jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-pwd: Use os_memcmp_const() for hash comparisons

Browse source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
Florent Daigniere 2014-06-27 12:05:47 +02:00 committed by Jouni Malinen
parent 26c10f797c
commit 5197f0335c
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/eap_peer/eap_pwd.c
View file

@ -589,7 +589,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_final(hash, conf);
ptr = (u8 *) payload;
if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm did not verify");
goto fin;
}

2
src/eap_server/eap_server_pwd.c
View file

@ -835,7 +835,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_final(hash, conf);
ptr = (u8 *) payload;
if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
wpa_printf(MSG_INFO, "EAP-PWD (server): confirm did not "
"verify");
goto fin;