SAE: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:28:25 +03:00
parent 34ef46ce54
commit 0233dcac5b
2 changed files with 2 additions and 2 deletions

View file

@ -403,7 +403,7 @@ static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
return -1;
if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
addr, ETH_ALEN, mac) < 0 ||
os_memcmp(token, mac, SHA256_MAC_LEN) != 0)
os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
return -1;
return 0;

View file

@ -1051,7 +1051,7 @@ int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len)
sae->tmp->own_commit_element_ffc,
verifier);
if (os_memcmp(verifier, data + 2, SHA256_MAC_LEN) != 0) {
if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch");
wpa_hexdump(MSG_DEBUG, "SAE: Received confirm",
data + 2, SHA256_MAC_LEN);