From 0d0681304d9a91970ea06ffce9bf98cc5e2db811 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 12 Jun 2017 16:32:59 +0200 Subject: random: wait for random bytes when generating nonces and ephemerals We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient. Signed-off-by: Jason A. Donenfeld --- src/compat/compat.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/compat') diff --git a/src/compat/compat.h b/src/compat/compat.h index 68d62b9..6c1bfa3 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -265,6 +265,16 @@ static inline int wait_for_random_bytes(void) return 0; } #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +static inline int get_random_bytes_wait(void *buf, int nbytes) +{ + int ret = wait_for_random_bytes(); + if (unlikely(ret)) + return ret; + get_random_bytes(buf, nbytes); + return 0; +} +#endif /* https://lkml.org/lkml/2015/6/12/415 */ #include -- cgit v1.2.3