On Tue, 2020-04-14 at 15:37 -0400, Waiman Long wrote:
> OK, I can change it to clear the key length when the allocation failed
> which isn't likely.
Perhaps:
kfree_sensitive(op->key);
op->key = NULL;
op->keylen = 0;
but I don't know that it impacts any possible state.
On 4/14/20 3:16 PM, Michal Suchánek wrote:
> On Tue, Apr 14, 2020 at 12:24:36PM -0400, Waiman Long wrote:
>> On 4/14/20 2:08 AM, Christophe Leroy wrote:
>>>
>>> Le 14/04/2020 à 00:28, Waiman Long a écrit :
Since kfree_sensitive() will do an implicit memzero_explicit(), there
is no need to
On 4/14/20 8:48 AM, David Sterba wrote:
> On Mon, Apr 13, 2020 at 05:15:49PM -0400, Waiman Long wrote:
>> fs/btrfs/ioctl.c | 2 +-
>
>> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
>> index 40b729dce91c..eab3f8510426 100644
>> --- a/fs/btrfs/ioctl.c
>> +++ b/fs/btr
On 4/14/20 2:08 AM, Christophe Leroy wrote:
>
>
> Le 14/04/2020 à 00:28, Waiman Long a écrit :
>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>> is no need to call memzero_explicit() before it. Eliminate those
>> memzero_explicit() and simplify the call sites. For better c
On Tue, 14 Apr 2020 17:02:41 +0200
ajs124 wrote:
> On Sat, 11 Apr 2020 12:13:36 -0700
> wrote:
>
> > I have some older routers that run OpenWRT just fine, but are a bit slow at
> > Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> > playing HD movies.
> > For these routers
On Sat, 11 Apr 2020 12:13:36 -0700
wrote:
> I have some older routers that run OpenWRT just fine, but are a bit slow at
> Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> playing HD movies.
> For these routers/uses I don't care about security, I just want a VPN to
> tunnel
Waiman Long wrote:
> As said by Linus:
>
> A symmetric naming is only helpful if it implies symmetries in use.
> Otherwise it's actively misleading.
>
> In "kzalloc()", the z is meaningful and an important part of what the
> caller wants.
>
> In "kzfree()", the z is actively detrimen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This missing hash from the previous email is:
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20200413.tar.xz
SHA2-256: cf166348fbb67419528e73049ce001d29131aea367fa6aef9d3e223f7251e116
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new version, v1.0.20200413, of the backported WireGuard kernel module for
3.10 <= Linux <= 5.5.y has been tagged in the git repository.
== Changes ==
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siph
Hi Christian,
Thanks. Addressed here:
https://git.zx2c4.com/wireguard-linux-compat/commit/?id=c15894ad17cb0760471c2dd798bfbbea2081b4db
. I'll have a new release out shortly.
By the way, you'll have more reliability using the elrepo kmod these days:
https://lists.zx2c4.com/pipermail/wireguard/2020
On Mon 13-04-20 17:15:49, Waiman Long wrote:
> As said by Linus:
>
> A symmetric naming is only helpful if it implies symmetries in use.
> Otherwise it's actively misleading.
>
> In "kzalloc()", the z is meaningful and an important part of what the
> caller wants.
>
> In "kzfree()", th
On Tue, Apr 14, 2020 at 10:30 AM wrote:
>
> I have some older routers that run OpenWRT just fine, but are a bit slow at
> Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> playing HD movies.
> For these routers/uses I don't care about security, I just want a VPN to
> tunnel (
On 4/13/20 3:15 PM, Waiman Long wrote:
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively d
Hi,
I would like to propose a feature request specifically for the
Wireguard-Windows client but
probably also for other desktop-clients; I hope this is the appropriate way of
doing this since the
issue category seems to be disabled on github for this repo.
I really would like to see getting QR-
I have some older routers that run OpenWRT just fine, but are a bit slow at
Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
playing HD movies.
For these routers/uses I don't care about security, I just want a VPN to
tunnel (thru Comcast, and other ISPs that block lots of ports
Since kfree_sensitive() will do an implicit memzero_explicit(), there
is no need to call memzero_explicit() before it. Eliminate those
memzero_explicit() and simplify the call sites. For better correctness,
the setting of keylen is also moved down after the key pointer check.
Signed-off-by: Waiman
Hi.
With debugging enabled you can log all kinds of stuff like malformed or
replayed packets. However, debugging only tells you that something went wrong
but it does not really show the cause.
It would be really nice if you could log those packets so you know exactly
which packet caused an iss
Le 14/04/2020 à 00:28, Waiman Long a écrit :
Since kfree_sensitive() will do an implicit memzero_explicit(), there
is no need to call memzero_explicit() before it. Eliminate those
memzero_explicit() and simplify the call sites. For better correctness,
the setting of keylen is also moved down a
On Mon, 13 Apr 2020, Waiman Long wrote:
> As said by Linus:
>
> A symmetric naming is only helpful if it implies symmetries in use.
> Otherwise it's actively misleading.
>
> In "kzalloc()", the z is meaningful and an important part of what the
> caller wants.
>
> In "kzfree()", the z
On 4/13/20 5:31 PM, Joe Perches wrote:
> On Mon, 2020-04-13 at 17:15 -0400, Waiman Long wrote:
>> Since kfree_sensitive() will do an implicit memzero_explicit(), there
>> is no need to call memzero_explicit() before it. Eliminate those
>> memzero_explicit() and simplify the call sites.
> 2 bits of
On Mon, 2020-04-13 at 17:15 -0400, Waiman Long wrote:
> Since kfree_sensitive() will do an implicit memzero_explicit(), there
> is no need to call memzero_explicit() before it. Eliminate those
> memzero_explicit() and simplify the call sites.
2 bits of trivia:
> diff --git a/drivers/crypto/allwin
Since kfree_sensitive() will do an implicit memzero_explicit(), there
is no need to call memzero_explicit() before it. Eliminate those
memzero_explicit() and simplify the call sites.
Signed-off-by: Waiman Long
---
.../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 15 +++
.../crypto/
Hi Guys,
Thank you so much for explaining the internals of Wireguard
implementation in Linux kernel. The sequence explained in the slide
(page 11) helps a lot to understand the flow in the following
document.
https://www.wireguard.com/talks/fosdem2017-slides.pdf
Likewise, do you have any documen
Hello Dear Mailinglist,
with RHEL 7.8, kernel 3.10 and current Wireguard 1.0.20191226 make
throws the obove error:
# rpm -qa "wireguard*"
wireguard-tools-1.0.20191226-1.el7.x86_64
wireguard-dkms-1.0.20200401-1.el7.noarch
# cat /etc/oracle-release
Oracle Linux Server release 7.8
# uname -a
Linux
This patchset makes a global rename of the kzfree() to kfree_sensitive()
to highlight the fact buffer clearing is only needed if the data objects
contain sensitive information like encrpytion key. The fact that kzfree()
uses memset() to do the clearing isn't totally safe either as compiler
may comp
Hello,
I wish this patch could be merged. This would make stuff easier, cleaner
and consistent with a lot of other services.
Guy Godfroy
Le 30/03/2020 à 10:41, Tore Anderson a écrit :
Also add an ExecReload statement that uses this in the systemd template unit.
Signed-off-by: Tore Anderson
As said by Linus:
A symmetric naming is only helpful if it implies symmetries in use.
Otherwise it's actively misleading.
In "kzalloc()", the z is meaningful and an important part of what the
caller wants.
In "kzfree()", the z is actively detrimental, because maybe in the
future we r
27 matches
Mail list logo
