summaryrefslogtreecommitdiffhomepage
path: root/device
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2021-10-28 13:34:21 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2021-10-28 13:34:21 +0200
commit60683d73614862ba93895bf8a5aebc1e97a4ec52 (patch)
tree61d905fc08ae93249d561c325b5d415d367b4f9f /device
parente42c6c4bc2d0d1e6b4f247b98cf4ead8a1b08a2e (diff)
device: timers: seed unsafe rng before use for jitter
Forgetting to seed the unsafe rng, the jitter before followed a fixed pattern, which didn't help when a fleet of computers all boot at once. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'device')
-rw-r--r--device/timers.go14
1 files changed, 11 insertions, 3 deletions
diff --git a/device/timers.go b/device/timers.go
index ee191e5..aa6f28a 100644
--- a/device/timers.go
+++ b/device/timers.go
@@ -8,12 +8,20 @@
package device
import (
- "math/rand"
+ "crypto/rand"
+ unsafeRand "math/rand"
"sync"
"sync/atomic"
"time"
+ "unsafe"
)
+func init() {
+ var seed int64
+ rand.Read(unsafe.Slice((*byte)(unsafe.Pointer(&seed)), unsafe.Sizeof(seed)))
+ unsafeRand.Seed(seed)
+}
+
// A Timer manages time-based aspects of the WireGuard protocol.
// Timer roughly copies the interface of the Linux kernel's struct timer_list.
type Timer struct {
@@ -144,7 +152,7 @@ func expiredPersistentKeepalive(peer *Peer) {
/* Should be called after an authenticated data packet is sent. */
func (peer *Peer) timersDataSent() {
if peer.timersActive() && !peer.timers.newHandshake.IsPending() {
- peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))
+ peer.timers.newHandshake.Mod(KeepaliveTimeout + RekeyTimeout + time.Millisecond*time.Duration(unsafeRand.Int63n(RekeyTimeoutJitterMaxMs)))
}
}
@@ -176,7 +184,7 @@ func (peer *Peer) timersAnyAuthenticatedPacketReceived() {
/* Should be called after a handshake initiation message is sent. */
func (peer *Peer) timersHandshakeInitiated() {
if peer.timersActive() {
- peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(rand.Int31n(RekeyTimeoutJitterMaxMs)))
+ peer.timers.retransmitHandshake.Mod(RekeyTimeout + time.Millisecond*time.Duration(unsafeRand.Int63n(RekeyTimeoutJitterMaxMs)))
}
}