| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1434626053.27504.206.camel@edumazet-glaptop2.roam.corp.google.com> Date: Thu, 18 Jun 2015 04:14:13 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org> Cc: Christoph Paasch <cpaasch@...le.com>, netdev@...r.kernel.org, David Miller <davem@...emloft.net> Subject: Re: [PATCH net] Revert "tcp: switch tcp_fastopen key generation to net_get_random_once" On Thu, 2015-06-18 at 11:32 +0200, Hannes Frederic Sowa wrote: > Hello Christoph, > > There does not seem to be a better way to handle this. We could try > > to make the call to kmalloc and crypto_alloc_cipher during bootup, and > > then generate the random value only on-the-fly (when the first TFO-SYN > > comes in) with net_get_random_once in order to have the better entropy > > that comes with doing the late initialisation of the random value. But > > that's probably net-next material. > > can't we simply move the net_get_random_once to the TCP_FASTOPEN setsockopt and > sendmsg(MSG_FASTOPEN) path, so those allocations still happen in process context > but we still defer the extraction of entropy as long as posible? Yes, I do not think this would be hard. This bug is old (3.13) and does not seem very urgent to expedite a revert. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists