From 0233dcac5b816c12982f58c9a112d681232f8aa7 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 29 Jun 2014 20:28:25 +0300 Subject: [PATCH] SAE: Use os_memcmp_const() for hash/password comparisons This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 2 +- src/common/sae.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 65f87b0d5..de1ee5ed0 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -403,7 +403,7 @@ static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, return -1; if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), addr, ETH_ALEN, mac) < 0 || - os_memcmp(token, mac, SHA256_MAC_LEN) != 0) + os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) return -1; return 0; diff --git a/src/common/sae.c b/src/common/sae.c index c1b488e91..b67623f8c 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -1051,7 +1051,7 @@ int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len) sae->tmp->own_commit_element_ffc, verifier); - if (os_memcmp(verifier, data + 2, SHA256_MAC_LEN) != 0) { + if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) { wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch"); wpa_hexdump(MSG_DEBUG, "SAE: Received confirm", data + 2, SHA256_MAC_LEN);