Re: [PATCH v1 1/3] random: Make crng state queryable
From: Theodore Y. Ts'o
Date: Thu Aug 02 2018 - 17:36:16 EST
On Tue, Jul 31, 2018 at 09:11:00PM +0200, Jason A. Donenfeld wrote:
> It is very useful to be able to know whether or not get_random_bytes_wait
> / wait_for_random_bytes is going to block or not, or whether plain
> get_random_bytes is going to return good randomness or bad randomness.
>
> The particular use case is for mitigating certain attacks in WireGuard.
> A handshake packet arrives and is queued up. Elsewhere a worker thread
> takes items from the queue and processes them. In replying to these
> items, it needs to use some random data, and it has to be good random
> data. If we simply block until we can have good randomness, then it's
> possible for an attacker to fill the queue up with packets waiting to be
> processed. Upon realizing the queue is full, WireGuard will detect that
> it's under a denial of service attack, and behave accordingly. A better
> approach is just to drop incoming handshake packets if the crng is not
> yet initialized.
>
> This patch, therefore, makes that information directly accessible.
>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
Applied to the random.git tree.
- Ted