diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-18 20:51:39 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-06-18 20:51:39 +0200 |
| commit | cad9e5237e6a7bafbec8c9cfe43203cac79fbebf (patch) | |
| tree | 50fb56140c145134318b321788f1c40fca638369 | |
| parent | netlink: maintain static_identity lock over entire private key update (diff) | |
| download | wireguard-monolithic-historical-cad9e5237e6a7bafbec8c9cfe43203cac79fbebf.tar.xz wireguard-monolithic-historical-cad9e5237e6a7bafbec8c9cfe43203cac79fbebf.zip | |
noise: wait for crng before taking locks
Otherwise, get_random_bytes_wait gets called from
curve25519_generate_secret, and at the same time, a user might use the
wg(8) utility, which then wants to grab a read lock for what we're write
locking.
| -rw-r--r-- | src/noise.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/noise.c b/src/noise.c index b70504f..b3e5f8f 100644 --- a/src/noise.c +++ b/src/noise.c @@ -370,6 +370,11 @@ bool noise_handshake_create_initiation(struct message_handshake_initiation *dst, u8 key[NOISE_SYMMETRIC_KEY_LEN]; bool ret = false; + /* We need to wait for crng _before_ taking any locks, since curve25519_generate_secret + * uses get_random_bytes_wait. + */ + wait_for_random_bytes(); + down_read(&handshake->static_identity->lock); down_write(&handshake->lock); @@ -488,6 +493,11 @@ bool noise_handshake_create_response(struct message_handshake_response *dst, str bool ret = false; u8 key[NOISE_SYMMETRIC_KEY_LEN]; + /* We need to wait for crng _before_ taking any locks, since curve25519_generate_secret + * uses get_random_bytes_wait. + */ + wait_for_random_bytes(); + down_read(&handshake->static_identity->lock); down_write(&handshake->lock); |