aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/if_wg.c6
-rw-r--r--src/selftest/cookie.c2
-rw-r--r--src/wg_cookie.c16
-rw-r--r--src/wg_cookie.h2
-rw-r--r--src/wg_noise.c6
5 files changed, 31 insertions, 1 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index a6e19d65c5c2..73248a677f40 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -234,7 +234,6 @@ struct wg_peer {
};
struct wg_socket {
- struct mtx so_mtx;
struct socket *so_so4;
struct socket *so_so6;
uint32_t so_user_cookie;
@@ -483,6 +482,9 @@ wg_peer_free_deferred(struct noise_remote *r)
counter_u64_free(peer->p_tx_bytes);
counter_u64_free(peer->p_rx_bytes);
rw_destroy(&peer->p_endpoint_lock);
+ mtx_destroy(&peer->p_handshake_mtx);
+
+ cookie_maker_free(&peer->p_cookie);
free(peer, M_WG);
}
@@ -2891,6 +2893,8 @@ wg_clone_destroy(struct ifnet *ifp)
rn_detachhead((void **)&sc->sc_aip4);
rn_detachhead((void **)&sc->sc_aip6);
+ cookie_checker_free(&sc->sc_cookie);
+
if (cred != NULL)
crfree(cred);
if_detach(sc->sc_ifp);
diff --git a/src/selftest/cookie.c b/src/selftest/cookie.c
index 4076e4cea1ad..ab0de60dd426 100644
--- a/src/selftest/cookie.c
+++ b/src/selftest/cookie.c
@@ -292,6 +292,8 @@ cookie_mac_test(void)
T_PASSED;
ret = true;
cleanup:
+ cookie_checker_free(&checker);
+ cookie_maker_free(&maker);
return ret;
}
diff --git a/src/wg_cookie.c b/src/wg_cookie.c
index 6b90e3ab7898..34d0328d898f 100644
--- a/src/wg_cookie.c
+++ b/src/wg_cookie.c
@@ -111,6 +111,14 @@ cookie_checker_init(struct cookie_checker *cc)
}
void
+cookie_checker_free(struct cookie_checker *cc)
+{
+ rw_destroy(&cc->cc_key_lock);
+ rw_destroy(&cc->cc_secret_lock);
+ explicit_bzero(cc, sizeof(*cc));
+}
+
+void
cookie_checker_update(struct cookie_checker *cc,
const uint8_t key[COOKIE_INPUT_SIZE])
{
@@ -152,6 +160,13 @@ cookie_maker_init(struct cookie_maker *cm, const uint8_t key[COOKIE_INPUT_SIZE])
rw_init(&cm->cm_lock, "cookie_maker");
}
+void
+cookie_maker_free(struct cookie_maker *cm)
+{
+ rw_destroy(&cm->cm_lock);
+ explicit_bzero(cm, sizeof(*cm));
+}
+
int
cookie_maker_consume_payload(struct cookie_maker *cm,
uint8_t nonce[COOKIE_NONCE_SIZE], uint8_t ecookie[COOKIE_ENCRYPTED_SIZE])
@@ -340,6 +355,7 @@ ratelimit_deinit(struct ratelimit *rl)
callout_stop(&rl->rl_gc);
ratelimit_gc(rl, true);
rw_wunlock(&rl->rl_lock);
+ rw_destroy(&rl->rl_lock);
}
static void
diff --git a/src/wg_cookie.h b/src/wg_cookie.h
index 8e59c3229d2d..e971fa236353 100644
--- a/src/wg_cookie.h
+++ b/src/wg_cookie.h
@@ -53,12 +53,14 @@ struct cookie_checker {
int cookie_init(void);
void cookie_deinit(void);
void cookie_checker_init(struct cookie_checker *);
+void cookie_checker_free(struct cookie_checker *);
void cookie_checker_update(struct cookie_checker *,
const uint8_t[COOKIE_INPUT_SIZE]);
void cookie_checker_create_payload(struct cookie_checker *,
struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
+void cookie_maker_free(struct cookie_maker *);
int cookie_maker_consume_payload(struct cookie_maker *,
uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
diff --git a/src/wg_noise.c b/src/wg_noise.c
index 41f7f50cb119..35784bec6dff 100644
--- a/src/wg_noise.c
+++ b/src/wg_noise.c
@@ -220,6 +220,9 @@ noise_local_put(struct noise_local *l)
if (refcount_release(&l->l_refcnt)) {
if (l->l_cleanup != NULL)
l->l_cleanup(l);
+ rw_destroy(&l->l_identity_lock);
+ rw_destroy(&l->l_remote_lock);
+ rw_destroy(&l->l_index_lock);
explicit_bzero(l, sizeof(*l));
free(l, M_NOISE);
}
@@ -468,6 +471,8 @@ noise_remote_smr_free(struct epoch_context *smr)
if (r->r_cleanup != NULL)
r->r_cleanup(r);
noise_local_put(r->r_local);
+ rw_destroy(&r->r_handshake_lock);
+ rw_destroy(&r->r_keypair_lock);
explicit_bzero(r, sizeof(*r));
free(r, M_NOISE);
}
@@ -749,6 +754,7 @@ noise_keypair_smr_free(struct epoch_context *smr)
struct noise_keypair *kp;
kp = __containerof(smr, struct noise_keypair, kp_smr);
noise_remote_put(kp->kp_remote);
+ rw_destroy(&kp->kp_nonce_lock);
explicit_bzero(kp, sizeof(*kp));
free(kp, M_NOISE);
}