noise: wait for crng before taking locks

Otherwise, get_random_bytes_wait gets called from curve25519_generate_secret, and at the same time, a user might use the wg(8) utility, which then wants to grab a read lock for what we're write locking. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2018-06-18 20:51:39 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2018-06-18 20:51:39 +0200
commit: f9759e17543657e62bd2a487762f419ed6d2f907 (patch)
tree: 4e0a1f78869555d2332b2d3edbb063004313378f /src/noise.c
parent: a97ca1117db9b34dead340707ffde1c07b369a0c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/noise.c b/src/noise.c
index b70504f..b3e5f8f 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -370,6 +370,11 @@ bool noise_handshake_create_initiation(struct message_handshake_initiation *dst,
 	u8 key[NOISE_SYMMETRIC_KEY_LEN];
 	bool ret = false;
 
+	/* We need to wait for crng _before_ taking any locks, since curve25519_generate_secret
+	 * uses get_random_bytes_wait.
+	 */
+	wait_for_random_bytes();
+
 	down_read(&handshake->static_identity->lock);
 	down_write(&handshake->lock);
 
@@ -488,6 +493,11 @@ bool noise_handshake_create_response(struct message_handshake_response *dst, str
 	bool ret = false;
 	u8 key[NOISE_SYMMETRIC_KEY_LEN];
 
+	/* We need to wait for crng _before_ taking any locks, since curve25519_generate_secret
+	 * uses get_random_bytes_wait.
+	 */
+	wait_for_random_bytes();
+
 	down_read(&handshake->static_identity->lock);
 	down_write(&handshake->lock);
author	Jason A. Donenfeld <Jason@zx2c4.com>	2018-06-18 20:51:39 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2018-06-18 20:51:39 +0200
commit	f9759e17543657e62bd2a487762f419ed6d2f907 (patch)
tree	4e0a1f78869555d2332b2d3edbb063004313378f /src/noise.c
parent	a97ca1117db9b34dead340707ffde1c07b369a0c (diff)