Stop generating private keys in a network buffer. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2015-09-13 12:52:07 +0000
committer	jsing <jsing@openbsd.org>	2015-09-13 12:52:07 +0000
commit	d7c816cd2107da84eba35a384f67745a9ecc33a8 (patch)
tree	8a6ab7b4dfdb938322b9355ae3c3fe4b601d5728 /sys/kern/subr_disk.c
parent	The number of rounds is just two digits in the salt. We've already (diff)
download	wireguard-openbsd-d7c816cd2107da84eba35a384f67745a9ecc33a8.tar.xz wireguard-openbsd-d7c816cd2107da84eba35a384f67745a9ecc33a8.zip

Stop generating private keys in a network buffer.

The current client key exchange code generates DH and ECDH keys into the same buffer that we use to send data to the network - stop doing this and malloc() a new buffer, which we explicit_bzero() and free() on return. This also benefits from ASLR and means that the keys are no longer generated in a well known location. ok beck@

Diffstat (limited to 'sys/kern/subr_disk.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: