From 14b46145b769adb1903f48415659d69be3cf986e Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 22 Sep 2017 04:04:00 +0200
Subject: tools: use key_is_zero for comparing to zeros

Maybe an attacker on the system could use the infoleak in /proc to gauge
how long a wg(8) process takes to complete and determine the number of
leading zeros. This is somewhat ridiculous, but it's possible somebody
somewhere might at somepoint care in the future, so alright.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/config.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/config.c b/src/config.c
index af7d049..a4a6782 100644
--- a/src/config.c
+++ b/src/config.c
@@ -8,6 +8,7 @@
 #include "hashtables.h"
 #include "peer.h"
 #include "uapi.h"
+#include <crypto/algapi.h>
 
 static int set_device_port(struct wireguard_device *wg, u16 port)
 {
@@ -86,7 +87,7 @@ static int set_peer(struct wireguard_device *wg, void __user *user_peer, size_t
 		down_write(&peer->handshake.lock);
 		memset(&peer->handshake.preshared_key, 0, NOISE_SYMMETRIC_KEY_LEN);
 		up_write(&peer->handshake.lock);
-	} else if (memcmp(zeros, in_peer.preshared_key, WG_KEY_LEN)) {
+	} else if (crypto_memneq(zeros, in_peer.preshared_key, WG_KEY_LEN)) {
 		down_write(&peer->handshake.lock);
 		memcpy(&peer->handshake.preshared_key, in_peer.preshared_key, NOISE_SYMMETRIC_KEY_LEN);
 		up_write(&peer->handshake.lock);
@@ -165,7 +166,7 @@ int config_set_device(struct wireguard_device *wg, void __user *user_device)
 	if (in_device.flags & WGDEVICE_REMOVE_PRIVATE_KEY) {
 		noise_set_static_identity_private_key(&wg->static_identity, NULL);
 		modified_static_identity = true;
-	} else if (memcmp(zeros, in_device.private_key, WG_KEY_LEN)) {
+	} else if (crypto_memneq(zeros, in_device.private_key, WG_KEY_LEN)) {
 		u8 public_key[NOISE_PUBLIC_KEY_LEN] = { 0 };
 		struct wireguard_peer *peer;
 		/* We remove before setting, to prevent race, which means doing two 25519-genpub ops. */
-- 
cgit v1.2.3