diff --git a/conn/bind_std.go b/conn/bind_std.go
index f5c88160e..31b401aba 100644
--- a/conn/bind_std.go
+++ b/conn/bind_std.go
@@ -241,7 +241,7 @@ func (s *StdNetBind) receiveIP(
 	if runtime.GOOS == "linux" || runtime.GOOS == "android" {
 		if rxOffload {
 			readAt := len(*msgs) - (IdealBatchSize / udpSegmentMaxDatagrams)
-			numMsgs, err = br.ReadBatch((*msgs)[readAt:], 0)
+			_, err = br.ReadBatch((*msgs)[readAt:], 0)
 			if err != nil {
 				return 0, err
 			}
diff --git a/conn/bind_std_test.go b/conn/bind_std_test.go
index 34a3c9acf..85716234b 100644
--- a/conn/bind_std_test.go
+++ b/conn/bind_std_test.go
@@ -42,7 +42,7 @@ func Test_coalesceMessages(t *testing.T) {
 		{
 			name: "one message no coalesce",
 			buffs: [][]byte{
-				make([]byte, 1, 1),
+				make([]byte, 1),
 			},
 			wantLens: []int{1},
 			wantGSO:  []int{0},
@@ -51,7 +51,7 @@ func Test_coalesceMessages(t *testing.T) {
 			name: "two messages equal len coalesce",
 			buffs: [][]byte{
 				make([]byte, 1, 2),
-				make([]byte, 1, 1),
+				make([]byte, 1),
 			},
 			wantLens: []int{2},
 			wantGSO:  []int{1},
@@ -60,7 +60,7 @@ func Test_coalesceMessages(t *testing.T) {
 			name: "two messages unequal len coalesce",
 			buffs: [][]byte{
 				make([]byte, 2, 3),
-				make([]byte, 1, 1),
+				make([]byte, 1),
 			},
 			wantLens: []int{3},
 			wantGSO:  []int{2},
@@ -69,8 +69,8 @@ func Test_coalesceMessages(t *testing.T) {
 			name: "three messages second unequal len coalesce",
 			buffs: [][]byte{
 				make([]byte, 2, 3),
-				make([]byte, 1, 1),
-				make([]byte, 2, 2),
+				make([]byte, 1),
+				make([]byte, 2),
 			},
 			wantLens: []int{3, 2},
 			wantGSO:  []int{2, 0},
@@ -79,8 +79,8 @@ func Test_coalesceMessages(t *testing.T) {
 			name: "three messages limited cap coalesce",
 			buffs: [][]byte{
 				make([]byte, 2, 4),
-				make([]byte, 2, 2),
-				make([]byte, 2, 2),
+				make([]byte, 2),
+				make([]byte, 2),
 			},
 			wantLens: []int{4, 2},
 			wantGSO:  []int{2, 0},
diff --git a/device/device_test.go b/device/device_test.go
index 0091e2052..7ed38bbcc 100644
--- a/device/device_test.go
+++ b/device/device_test.go
@@ -7,10 +7,11 @@ package device
 
 import (
 	"bytes"
+	"crypto/rand"
 	"encoding/hex"
 	"fmt"
 	"io"
-	"math/rand"
+	mrand "math/rand/v2"
 	"net/netip"
 	"os"
 	"runtime"
@@ -224,11 +225,11 @@ func TestUpDown(t *testing.T) {
 					if err := d.Up(); err != nil {
 						t.Errorf("failed up bring up device: %v", err)
 					}
-					time.Sleep(time.Duration(rand.Intn(int(time.Nanosecond * (0x10000 - 1)))))
+					time.Sleep(mrand.N(time.Nanosecond * (0x10000 - 1)))
 					if err := d.Down(); err != nil {
 						t.Errorf("failed to bring down device: %v", err)
 					}
-					time.Sleep(time.Duration(rand.Intn(int(time.Nanosecond * (0x10000 - 1)))))
+					time.Sleep(mrand.N(time.Nanosecond * (0x10000 - 1)))
 				}
 			}(pair[i].dev)
 		}
diff --git a/device/endpoint_test.go b/device/endpoint_test.go
index 85482d869..e0fb449ae 100644
--- a/device/endpoint_test.go
+++ b/device/endpoint_test.go
@@ -6,7 +6,7 @@
 package device
 
 import (
-	"math/rand"
+	"crypto/rand"
 	"net/netip"
 )
 
diff --git a/device/noise-helpers.go b/device/noise-helpers.go
index 35dd9077c..a1fc28294 100644
--- a/device/noise-helpers.go
+++ b/device/noise-helpers.go
@@ -98,11 +98,10 @@ func (sk *NoisePrivateKey) publicKey() (pk NoisePublicKey) {
 var errInvalidPublicKey = errors.New("invalid public key")
 
