summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortb <tb@openbsd.org>2015-12-18 10:55:51 +0000
committertb <tb@openbsd.org>2015-12-18 10:55:51 +0000
commit586aba90b5fe425d6de4716f67ac7f719d7ff805 (patch)
tree8444fdd5cc68ecf72246c2844ca7c48980fa5800
parentSimplify return call of rand() and rand_r() to make it easier to read. (diff)
downloadwireguard-openbsd-586aba90b5fe425d6de4716f67ac7f719d7ff805.tar.xz
wireguard-openbsd-586aba90b5fe425d6de4716f67ac7f719d7ff805.zip
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@ ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
-rw-r--r--sys/netinet6/nd6.h4
-rw-r--r--sys/netinet6/nd6_rtr.c4
2 files changed, 4 insertions, 4 deletions
diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h
index 0c0ca500b9f..01ea34736dd 100644
--- a/sys/netinet6/nd6.h
+++ b/sys/netinet6/nd6.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: nd6.h,v 1.55 2015/11/06 11:20:56 mpi Exp $ */
+/* $OpenBSD: nd6.h,v 1.56 2015/12/18 10:55:51 tb Exp $ */
/* $KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $ */
/*
@@ -119,7 +119,7 @@ struct in6_ndifreq {
#define ND6_INFINITE_LIFETIME 0xffffffff
/* constants for RFC 4941 autoconf privacy extension */
-#define ND6_PRIV_MAX_DESYNC_FACTOR 600 /* 10 minutes */
+#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
#define ND6_PRIV_VALID_LIFETIME 604800 /* 1 week */
#define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index acaff81da84..d6167a1a1dc 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nd6_rtr.c,v 1.136 2015/12/03 21:57:59 mpi Exp $ */
+/* $OpenBSD: nd6_rtr.c,v 1.137 2015/12/18 10:55:51 tb Exp $ */
/* $KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $ */
/*
@@ -1951,7 +1951,7 @@ in6_ifadd(struct nd_prefix *pr, int privacy)
ifra.ifra_lifetime.ia6t_vltime = ND6_PRIV_VALID_LIFETIME;
if (ifra.ifra_lifetime.ia6t_pltime > ND6_PRIV_PREFERRED_LIFETIME)
ifra.ifra_lifetime.ia6t_pltime = ND6_PRIV_PREFERRED_LIFETIME
- - (arc4random() % ND6_PRIV_MAX_DESYNC_FACTOR);
+ - arc4random_uniform(ND6_PRIV_MAX_DESYNC_FACTOR);
}
/* XXX: scope zone ID? */