| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Jun 2015 08:45:29 -0700 From: Christoph Paasch <cpaasch@...le.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Hannes Frederic Sowa <hannes@...essinduktion.org>, netdev@...r.kernel.org, David Miller <davem@...emloft.net> Subject: Re: [PATCH net] Revert "tcp: switch tcp_fastopen key generation to net_get_random_once" On 18/06/15 - 04:14:13, Eric Dumazet wrote: > On Thu, 2015-06-18 at 11:32 +0200, Hannes Frederic Sowa wrote: > > > There does not seem to be a better way to handle this. We could try > > > to make the call to kmalloc and crypto_alloc_cipher during bootup, and > > > then generate the random value only on-the-fly (when the first TFO-SYN > > > comes in) with net_get_random_once in order to have the better entropy > > > that comes with doing the late initialisation of the random value. But > > > that's probably net-next material. > > > > can't we simply move the net_get_random_once to the TCP_FASTOPEN setsockopt and > > sendmsg(MSG_FASTOPEN) path, so those allocations still happen in process context > > but we still defer the extraction of entropy as long as posible? > > Yes, I do not think this would be hard. This bug is old (3.13) and does > not seem very urgent to expedite a revert. True, it would be simpler to call tcp_fastopen_init_key_once to the setsocketopt() and inet_listen(). I will resubmit. Christoph -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists