diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 6ddb4753c62fd08f4da71a5d1bd4222de492a331 (patch) | |
tree | dcba7d7df5c810a4476fabdfb83e73a0205aba12 /src/tools/showconf.c | |
parent | config: do not reset device port (diff) | |
download | wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.tar.xz wireguard-monolithic-historical-6ddb4753c62fd08f4da71a5d1bd4222de492a331.zip |
tools: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Diffstat (limited to 'src/tools/showconf.c')
-rw-r--r-- | src/tools/showconf.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tools/showconf.c b/src/tools/showconf.c index 2453c86..09dc2ec 100644 --- a/src/tools/showconf.c +++ b/src/tools/showconf.c @@ -16,7 +16,6 @@ int showconf_main(int argc, char *argv[]) { - static const uint8_t zero[WG_KEY_LEN] = { 0 }; char base64[WG_KEY_LEN_BASE64]; char ip[INET6_ADDRSTRLEN]; struct wgdevice *device = NULL; @@ -46,7 +45,7 @@ int showconf_main(int argc, char *argv[]) printf("ListenPort = %u\n", device->port); if (device->fwmark) printf("FwMark = 0x%x\n", device->fwmark); - if (memcmp(device->private_key, zero, WG_KEY_LEN)) { + if (!key_is_zero(device->private_key)) { key_to_base64(base64, device->private_key); printf("PrivateKey = %s\n", base64); } @@ -54,7 +53,7 @@ int showconf_main(int argc, char *argv[]) for_each_wgpeer(device, peer, i) { key_to_base64(base64, peer->public_key); printf("[Peer]\nPublicKey = %s\n", base64); - if (memcmp(peer->preshared_key, zero, WG_KEY_LEN)) { + if (!key_is_zero(peer->preshared_key)) { key_to_base64(base64, peer->preshared_key); printf("PresharedKey = %s\n", base64); } |