jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-PSK: Use os_memcmp_const() for hash/password comparisons

Browse source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:24:10 +03:00
parent cba0f8698b
commit 4685482552
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/eap_peer/eap_psk.c
View file

@ -237,7 +237,7 @@ static struct wpabuf * eap_psk_process_3(struct eap_psk_data *data,
return NULL;
}
os_free(buf);
if (os_memcmp(mac, hdr3->mac_s, EAP_PSK_MAC_LEN) != 0) {
if (os_memcmp_const(mac, hdr3->mac_s, EAP_PSK_MAC_LEN) != 0) {
wpa_printf(MSG_WARNING, "EAP-PSK: Invalid MAC_S in third "
"message");
ret->methodState = METHOD_DONE;

2
src/eap_server/eap_server_psk.c
View file

@ -314,7 +314,7 @@ static void eap_psk_process_2(struct eap_sm *sm,
}
os_free(buf);
wpa_hexdump(MSG_DEBUG, "EAP-PSK: MAC_P", resp->mac_p, EAP_PSK_MAC_LEN);
if (os_memcmp(mac, resp->mac_p, EAP_PSK_MAC_LEN) != 0) {
if (os_memcmp_const(mac, resp->mac_p, EAP_PSK_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PSK: Invalid MAC_P");
wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: Expected MAC_P",
mac, EAP_PSK_MAC_LEN);