Pārlūkot izejas kodu

[linux] Avoid starting currticks() from zero every time

iPXE uses currticks() (along with the MAC address(es) of any network
devices) to seed the (non-cryptographic) random number generator.  The
current implementation of linux_currticks() ensures that the first
call to currticks() will always return zero; this results in identical
random number sequences on each run of iPXE on a given machine.  This
can cause odd-looking behaviour due to e.g. the reuse of local TCP
port numbers.

Fix by effectively rounding down the start time recorded by
linux_currticks() to the nearest whole second; this makes it unlikely
that consecutive runs of iPXE will use the exact same RNG sequence.

(Note that none of this affects the cryptographic RNG, which uses
/dev/random as a source of entropy.)

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 gadus atpakaļ
vecāks
revīzija
08f9170ba4
1 mainītis faili ar 7 papildinājumiem un 1 dzēšanām
  1. 7
    1
      src/interface/linux/linux_timer.c

+ 7
- 1
src/interface/linux/linux_timer.c Parādīt failu

@@ -55,6 +55,12 @@ static unsigned long linux_ticks_per_sec(void)
55 55
  * linux doesn't provide an easy access to jiffies so implement it by measuring
56 56
  * the time since the first call to this function.
57 57
  *
58
+ * Since this function is used to seed the (non-cryptographic) random
59
+ * number generator, we round the start time down to the nearest whole
60
+ * second.  This minimises the chances of generating identical RNG
61
+ * sequences (and hence identical TCP port numbers, etc) on
62
+ * consecutive invocations of iPXE.
63
+ *
58 64
  * @ret ticks		Current time, in ticks
59 65
  */
60 66
 static unsigned long linux_currticks(void)
@@ -71,7 +77,7 @@ static unsigned long linux_currticks(void)
71 77
 	linux_gettimeofday(&now, NULL);
72 78
 
73 79
 	unsigned long ticks = (now.tv_sec - start.tv_sec) * linux_ticks_per_sec();
74
-	ticks += (now.tv_usec - start.tv_usec) / (long)(1000000 / linux_ticks_per_sec());
80
+	ticks += now.tv_usec / (long)(1000000 / linux_ticks_per_sec());
75 81
 
76 82
 	return ticks;
77 83
 }

Notiek ielāde…
Atcelt
Saglabāt