 func (sk *NoisePrivateKey) sharedSecret(pk NoisePublicKey) (ss [NoisePublicKeySize]byte, err error) {
-	apk := (*[NoisePublicKeySize]byte)(&pk)
-	ask := (*[NoisePrivateKeySize]byte)(sk)
-	curve25519.ScalarMult(&ss, ask, apk)
-	if isZero(ss[:]) {
+	p, err := curve25519.X25519(sk[:], pk[:])
+	if err != nil {
 		return ss, errInvalidPublicKey
 	}
+	copy(ss[:], p)
 	return ss, nil
 }
diff --git a/device/noise-protocol.go b/device/noise-protocol.go
index 5cf1702b6..0ff5b5f0d 100644
--- a/device/noise-protocol.go
+++ b/device/noise-protocol.go
@@ -14,7 +14,6 @@ import (
 
 	"golang.org/x/crypto/blake2s"
 	"golang.org/x/crypto/chacha20poly1305"
-	"golang.org/x/crypto/poly1305"
 
 	"golang.zx2c4.com/wireguard/tai64n"
 )
@@ -61,13 +60,13 @@ const (
 )
 
 const (
-	MessageInitiationSize      = 148                                           // size of handshake initiation message
-	MessageResponseSize        = 92                                            // size of response message
-	MessageCookieReplySize     = 64                                            // size of cookie reply message
-	MessageTransportHeaderSize = 16                                            // size of data preceding content in transport message
-	MessageTransportSize       = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport
-	MessageKeepaliveSize       = MessageTransportSize                          // size of keepalive
-	MessageHandshakeSize       = MessageInitiationSize                         // size of largest handshake related message
+	MessageInitiationSize      = 148                                                    // size of handshake initiation message
+	MessageResponseSize        = 92                                                     // size of response message
+	MessageCookieReplySize     = 64                                                     // size of cookie reply message
+	MessageTransportHeaderSize = 16                                                     // size of data preceding content in transport message
+	MessageTransportSize       = MessageTransportHeaderSize + chacha20poly1305.Overhead // size of empty transport
+	MessageKeepaliveSize       = MessageTransportSize                                   // size of keepalive
+	MessageHandshakeSize       = MessageInitiationSize                                  // size of largest handshake related message
 )
 
 const (
@@ -86,8 +85,8 @@ type MessageInitiation struct {
 	Type      uint32
 	Sender    uint32
 	Ephemeral NoisePublicKey
-	Static    [NoisePublicKeySize + poly1305.TagSize]byte
-	Timestamp [tai64n.TimestampSize + poly1305.TagSize]byte
+	Static    [NoisePublicKeySize + chacha20poly1305.Overhead]byte
+	Timestamp [tai64n.TimestampSize + chacha20poly1305.Overhead]byte
 	MAC1      [blake2s.Size128]byte
 	MAC2      [blake2s.Size128]byte
 }
@@ -97,7 +96,7 @@ type MessageResponse struct {
 	Sender    uint32
 	Receiver  uint32
 	Ephemeral NoisePublicKey
-	Empty     [poly1305.TagSize]byte
+	Empty     [chacha20poly1305.Overhead]byte
 	MAC1      [blake2s.Size128]byte
 	MAC2      [blake2s.Size128]byte
 }
@@ -113,7 +112,7 @@ type MessageCookieReply struct {
 	Type     uint32
 	Receiver uint32
 	Nonce    [chacha20poly1305.NonceSizeX]byte
-	Cookie   [blake2s.Size128 + poly1305.TagSize]byte
+	Cookie   [blake2s.Size128 + chacha20poly1305.Overhead]byte
 }
 
 var errMessageLengthMismatch = errors.New("message length mismatch")
diff --git a/device/receive.go b/device/receive.go
index 13929577e..b4caa2c73 100644
--- a/device/receive.go
+++ b/device/receive.go
@@ -113,7 +113,7 @@ func (device *Device) RoutineReceiveIncoming(maxBatchSize int, recv conn.Receive
 				return
 			}
 			device.log.Verbosef("Failed to receive %s packet: %v", recvName, err)
-			if neterr, ok := err.(net.Error); ok && !neterr.Temporary() {
+			if neterr, ok := err.(net.Error); ok && !neterr.Timeout() {
 				return
 			}
 			if deathSpiral < 10 {
diff --git a/tun/tun_darwin.go b/tun/tun_darwin.go
index 341afe3c5..37aedbe88 100644
--- a/tun/tun_darwin.go
+++ b/tun/tun_darwin.go
@@ -87,7 +87,7 @@ func CreateTUN(name string, mtu int) (Device, error) {
 	if name != "utun" {
 		_, err := fmt.Sscanf(name, "utun%d", &ifIndex)
 		if err != nil || ifIndex < 0 {
-			return nil, fmt.Errorf("Interface name must be utun[0-9]*")
+			return nil, fmt.Errorf("interface name must be utun[0-9]*")
 		}
 	}