DragonFlyBSD Kernel Audit
← dashboard
DF-0465

Handshake state irrevocably corrupted when noise_begin_session kmalloc(M_NOWAIT) fails

Summary

noise_create_response(:1188-1208) advances r->r_handshake IN PLACE via hs=&r->r_handshake (mix_dh/mix_psk/msg_encrypt) BEFORE noise_begin_session(:1208). noise_begin_session kmalloc(M_NOWAIT|M_ZERO)(:1301) fails under mem pressure -> r->r_handshake already corrupted (ck/hash advanced) but r->r_handshake_state stays HANDSHAKE_RESPONDER. Retry operates on corrupted state -> AEAD tag peer cannot verify -> stuck until REKEY_TIMEOUT=5s re-init. noise_consume_response(:1269-1275) same pattern: commits r->r_handshake=hs(:1272) before noise_begin_session(:1274). Inherited from wireguard-freebsd reference. Transient DoS only.