diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2021-03-21 18:14:00 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2021-03-21 18:14:00 +0000 |
| commit | 476899496960ee25fc0163659937acb6dfe27c56 (patch) | |
| tree | a97ebf1caed2fee86b24dea45bb610b2e6cccd7c | |
| parent | fa1d3241de5c466a803cd0b64f5458154b281fbd (diff) | |
wg(4): fix race between tx/rx handshakes, from Matt Dunwoodie, ok mpi@
"There is a race between sending/receiving handshake packets. This
occurs if we consume an initiation, then send an initiation prior to
replying to the consumed initiation.
In particular, when consuming an initiation, we don't generate the
index until creating the response (which is incorrect). If we attempt
to create an initiation between these processes, we drop any
outstanding handshake which in this case has index 0 as set when
consuming the initiation.
The fix attached is to generate the index when consuming the initiation
so that any spurious initiation creation can drop a valid index. The
patch also consolidates setting fields on the handshake."
| -rw-r--r-- | sys/net/wg_noise.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/net/wg_noise.c b/sys/net/wg_noise.c index 86f7823cc83..47552229b8a 100644 --- a/sys/net/wg_noise.c +++ b/sys/net/wg_noise.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wg_noise.c,v 1.4 2020/12/09 05:53:33 tb Exp $ */ +/* $OpenBSD: wg_noise.c,v 1.5 2021/03/21 18:13:59 sthen Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net> @@ -299,9 +299,6 @@ noise_consume_initiation(struct noise_local *l, struct noise_remote **rp, NOISE_TIMESTAMP_LEN + NOISE_AUTHTAG_LEN, key, hs.hs_hash) != 0) goto error; - hs.hs_state = CONSUMED_INITIATION; - hs.hs_local_index = 0; - hs.hs_remote_index = s_idx; memcpy(hs.hs_e, ue, NOISE_PUBLIC_KEY_LEN); /* We have successfully computed the same results, now we ensure that @@ -321,6 +318,9 @@ noise_consume_initiation(struct noise_local *l, struct noise_remote **rp, /* Ok, we're happy to accept this initiation now */ noise_remote_handshake_index_drop(r); + hs.hs_state = CONSUMED_INITIATION; + hs.hs_local_index = noise_remote_handshake_index_get(r); + hs.hs_remote_index = s_idx; r->r_handshake = hs; *rp = r; ret = 0; @@ -369,7 +369,6 @@ noise_create_response(struct noise_remote *r, uint32_t *s_idx, uint32_t *r_idx, noise_msg_encrypt(en, NULL, 0, key, hs->hs_hash); hs->hs_state = CREATED_RESPONSE; - hs->hs_local_index = noise_remote_handshake_index_get(r); *r_idx = hs->hs_remote_index; *s_idx = hs->hs_local_index; ret = 0; |