diff options
| -rw-r--r-- | src/compat/compat.h | 10 | ||||
| -rw-r--r-- | src/config.c | 5 | ||||
| -rw-r--r-- | src/cookie.c | 2 | ||||
| -rw-r--r-- | src/crypto/curve25519.c | 2 |
4 files changed, 12 insertions, 7 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h index 68d62b9..6c1bfa3 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -265,6 +265,16 @@ static inline int wait_for_random_bytes(void) return 0; } #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +static inline int get_random_bytes_wait(void *buf, int nbytes) +{ + int ret = wait_for_random_bytes(); + if (unlikely(ret)) + return ret; + get_random_bytes(buf, nbytes); + return 0; +} +#endif /* https://lkml.org/lkml/2015/6/12/415 */ #include <linux/netdevice.h> diff --git a/src/config.c b/src/config.c index 286c874..d3b6611 100644 --- a/src/config.c +++ b/src/config.c @@ -8,7 +8,6 @@ #include "hashtables.h" #include "peer.h" #include "uapi.h" -#include <linux/random.h> static int set_device_port(struct wireguard_device *wg, u16 port) { @@ -135,10 +134,6 @@ int config_set_device(struct wireguard_device *wg, void __user *user_device) void __user *user_peer; bool modified_static_identity = false; - /* It's important that the Linux RNG is fully seeded before we let the user - * actually configure the device, so that we're assured to have good ephemerals. */ - wait_for_random_bytes(); - BUILD_BUG_ON(WG_KEY_LEN != NOISE_PUBLIC_KEY_LEN); BUILD_BUG_ON(WG_KEY_LEN != NOISE_SYMMETRIC_KEY_LEN); diff --git a/src/cookie.c b/src/cookie.c index 21b7c7b..ce22b53 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -161,7 +161,7 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff dst->header.type = cpu_to_le32(MESSAGE_HANDSHAKE_COOKIE); dst->receiver_index = index; - get_random_bytes(dst->nonce, COOKIE_NONCE_LEN); + get_random_bytes_wait(dst->nonce, COOKIE_NONCE_LEN); make_cookie(cookie, skb, checker); xchacha20poly1305_encrypt(dst->encrypted_cookie, cookie, COOKIE_LEN, macs->mac1, COOKIE_LEN, dst->nonce, checker->cookie_encryption_key); diff --git a/src/crypto/curve25519.c b/src/crypto/curve25519.c index f0e045e..119d41a 100644 --- a/src/crypto/curve25519.c +++ b/src/crypto/curve25519.c @@ -1545,7 +1545,7 @@ bool curve25519_generate_public(u8 pub[CURVE25519_POINT_SIZE], const u8 secret[C void curve25519_generate_secret(u8 secret[CURVE25519_POINT_SIZE]) { - get_random_bytes(secret, CURVE25519_POINT_SIZE); + get_random_bytes_wait(secret, CURVE25519_POINT_SIZE); normalize_secret(secret); } |