diff options
| author | cheloha <cheloha@cvs.openbsd.org> | 2020-04-15 03:56:15 +0000 |
|---|---|---|
| committer | cheloha <cheloha@cvs.openbsd.org> | 2020-04-15 03:56:15 +0000 |
| commit | 8ed89a49eced343b2cae1dc9ff1330cf8d5a9fff (patch) | |
| tree | f9f65d042f78255748b8230d979ec0d60cf7d615 /sys | |
| parent | 3ccf6f5b3c4c0505269abe6369fa753f12b54e23 (diff) | |
idgen32(9): use time_uptime(9) for rekey timestamps, not time_second(9)
Timestamp contexts with a monotonic clock. time_second(9) can jump,
stretching or truncating our rekey interval. time_uptime(9) will not
jump around.
ok djm@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/crypto/idgen.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/crypto/idgen.c b/sys/crypto/idgen.c index f994f2a9851..8eba716beda 100644 --- a/sys/crypto/idgen.c +++ b/sys/crypto/idgen.c @@ -107,7 +107,7 @@ idgen32_rekey(struct idgen32_ctx *ctx) ctx->id32_hibit ^= 0x80000000; ctx->id32_offset = arc4random(); arc4random_buf(ctx->id32_key, sizeof(ctx->id32_key)); - ctx->id32_rekey_time = time_second + IDGEN32_REKEY_TIME; + ctx->id32_rekey_time = time_uptime + IDGEN32_REKEY_TIME; } void @@ -126,7 +126,7 @@ idgen32(struct idgen32_ctx *ctx) do { /* Rekey a little early to avoid "card counting" attack */ if (ctx->id32_counter > IDGEN32_REKEY_LIMIT || - ctx->id32_rekey_time < time_second) + ctx->id32_rekey_time < time_uptime) idgen32_rekey(ctx); ret = ctx->id32_hibit | idgen32_permute(ctx, (ctx->id32_offset + ctx->id32_counter++) & 0x7fffffff); |