diff options
author | Matt Dunwoodie <ncon@noconroy.net> | 2021-04-20 10:28:17 +1000 |
---|---|---|
committer | Matt Dunwoodie <ncon@noconroy.net> | 2021-04-20 10:52:36 +1000 |
commit | a0261bb3935de89ba8a8218e83eefcc5f54b567b (patch) | |
tree | 1f0cc05ef2fd6b18e1b87a55107ed96100479be0 /src/if_wg.c | |
parent | wg_noise: use sbintime_t instead of timespec (diff) | |
download | wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.tar.xz wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.zip |
wg_noise: check keypair recvwith after nonce
Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
Diffstat (limited to 'src/if_wg.c')
-rw-r--r-- | src/if_wg.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/src/if_wg.c b/src/if_wg.c index a64403b..7b74348 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -1459,7 +1459,7 @@ wg_decrypt(struct wg_softc *sc, struct wg_packet *pkt) struct mbuf *m; struct ip *ip; struct ip6_hdr *ip6; - int res, len; + int len; peer = noise_keypair_remote_arg(pkt->p_keypair); m = pkt->p_mbuf; @@ -1470,15 +1470,8 @@ wg_decrypt(struct wg_softc *sc, struct wg_packet *pkt) m_adj(m, sizeof(struct wg_pkt_data)); pkt->p_nonce = le64toh(data.nonce); - res = noise_keypair_decrypt(pkt->p_keypair, pkt->p_nonce, m); - - if (__predict_false(res == EINVAL)) { + if (noise_keypair_decrypt(pkt->p_keypair, pkt->p_nonce, m) != 0) goto error; - } else if (__predict_false(res == ECONNRESET)) { - wg_timers_event_handshake_complete(peer); - } else if (__predict_false(res != 0)) { - panic("unexpected response: %d\n", res); - } /* A packet with length 0 is a keepalive packet */ if (__predict_false(m->m_pkthdr.len == 0)) { @@ -1631,6 +1624,9 @@ wg_deliver_in(struct wg_peer *peer) if (noise_keypair_nonce_check(pkt->p_keypair, pkt->p_nonce) != 0) goto error; + if (noise_keypair_received_with(pkt->p_keypair) == ECONNRESET) + wg_timers_event_handshake_complete(peer); + wg_timers_event_any_authenticated_packet_received(peer); wg_timers_event_any_authenticated_packet_traversal(peer); wg_peer_set_endpoint(peer, &pkt->p_endpoint); |