[HHOOK_TCP_LAST+1]);
 #endif
 
-VNET_DEFINE_STATIC(u_char, ts_offset_secret[32]);
+#define TS_OFFSET_SECRET_LENGTH 32
+VNET_DEFINE_STATIC(u_char, ts_offset_secret[TS_OFFSET_SECRET_LENGTH]);
 #define	V_ts_offset_secret	VNET(ts_offset_secret)
 
 static int	tcp_default_fb_init(struct tcpcb *tp);
@@ -2608,7 +2609,7 @@ out:
 #endif /* INET6 */
 
 static uint32_t
-tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
+tcp_keyed_hash(struct in_conninfo *inc, u_char *key, u_int len)
 {
 	MD5_CTX ctx;
 	uint32_t hash[4];
@@ -2630,7 +2631,7 @@ tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
 		break;
 #endif
 	}
-	MD5Update(&ctx, key, 32);
+	MD5Update(&ctx, key, len);
 	MD5Final((unsigned char *)hash, &ctx);
 
 	return (hash[0]);
@@ -2639,7 +2640,8 @@ tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
 uint32_t
 tcp_new_ts_offset(struct in_conninfo *inc)
 {
-	return (tcp_keyed_hash(inc, V_ts_offset_secret));
+	return (tcp_keyed_hash(inc, V_ts_offset_secret,
+	    sizeof(V_ts_offset_secret)));
 }
 
 /*
@@ -2689,8 +2691,9 @@ tcp_new_ts_offset(struct in_conninfo *inc)
 #define ISN_BYTES_PER_SECOND 1048576
 #define ISN_STATIC_INCREMENT 4096
 #define ISN_RANDOM_INCREMENT (4096 - 1)
+#define ISN_SECRET_LENGTH    32
 
-VNET_DEFINE_STATIC(u_char, isn_secret[32]);
+VNET_DEFINE_STATIC(u_char, isn_secret[ISN_SECRET_LENGTH]);
 VNET_DEFINE_STATIC(int, isn_last);
 VNET_DEFINE_STATIC(int, isn_last_reseed);
 VNET_DEFINE_STATIC(u_int32_t, isn_offset);
@@ -2718,7 +2721,8 @@ tcp_new_isn(struct in_conninfo *inc)
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	new_isn = (tcp_seq)tcp_keyed_hash(inc, V_isn_secret);
+	new_isn = (tcp_seq)tcp_keyed_hash(inc, V_isn_secret,
+	    sizeof(V_isn_secret));
 	V_isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);
 	if (ticks != V_isn_last) {