diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-08-27 09:36:16 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-08-27 09:36:16 +0200 |
commit | 1a41e327bef444861324c2df86bd21f15aaf95c4 (patch) | |
tree | 51e722eebcd505c2bfd407d7d17a4090a8386456 /src | |
parent | 90a9e82ba613d39951c8b6fb66d149a06b5b2298 (diff) |
compat: backport kfree_sensitive and switch to it
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/compat/compat.h | 4 | ||||
-rw-r--r-- | src/noise.c | 4 | ||||
-rw-r--r-- | src/peer.c | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h index 99eeaef..4dff967 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -1067,6 +1067,10 @@ static const struct header_ops ip_tunnel_header_ops = { .parse_protocol = ip_tun #endif #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0) +#define kfree_sensitive(a) kzfree(a) +#endif + #if defined(ISUBUNTU1604) || defined(ISRHEL7) #include <linux/siphash.h> #ifndef _WG_LINUX_SIPHASH_H diff --git a/src/noise.c b/src/noise.c index 5fbe063..5cc0806 100644 --- a/src/noise.c +++ b/src/noise.c @@ -114,7 +114,7 @@ static struct noise_keypair *keypair_create(struct wg_peer *peer) static void keypair_free_rcu(struct rcu_head *rcu) { - kzfree(container_of(rcu, struct noise_keypair, rcu)); + kfree_sensitive(container_of(rcu, struct noise_keypair, rcu)); } static void keypair_free_kref(struct kref *kref) @@ -823,7 +823,7 @@ bool wg_noise_handshake_begin_session(struct noise_handshake *handshake, handshake->entry.peer->device->index_hashtable, &handshake->entry, &new_keypair->entry); } else { - kzfree(new_keypair); + kfree_sensitive(new_keypair); } rcu_read_unlock_bh(); @@ -203,7 +203,7 @@ static void rcu_release(struct rcu_head *rcu) /* The final zeroing takes care of clearing any remaining handshake key * material and other potentially sensitive information. */ - kzfree(peer); + kfree_sensitive(peer); } static void kref_release(struct kref *refcount) |