From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Theodore Y. Ts'o" Subject: Re: [PATCH v1 1/3] random: Make crng state queryable Date: Thu, 2 Aug 2018 17:35:59 -0400 Message-ID: <20180802213559.GA32066@thunk.org> References: <20180731191102.2434-1-Jason@zx2c4.com> <20180731191102.2434-2-Jason@zx2c4.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, davem@davemloft.net To: "Jason A. Donenfeld" Return-path: Content-Disposition: inline In-Reply-To: <20180731191102.2434-2-Jason@zx2c4.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Tue, Jul 31, 2018 at 09:11:00PM +0200, Jason A. Donenfeld wrote: > It is very useful to be able to know whether or not get_random_bytes_wait > / wait_for_random_bytes is going to block or not, or whether plain > get_random_bytes is going to return good randomness or bad randomness. > > The particular use case is for mitigating certain attacks in WireGuard. > A handshake packet arrives and is queued up. Elsewhere a worker thread > takes items from the queue and processes them. In replying to these > items, it needs to use some random data, and it has to be good random > data. If we simply block until we can have good randomness, then it's > possible for an attacker to fill the queue up with packets waiting to be > processed. Upon realizing the queue is full, WireGuard will detect that > it's under a denial of service attack, and behave accordingly. A better > approach is just to drop incoming handshake packets if the crng is not > yet initialized. > > This patch, therefore, makes that information directly accessible. > > Signed-off-by: Jason A. Donenfeld > Signed-off-by: Theodore Ts'o Applied to the random.git tree. - Ted