AES-CCM: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
7c24f53c88
commit
87a5c93bec
1 changed files with 1 additions and 1 deletions
|
|
@ -203,7 +203,7 @@ int aes_ccm_ad(const u8 *key, size_t key_len, const u8 *nonce,
|
||||||
|
|
||||||
aes_encrypt_deinit(aes);
|
aes_encrypt_deinit(aes);
|
||||||
|
|
||||||
if (os_memcmp(x, t, M) != 0) {
|
if (os_memcmp_const(x, t, M) != 0) {
|
||||||
wpa_printf(MSG_EXCESSIVE, "CCM: Auth mismatch");
|
wpa_printf(MSG_EXCESSIVE, "CCM: Auth mismatch");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue