[PATCH] wireguard: use memzero_explicit() when zeroing handshake key material
Jeroen Robben
jeroen at robben.io
Wed Mar 18 23:06:38 UTC 2026
Replace memset() calls in handshake_zero() with memzero_explicit()
to ensure clearing handshake state is not optimized away by the compiler.
Signed-off-by: Jeroen Robben <jeroen at robben.io>
---
drivers/net/wireguard/noise.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c
index 7eb9a23a3d4d..b8be04549fa6 100644
--- a/drivers/net/wireguard/noise.c
+++ b/drivers/net/wireguard/noise.c
@@ -77,10 +77,10 @@ void wg_noise_handshake_init(struct noise_handshake *handshake,
static void handshake_zero(struct noise_handshake *handshake)
{
- memset(&handshake->ephemeral_private, 0, NOISE_PUBLIC_KEY_LEN);
- memset(&handshake->remote_ephemeral, 0, NOISE_PUBLIC_KEY_LEN);
- memset(&handshake->hash, 0, NOISE_HASH_LEN);
- memset(&handshake->chaining_key, 0, NOISE_HASH_LEN);
+ memzero_explicit(&handshake->ephemeral_private, NOISE_PUBLIC_KEY_LEN);
+ memzero_explicit(&handshake->remote_ephemeral, NOISE_PUBLIC_KEY_LEN);
+ memzero_explicit(&handshake->hash, NOISE_HASH_LEN);
+ memzero_explicit(&handshake->chaining_key, NOISE_HASH_LEN);
handshake->remote_index = 0;
handshake->state = HANDSHAKE_ZEROED;
}
--
2.53.0
More information about the WireGuard
mailing list