diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-22 04:04:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-09-24 23:10:15 +0200 |
commit | 9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d (patch) | |
tree | 3dd4bd5755c51637e5852cd7f5addce5fd1f94dc /src/showconf.c | |
parent | contrib: add sticky sockets example code (diff) | |
download | wireguard-tools-9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d.tar.xz wireguard-tools-9ef84af8c0bc31d1e56d0a66a9ed909c1edfdd5d.zip |
wg: use key_is_zero for comparing to zeros
Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/showconf.c')
-rw-r--r-- | src/showconf.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/showconf.c b/src/showconf.c index 2453c86..09dc2ec 100644 --- a/src/showconf.c +++ b/src/showconf.c @@ -16,7 +16,6 @@ int showconf_main(int argc, char *argv[]) { - static const uint8_t zero[WG_KEY_LEN] = { 0 }; char base64[WG_KEY_LEN_BASE64]; char ip[INET6_ADDRSTRLEN]; struct wgdevice *device = NULL; @@ -46,7 +45,7 @@ int showconf_main(int argc, char *argv[]) printf("ListenPort = %u\n", device->port); if (device->fwmark) printf("FwMark = 0x%x\n", device->fwmark); - if (memcmp(device->private_key, zero, WG_KEY_LEN)) { + if (!key_is_zero(device->private_key)) { key_to_base64(base64, device->private_key); printf("PrivateKey = %s\n", base64); } @@ -54,7 +53,7 @@ int showconf_main(int argc, char *argv[]) for_each_wgpeer(device, peer, i) { key_to_base64(base64, peer->public_key); printf("[Peer]\nPublicKey = %s\n", base64); - if (memcmp(peer->preshared_key, zero, WG_KEY_LEN)) { + if (!key_is_zero(peer->preshared_key)) { key_to_base64(base64, peer->preshared_key); printf("PresharedKey = %s\n", base64); } |