diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 6ddb4753c62fd08f4da71a5d1bd4222de492a331 (patch) | |
tree | dcba7d7df5c810a4476fabdfb83e73a0205aba12 /src/tools/config.c | |
parent | config: do not reset device port (diff) | |
download | wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.tar.xz wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.zip |
tools: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Diffstat (limited to 'src/tools/config.c')
-rw-r--r-- | src/tools/config.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/src/tools/config.c b/src/tools/config.c index 2f61d5b..af74bda 100644 --- a/src/tools/config.c +++ b/src/tools/config.c @@ -387,17 +387,11 @@ bool config_read_init(struct config_ctx *ctx, struct wgdevice **device, bool app return true; } -static inline bool key_is_valid(uint8_t key[WG_KEY_LEN]) -{ - static const uint8_t zero[WG_KEY_LEN] = { 0 }; - return !!memcmp(key, zero, WG_KEY_LEN); -} - bool config_read_finish(struct config_ctx *ctx) { size_t i; struct wgpeer *peer; - if (ctx->buf.dev->flags & WGDEVICE_REPLACE_PEERS && !key_is_valid(ctx->buf.dev->private_key)) { + if (ctx->buf.dev->flags & WGDEVICE_REPLACE_PEERS && key_is_zero(ctx->buf.dev->private_key)) { fprintf(stderr, "No private key configured\n"); goto err; } @@ -405,7 +399,7 @@ bool config_read_finish(struct config_ctx *ctx) ctx->buf.dev->flags |= WGDEVICE_REMOVE_FWMARK; for_each_wgpeer(ctx->buf.dev, peer, i) { - if (!key_is_valid(peer->public_key)) { + if (key_is_zero(peer->public_key)) { fprintf(stderr, "A peer is missing a public key\n"); goto err; } |