From 6ddb4753c62fd08f4da71a5d1bd4222de492a331 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 22 Sep 2017 04:04:00 +0200
Subject: tools: use key_is_zero for comparing to zeros

Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
---
 src/tools/showconf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/tools/showconf.c')

diff --git a/src/tools/showconf.c b/src/tools/showconf.c
index 2453c86..09dc2ec 100644
--- a/src/tools/showconf.c
+++ b/src/tools/showconf.c
@@ -16,7 +16,6 @@
 
 int showconf_main(int argc, char *argv[])
 {
-	static const uint8_t zero[WG_KEY_LEN] = { 0 };
 	char base64[WG_KEY_LEN_BASE64];
 	char ip[INET6_ADDRSTRLEN];
 	struct wgdevice *device = NULL;
@@ -46,7 +45,7 @@ int showconf_main(int argc, char *argv[])
 		printf("ListenPort = %u\n", device->port);
 	if (device->fwmark)
 		printf("FwMark = 0x%x\n", device->fwmark);
-	if (memcmp(device->private_key, zero, WG_KEY_LEN)) {
+	if (!key_is_zero(device->private_key)) {
 		key_to_base64(base64, device->private_key);
 		printf("PrivateKey = %s\n", base64);
 	}
@@ -54,7 +53,7 @@ int showconf_main(int argc, char *argv[])
 	for_each_wgpeer(device, peer, i) {
 		key_to_base64(base64, peer->public_key);
 		printf("[Peer]\nPublicKey = %s\n", base64);
-		if (memcmp(peer->preshared_key, zero, WG_KEY_LEN)) {
+		if (!key_is_zero(peer->preshared_key)) {
 			key_to_base64(base64, peer->preshared_key);
 			printf("PresharedKey = %s\n", base64);
 		}
-- 
cgit v1.2.3-59-g8ed1b