diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-07-31 22:11:00 +0300 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2018-08-03 00:33:06 +0300 |
commit | 9a47249d444d344051c7c0e909fad0e88515a5c2 (patch) | |
tree | 00b73a9ccce98c635da8eaed3b3c081c8a3cca4d /scripts/Makefile.ubsan | |
parent | b34fbaa9289328c7aec67d2b8b8b7d02bc61c67d (diff) | |
download | linux-9a47249d444d344051c7c0e909fad0e88515a5c2.tar.xz |
random: Make crng state queryable
It is very useful to be able to know whether or not get_random_bytes_wait
/ wait_for_random_bytes is going to block or not, or whether plain
get_random_bytes is going to return good randomness or bad randomness.
The particular use case is for mitigating certain attacks in WireGuard.
A handshake packet arrives and is queued up. Elsewhere a worker thread
takes items from the queue and processes them. In replying to these
items, it needs to use some random data, and it has to be good random
data. If we simply block until we can have good randomness, then it's
possible for an attacker to fill the queue up with packets waiting to be
processed. Upon realizing the queue is full, WireGuard will detect that
it's under a denial of service attack, and behave accordingly. A better
approach is just to drop incoming handshake packets if the crng is not
yet initialized.
This patch, therefore, makes that information directly accessible.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'scripts/Makefile.ubsan')
0 files changed, 0 insertions, 0 deletions