diff options
author | John Baldwin <jhb@FreeBSD.org> | 2021-10-11 11:27:16 -0700 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-06-14 00:54:55 +0200 |
commit | a6354a1436fb19e96156fdaa9c71ebbe4ea3e45a (patch) | |
tree | 71bfb1bfb4d1ac02357f00ded160f1ad4881b3e4 /src/if_wg.c | |
parent | if_wg: wg_peer_alloc and wg_aip_add: Use M_WAITOK with malloc (diff) | |
download | wireguard-freebsd-a6354a1436fb19e96156fdaa9c71ebbe4ea3e45a.tar.xz wireguard-freebsd-a6354a1436fb19e96156fdaa9c71ebbe4ea3e45a.zip |
crypto: use OCF to encrypt/decrypt packets when supported
This requires the the recent changes in FreeBSD to support the
Chacha20-Poly1305 AEAD cipher with support for an 8 byte nonce (vs the
12 byte nonce used by TLS and IPsec).
Signed-off-by: John Baldwin <jhb@FreeBSD.org>
Diffstat (limited to '')
-rw-r--r-- | src/if_wg.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/if_wg.c b/src/if_wg.c index a368d15..ac824d7 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -2980,8 +2980,11 @@ wg_module_init(void) if ((wg_packet_zone = uma_zcreate("wg packet", sizeof(struct wg_packet), NULL, NULL, NULL, NULL, 0, 0)) == NULL) goto free_none; - if (cookie_init() != 0) + ret = crypto_init(); + if (ret != 0) goto free_zone; + if (cookie_init() != 0) + goto free_crypto; wg_osd_jail_slot = osd_jail_register(NULL, methods); @@ -2994,6 +2997,8 @@ wg_module_init(void) free_all: osd_jail_deregister(wg_osd_jail_slot); cookie_deinit(); +free_crypto: + crypto_deinit(); free_zone: uma_zdestroy(wg_packet_zone); free_none: @@ -3017,6 +3022,7 @@ wg_module_deinit(void) MPASS(LIST_EMPTY(&wg_list)); osd_jail_deregister(wg_osd_jail_slot); cookie_deinit(); + crypto_deinit(); uma_zdestroy(wg_packet_zone); } |