[linux] Avoid starting currticks() from zero every time
iPXE uses currticks() (along with the MAC address(es) of any network devices) to seed the (non-cryptographic) random number generator. The current implementation of linux_currticks() ensures that the first call to currticks() will always return zero; this results in identical random number sequences on each run of iPXE on a given machine. This can cause odd-looking behaviour due to e.g. the reuse of local TCP port numbers. Fix by effectively rounding down the start time recorded by linux_currticks() to the nearest whole second; this makes it unlikely that consecutive runs of iPXE will use the exact same RNG sequence. (Note that none of this affects the cryptographic RNG, which uses /dev/random as a source of entropy.) Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
859664ea2a
commit
08f9170ba4
|
@ -55,6 +55,12 @@ static unsigned long linux_ticks_per_sec(void)
|
|||
* linux doesn't provide an easy access to jiffies so implement it by measuring
|
||||
* the time since the first call to this function.
|
||||
*
|
||||
* Since this function is used to seed the (non-cryptographic) random
|
||||
* number generator, we round the start time down to the nearest whole
|
||||
* second. This minimises the chances of generating identical RNG
|
||||
* sequences (and hence identical TCP port numbers, etc) on
|
||||
* consecutive invocations of iPXE.
|
||||
*
|
||||
* @ret ticks Current time, in ticks
|
||||
*/
|
||||
static unsigned long linux_currticks(void)
|
||||
|
@ -71,7 +77,7 @@ static unsigned long linux_currticks(void)
|
|||
linux_gettimeofday(&now, NULL);
|
||||
|
||||
unsigned long ticks = (now.tv_sec - start.tv_sec) * linux_ticks_per_sec();
|
||||
ticks += (now.tv_usec - start.tv_usec) / (long)(1000000 / linux_ticks_per_sec());
|
||||
ticks += now.tv_usec / (long)(1000000 / linux_ticks_per_sec());
|
||||
|
||||
return ticks;
|
||||
}
|
||||
|
|
Reference in New Issue