From 83c06904bcfa89feb798b601f0de6082c32d83be Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 18 Jun 2018 20:44:32 +0200
Subject: netlink: maintain static_identity lock over entire private key update

We don't want the local private key to not correspond with a precomputed
ss or precomputed cookie hash at any intermediate point.
---
 src/cookie.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/cookie.c')

diff --git a/src/cookie.c b/src/cookie.c
index c1e184c..41f6ddb 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -37,9 +37,9 @@ static void precompute_key(u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 pubkey[NOIS
 	blake2s_final(&blake, key, NOISE_SYMMETRIC_KEY_LEN);
 }
 
+/* Must hold peer->handshake.static_identity->lock */
 void cookie_checker_precompute_device_keys(struct cookie_checker *checker)
 {
-	down_read(&checker->device->static_identity.lock);
 	if (likely(checker->device->static_identity.has_identity)) {
 		precompute_key(checker->cookie_encryption_key, checker->device->static_identity.static_public, cookie_key_label);
 		precompute_key(checker->message_mac1_key, checker->device->static_identity.static_public, mac1_key_label);
@@ -47,7 +47,6 @@ void cookie_checker_precompute_device_keys(struct cookie_checker *checker)
 		memset(checker->cookie_encryption_key, 0, NOISE_SYMMETRIC_KEY_LEN);
 		memset(checker->message_mac1_key, 0, NOISE_SYMMETRIC_KEY_LEN);
 	}
-	up_read(&checker->device->static_identity.lock);
 }
 
 void cookie_checker_precompute_peer_keys(struct wireguard_peer *peer)
-- 
cgit v1.2.3-59-g8ed1b