diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 6ddb4753c62fd08f4da71a5d1bd4222de492a331 (patch) | |
tree | dcba7d7df5c810a4476fabdfb83e73a0205aba12 /src/tools/show.c | |
parent | config: do not reset device port (diff) | |
download | wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.tar.xz wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.zip |
tools: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Diffstat (limited to 'src/tools/show.c')
-rw-r--r-- | src/tools/show.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/tools/show.c b/src/tools/show.c index 4eb096f..6e5de96 100644 --- a/src/tools/show.c +++ b/src/tools/show.c @@ -75,12 +75,10 @@ static void sort_peers(struct wgdevice *device) free(new_device); } -static const uint8_t zero[WG_KEY_LEN] = { 0 }; - static char *key(const uint8_t key[static WG_KEY_LEN]) { static char base64[WG_KEY_LEN_BASE64]; - if (!memcmp(key, zero, WG_KEY_LEN)) + if (key_is_zero(key)) return "(none)"; key_to_base64(base64, key); return base64; @@ -212,9 +210,9 @@ static void pretty_print(struct wgdevice *device) terminal_printf(TERMINAL_RESET); terminal_printf(TERMINAL_FG_GREEN TERMINAL_BOLD "interface" TERMINAL_RESET ": " TERMINAL_FG_GREEN "%s" TERMINAL_RESET "\n", device->interface); - if (memcmp(device->public_key, zero, WG_KEY_LEN)) + if (!key_is_zero(device->public_key)) terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key)); - if (memcmp(device->private_key, zero, WG_KEY_LEN)) + if (!key_is_zero(device->private_key)) terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key)); if (device->port) terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->port); @@ -226,7 +224,7 @@ static void pretty_print(struct wgdevice *device) } for_each_wgpeer(device, peer, i) { terminal_printf(TERMINAL_FG_YELLOW TERMINAL_BOLD "peer" TERMINAL_RESET ": " TERMINAL_FG_YELLOW "%s" TERMINAL_RESET "\n", key(peer->public_key)); - if (memcmp(peer->preshared_key, zero, WG_KEY_LEN)) + if (!key_is_zero(peer->preshared_key)) terminal_printf(" " TERMINAL_BOLD "preshared key" TERMINAL_RESET ": %s\n", masked_key(peer->preshared_key)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) terminal_printf(" " TERMINAL_BOLD "endpoint" TERMINAL_RESET ": %s\n", endpoint(&peer->endpoint.addr)); |