diff options
author | 2015-12-18 10:55:51 +0000 | |
---|---|---|
committer | 2015-12-18 10:55:51 +0000 | |
commit | 586aba90b5fe425d6de4716f67ac7f719d7ff805 (patch) | |
tree | 8444fdd5cc68ecf72246c2844ca7c48980fa5800 | |
parent | Simplify return call of rand() and rand_r() to make it easier to read. (diff) | |
download | wireguard-openbsd-586aba90b5fe425d6de4716f67ac7f719d7ff805.tar.xz wireguard-openbsd-586aba90b5fe425d6de4716f67ac7f719d7ff805.zip |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining
ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller
than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
-rw-r--r-- | sys/netinet6/nd6.h | 4 | ||||
-rw-r--r-- | sys/netinet6/nd6_rtr.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index 0c0ca500b9f..01ea34736dd 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nd6.h,v 1.55 2015/11/06 11:20:56 mpi Exp $ */ +/* $OpenBSD: nd6.h,v 1.56 2015/12/18 10:55:51 tb Exp $ */ /* $KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $ */ /* @@ -119,7 +119,7 @@ struct in6_ndifreq { #define ND6_INFINITE_LIFETIME 0xffffffff /* constants for RFC 4941 autoconf privacy extension */ -#define ND6_PRIV_MAX_DESYNC_FACTOR 600 /* 10 minutes */ +#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */ #define ND6_PRIV_VALID_LIFETIME 604800 /* 1 week */ #define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */ diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index acaff81da84..d6167a1a1dc 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nd6_rtr.c,v 1.136 2015/12/03 21:57:59 mpi Exp $ */ +/* $OpenBSD: nd6_rtr.c,v 1.137 2015/12/18 10:55:51 tb Exp $ */ /* $KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $ */ /* @@ -1951,7 +1951,7 @@ in6_ifadd(struct nd_prefix *pr, int privacy) ifra.ifra_lifetime.ia6t_vltime = ND6_PRIV_VALID_LIFETIME; if (ifra.ifra_lifetime.ia6t_pltime > ND6_PRIV_PREFERRED_LIFETIME) ifra.ifra_lifetime.ia6t_pltime = ND6_PRIV_PREFERRED_LIFETIME - - (arc4random() % ND6_PRIV_MAX_DESYNC_FACTOR); + - arc4random_uniform(ND6_PRIV_MAX_DESYNC_FACTOR); } /* XXX: scope zone ID? */ |