Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use crypto/rand for random id generation. #1044

Merged
merged 3 commits into from Dec 11, 2019
Merged

Use crypto/rand for random id generation. #1044

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
400b5e3
Use crypto/rand for random id generation.
jsha Dec 5, 2019
4453355
Panic on rare crypto/rand error.
jsha Dec 8, 2019
a509d69
Fixes in response to review.
jsha Dec 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
52 changes: 10 additions & 42 deletions msg.go
View file
Open in desktop
Expand Up @@ -11,14 +11,12 @@ package dns
//go:generate go run msg_generate.go

import (
crand "crypto/rand"
"crypto/rand"
"encoding/binary"
"fmt"
"math/big"
"math/rand"
miekg marked this conversation as resolved.
Show resolved Hide resolved
"strconv"
"strings"
"sync"
)

const (
Expand Down Expand Up @@ -73,53 +71,23 @@ var (
ErrTime error = &Error{err: "bad time"} // ErrTime indicates a timing error in TSIG authentication.
)

// Id by default, returns a 16 bits random number to be used as a
// message id. The random provided should be good enough. This being a
// variable the function can be reassigned to a custom function.
// For instance, to make it return a static value:
// Id by default returns a 16-bit random number to be used as a message id. The
// number is drawn from a cryptographically secure random number generator.
// This being a variable the function can be reassigned to a custom function.
// For instance, to make it return a static value for testing:
//
// dns.Id = func() uint16 { return 3 }
var Id = id

var (
idLock sync.Mutex
idRand *rand.Rand
)

// id returns a 16 bits random number to be used as a
// message id. The random provided should be good enough.
func id() uint16 {
idLock.Lock()

if idRand == nil {
// This (partially) works around
// https://github.com/golang/go/issues/11833 by only
// seeding idRand upon the first call to id.

var seed int64
var buf [8]byte

if _, err := crand.Read(buf[:]); err == nil {
seed = int64(binary.LittleEndian.Uint64(buf[:]))
} else {
seed = rand.Int63()
}

idRand = rand.New(rand.NewSource(seed))
var output uint16
err := binary.Read(rand.Reader, binary.BigEndian, &output)
if err != nil {
panic("dns: reading random id failed: " + err.Error())
}

// The call to idRand.Uint32 must be within the
// mutex lock because *rand.Rand is not safe for
// concurrent use.
//
// There is no added performance overhead to calling
// idRand.Uint32 inside a mutex lock over just
// calling rand.Uint32 as the global math/rand rng
// is internally protected by a sync.Mutex.
id := uint16(idRand.Uint32())

idLock.Unlock()
return id
return output
}

// MsgHdr is a a manually-unpacked version of (id, bits).
Expand Down