jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons

Browse source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:16:10 +03:00
parent 870834a19b
commit 7c24f53c88
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/eapol_supp/eapol_supp_sm.c
View file

@ -719,8 +719,8 @@ static void eapol_sm_processKey(struct eapol_sm *sm)
hmac_md5(keydata.sign_key, sign_key_len, hmac_md5(keydata.sign_key, sign_key_len,
sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length), sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length),
key->key_signature); key->key_signature);
if (os_memcmp(orig_key_sign, key->key_signature, if (os_memcmp_const(orig_key_sign, key->key_signature,
IEEE8021X_KEY_SIGN_LEN) != 0) { IEEE8021X_KEY_SIGN_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in " wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in "
"EAPOL-Key packet"); "EAPOL-Key packet");
os_memcpy(key->key_signature, orig_key_sign, os_memcpy(key->key_signature, orig_key_sign,