diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-05 23:02:14 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-06-05 23:29:34 +0200 |
commit | 5158e2c0f4f93a3b1a9dbce39a8b011732a71141 (patch) | |
tree | 73e76c3adefbc03d7ba347c47f93ac89ff84cdd8 /src | |
parent | ci: test on 12.1 and 12.2 (diff) | |
download | wireguard-freebsd-5158e2c0f4f93a3b1a9dbce39a8b011732a71141.tar.xz wireguard-freebsd-5158e2c0f4f93a3b1a9dbce39a8b011732a71141.zip |
global: destroy rwlocks and mtxs
Before, most uses of rwlock and mtx never called the destroy method,
which might cause problems for witness.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/if_wg.c | 6 | ||||
-rw-r--r-- | src/selftest/cookie.c | 2 | ||||
-rw-r--r-- | src/wg_cookie.c | 16 | ||||
-rw-r--r-- | src/wg_cookie.h | 2 | ||||
-rw-r--r-- | src/wg_noise.c | 6 |
5 files changed, 31 insertions, 1 deletions
diff --git a/src/if_wg.c b/src/if_wg.c index a6e19d6..73248a6 100644 --- a/src/if_wg.c +++ b/src/if_wg.c @@ -234,7 +234,6 @@ struct wg_peer { }; struct wg_socket { - struct mtx so_mtx; struct socket *so_so4; struct socket *so_so6; uint32_t so_user_cookie; @@ -483,6 +482,9 @@ wg_peer_free_deferred(struct noise_remote *r) counter_u64_free(peer->p_tx_bytes); counter_u64_free(peer->p_rx_bytes); rw_destroy(&peer->p_endpoint_lock); + mtx_destroy(&peer->p_handshake_mtx); + + cookie_maker_free(&peer->p_cookie); free(peer, M_WG); } @@ -2891,6 +2893,8 @@ wg_clone_destroy(struct ifnet *ifp) rn_detachhead((void **)&sc->sc_aip4); rn_detachhead((void **)&sc->sc_aip6); + cookie_checker_free(&sc->sc_cookie); + if (cred != NULL) crfree(cred); if_detach(sc->sc_ifp); diff --git a/src/selftest/cookie.c b/src/selftest/cookie.c index 4076e4c..ab0de60 100644 --- a/src/selftest/cookie.c +++ b/src/selftest/cookie.c @@ -292,6 +292,8 @@ cookie_mac_test(void) T_PASSED; ret = true; cleanup: + cookie_checker_free(&checker); + cookie_maker_free(&maker); return ret; } diff --git a/src/wg_cookie.c b/src/wg_cookie.c index 6b90e3a..34d0328 100644 --- a/src/wg_cookie.c +++ b/src/wg_cookie.c @@ -111,6 +111,14 @@ cookie_checker_init(struct cookie_checker *cc) } void +cookie_checker_free(struct cookie_checker *cc) +{ + rw_destroy(&cc->cc_key_lock); + rw_destroy(&cc->cc_secret_lock); + explicit_bzero(cc, sizeof(*cc)); +} + +void cookie_checker_update(struct cookie_checker *cc, const uint8_t key[COOKIE_INPUT_SIZE]) { @@ -152,6 +160,13 @@ cookie_maker_init(struct cookie_maker *cm, const uint8_t key[COOKIE_INPUT_SIZE]) rw_init(&cm->cm_lock, "cookie_maker"); } +void +cookie_maker_free(struct cookie_maker *cm) +{ + rw_destroy(&cm->cm_lock); + explicit_bzero(cm, sizeof(*cm)); +} + int cookie_maker_consume_payload(struct cookie_maker *cm, uint8_t nonce[COOKIE_NONCE_SIZE], uint8_t ecookie[COOKIE_ENCRYPTED_SIZE]) @@ -340,6 +355,7 @@ ratelimit_deinit(struct ratelimit *rl) callout_stop(&rl->rl_gc); ratelimit_gc(rl, true); rw_wunlock(&rl->rl_lock); + rw_destroy(&rl->rl_lock); } static void diff --git a/src/wg_cookie.h b/src/wg_cookie.h index 8e59c32..e971fa2 100644 --- a/src/wg_cookie.h +++ b/src/wg_cookie.h @@ -53,12 +53,14 @@ struct cookie_checker { int cookie_init(void); void cookie_deinit(void); void cookie_checker_init(struct cookie_checker *); +void cookie_checker_free(struct cookie_checker *); void cookie_checker_update(struct cookie_checker *, const uint8_t[COOKIE_INPUT_SIZE]); void cookie_checker_create_payload(struct cookie_checker *, struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE], uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *); void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]); +void cookie_maker_free(struct cookie_maker *); int cookie_maker_consume_payload(struct cookie_maker *, uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]); void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, diff --git a/src/wg_noise.c b/src/wg_noise.c index 41f7f50..35784be 100644 --- a/src/wg_noise.c +++ b/src/wg_noise.c @@ -220,6 +220,9 @@ noise_local_put(struct noise_local *l) if (refcount_release(&l->l_refcnt)) { if (l->l_cleanup != NULL) l->l_cleanup(l); + rw_destroy(&l->l_identity_lock); + rw_destroy(&l->l_remote_lock); + rw_destroy(&l->l_index_lock); explicit_bzero(l, sizeof(*l)); free(l, M_NOISE); } @@ -468,6 +471,8 @@ noise_remote_smr_free(struct epoch_context *smr) if (r->r_cleanup != NULL) r->r_cleanup(r); noise_local_put(r->r_local); + rw_destroy(&r->r_handshake_lock); + rw_destroy(&r->r_keypair_lock); explicit_bzero(r, sizeof(*r)); free(r, M_NOISE); } @@ -749,6 +754,7 @@ noise_keypair_smr_free(struct epoch_context *smr) struct noise_keypair *kp; kp = __containerof(smr, struct noise_keypair, kp_smr); noise_remote_put(kp->kp_remote); + rw_destroy(&kp->kp_nonce_lock); explicit_bzero(kp, sizeof(*kp)); free(kp, M_NOISE); } |