random: wait for random bytes when generating nonces and ephemerals

We can let userspace configure wireguard interfaces before the RNG is
fully initialized, since what we mostly care about is having good
randomness for ephemerals and xchacha nonces. By deferring the wait to
actually asking for the randomness, we give a lot more opportunity for
gathering entropy. This won't cover entropy for hash table secrets or
cookie secrets (which rotate anyway), but those have far less
catastrophic failure modes, so ensuring good randomness for elliptic
curve points and nonces should be sufficient.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 0 insertions, 5 deletions

diff --git a/src/config.c b/src/config.c
index 286c874..d3b6611 100644
--- a/src/config.c
+++ b/src/config.c
@@ -8,7 +8,6 @@
 #include "hashtables.h"
 #include "peer.h"
 #include "uapi.h"
-#include <linux/random.h>
 
 static int set_device_port(struct wireguard_device *wg, u16 port)
 {
@@ -135,10 +134,6 @@ int config_set_device(struct wireguard_device *wg, void __user *user_device)
 	void __user *user_peer;
 	bool modified_static_identity = false;
 
-	/* It's important that the Linux RNG is fully seeded before we let the user
-	 * actually configure the device, so that we're assured to have good ephemerals. */
-	wait_for_random_bytes();
-
 	BUILD_BUG_ON(WG_KEY_LEN != NOISE_PUBLIC_KEY_LEN);
 	BUILD_BUG_ON(WG_KEY_LEN != NOISE_SYMMETRIC_KEY_LEN);