aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorLubomir Rintel <lkundrak@v3.sk>2017-09-18 12:58:07 (GMT)
committerJouni Malinen <j@w1.fi>2019-01-01 23:24:18 (GMT)
commit89a7cdd690b48a0c56380cf4609442ed13527f44 (patch)
treea4c9f2c6c66bb6429bf4122f7ad0fbcf68000db9 /hostapd
parent2a54979695597f362bd5cfcccb77dfb99b61ed9e (diff)
downloadhostap-89a7cdd690b48a0c56380cf4609442ed13527f44.zip
hostap-89a7cdd690b48a0c56380cf4609442ed13527f44.tar.gz
hostap-89a7cdd690b48a0c56380cf4609442ed13527f44.tar.bz2
crypto: Add option to use getrandom()
According to random(4) manual, /dev/random is essentially deprecated on Linux for quite some time: "The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized." An attempt to use it would cause unnecessary blocking on machines without a good hwrng even when it shouldn't be needed. Since Linux 3.17, a getrandom(2) call is available that will block only until the randomness pool has been seeded. It is probably not a good default yet as it requires a fairly recent kernel and glibc (3.17 and 2.25 respectively). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/Makefile3
-rw-r--r--hostapd/defconfig5
2 files changed, 8 insertions, 0 deletions
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 5fa174b..dd3816e 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -1101,6 +1101,9 @@ endif
ifdef CONFIG_NO_RANDOM_POOL
CFLAGS += -DCONFIG_NO_RANDOM_POOL
else
+ifdef CONFIG_GETRANDOM
+CFLAGS += -DCONFIG_GETRANDOM
+endif
OBJS += ../src/crypto/random.o
HOBJS += ../src/crypto/random.o
HOBJS += ../src/utils/eloop.o
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 58e525d..aeac13a 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -252,6 +252,11 @@ CONFIG_IPV6=y
# requirements described above.
#CONFIG_NO_RANDOM_POOL=y
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+#CONFIG_GETRANDOM=y
+
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y