From: Lloyd <ng2d68@proton.me>
Subject: Re: wg(4): remove redundant if statement
To: tech@openbsd.org
Date: Thu, 18 Sep 2025 18:26:57 +0000

The previous diff removed some locking code from the outer if.

Regards
Lloyd

ido@wireplug.org wrote:

> Hi,
> 
> The outer if statement seems redundant.
> Tested against current on an amd64 laptop.
> 
> Ido
> 
> diff --git sys/net/wg_noise.c sys/net/wg_noise.c
> index c4d64baeeec..97d704e9ee5 100644
> --- sys/net/wg_noise.c
> +++ sys/net/wg_noise.c
> @@ -651,16 +651,14 @@ noise_remote_decrypt(struct noise_remote *r, uint32_t r_idx, uint64_t nonce,
> * next keypair into current. If we do slide the next keypair in, then
> * we skip the REKEY_AFTER_TIME_RECV check. This is safe to do as a
> * data packet can't confirm a session that we are an INITIATOR of. */
> - if (kp == r->r_next) {
> 
> - if (kp == r->r_next && kp->kp_local_index == r_idx) {
> 
> - noise_remote_keypair_free(r, r->r_previous);
> 
> - r->r_previous = r->r_current;
> 
> - r->r_current = r->r_next;
> 
> - r->r_next = NULL;
> 
> + if (kp == r->r_next && kp->kp_local_index == r_idx) {
> 
> + noise_remote_keypair_free(r, r->r_previous);
> 
> + r->r_previous = r->r_current;
> 
> + r->r_current = r->r_next;
> 
> + r->r_next = NULL;
> 
> 
> - ret = ECONNRESET;
> - goto error;
> - }
> + ret = ECONNRESET;
> + goto error;
> }
> 
> /* Similar to when we encrypt, we want to notify the caller when we