summaryrefslogtreecommitdiffstats
path: root/src/wireguard.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-08-23 00:25:42 +1000
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-08-23 00:25:42 +1000
commit4191351cb6dbef61901ae409371522850d281e5a (patch)
tree5384f37617c9f7b455fc2358b5739ec0b4c284d2 /src/wireguard.h
parentAdd extra wg_session_confirm (diff)
downloadwireguard-openbsd-4191351cb6dbef61901ae409371522850d281e5a.tar.xz
wireguard-openbsd-4191351cb6dbef61901ae409371522850d281e5a.zip
Move session confirmation to transport decrypt
This avoids a difficult, but possible attack. We don't want to send packets to the peer before having verified they can send packets to us, when we are a responder.
Diffstat (limited to 'src/wireguard.h')
-rw-r--r--src/wireguard.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/wireguard.h b/src/wireguard.h
index c709b504af3..aaa5a95ead1 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -231,6 +231,7 @@ enum wg_error wg_session_encrypt(struct wg_session *, struct wg_msg_transport *,
enum wg_error wg_session_decrypt(struct wg_session *, struct wg_msg_transport *, size_t);
enum wg_error wg_session_from_handshake(struct wg_session *, struct wg_handshake *);
enum wg_error wg_session_confirm(struct wg_session *);
+enum wg_error wg_session_ready(struct wg_session *);
void wg_keypair_from_bytes(struct wg_keypair *, const uint8_t [WG_KEY_SIZE]);
void wg_keypair_generate(struct wg_keypair *);