diff options
Diffstat (limited to 'target/linux/generic/backport-5.4/080-wireguard-0103-wireguard-noise-read-preshared-key-while-taking-lock.patch')
| -rw-r--r-- | target/linux/generic/backport-5.4/080-wireguard-0103-wireguard-noise-read-preshared-key-while-taking-lock.patch | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0103-wireguard-noise-read-preshared-key-while-taking-lock.patch b/target/linux/generic/backport-5.4/080-wireguard-0103-wireguard-noise-read-preshared-key-while-taking-lock.patch deleted file mode 100644 index 2dac4b7064..0000000000 --- a/target/linux/generic/backport-5.4/080-wireguard-0103-wireguard-noise-read-preshared-key-while-taking-lock.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" <Jason@zx2c4.com> -Date: Tue, 19 May 2020 22:49:28 -0600 -Subject: [PATCH] wireguard: noise: read preshared key while taking lock - -commit bc67d371256f5c47d824e2eec51e46c8d62d022e upstream. - -Prior we read the preshared key after dropping the handshake lock, which -isn't an actual crypto issue if it races, but it's still not quite -correct. So copy that part of the state into a temporary like we do with -the rest of the handshake state variables. Then we can release the lock, -operate on the temporary, and zero it out at the end of the function. In -performance tests, the impact of this was entirely unnoticable, probably -because those bytes are coming from the same cacheline as other things -that are being copied out in the same manner. - -Reported-by: Matt Dunwoodie <ncon@noconroy.net> -Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") -Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> -Signed-off-by: David S. Miller <davem@davemloft.net> -Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> ---- - drivers/net/wireguard/noise.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - ---- a/drivers/net/wireguard/noise.c -+++ b/drivers/net/wireguard/noise.c -@@ -715,6 +715,7 @@ wg_noise_handshake_consume_response(stru - u8 e[NOISE_PUBLIC_KEY_LEN]; - u8 ephemeral_private[NOISE_PUBLIC_KEY_LEN]; - u8 static_private[NOISE_PUBLIC_KEY_LEN]; -+ u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN]; - - down_read(&wg->static_identity.lock); - -@@ -733,6 +734,8 @@ wg_noise_handshake_consume_response(stru - memcpy(chaining_key, handshake->chaining_key, NOISE_HASH_LEN); - memcpy(ephemeral_private, handshake->ephemeral_private, - NOISE_PUBLIC_KEY_LEN); -+ memcpy(preshared_key, handshake->preshared_key, -+ NOISE_SYMMETRIC_KEY_LEN); - up_read(&handshake->lock); - - if (state != HANDSHAKE_CREATED_INITIATION) -@@ -750,7 +753,7 @@ wg_noise_handshake_consume_response(stru - goto fail; - - /* psk */ -- mix_psk(chaining_key, hash, key, handshake->preshared_key); -+ mix_psk(chaining_key, hash, key, preshared_key); - - /* {} */ - if (!message_decrypt(NULL, src->encrypted_nothing, -@@ -783,6 +786,7 @@ out: - memzero_explicit(chaining_key, NOISE_HASH_LEN); - memzero_explicit(ephemeral_private, NOISE_PUBLIC_KEY_LEN); - memzero_explicit(static_private, NOISE_PUBLIC_KEY_LEN); -+ memzero_explicit(preshared_key, NOISE_SYMMETRIC_KEY_LEN); - up_read(&wg->static_identity.lock); - return ret_peer; - } |