Milenage: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
05f916eeed
commit
a79aea531e
1 changed files with 2 additions and 2 deletions
|
|
@ -217,7 +217,7 @@ int milenage_auts(const u8 *opc, const u8 *k, const u8 *_rand, const u8 *auts,
|
|||
for (i = 0; i < 6; i++)
|
||||
sqn[i] = auts[i] ^ ak[i];
|
||||
if (milenage_f1(opc, k, _rand, sqn, amf, NULL, mac_s) ||
|
||||
memcmp(mac_s, auts + 6, 8) != 0)
|
||||
os_memcmp_const(mac_s, auts + 6, 8) != 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -312,7 +312,7 @@ int milenage_check(const u8 *opc, const u8 *k, const u8 *sqn, const u8 *_rand,
|
|||
|
||||
wpa_hexdump(MSG_DEBUG, "Milenage: MAC_A", mac_a, 8);
|
||||
|
||||
if (os_memcmp(mac_a, autn + 8, 8) != 0) {
|
||||
if (os_memcmp_const(mac_a, autn + 8, 8) != 0) {
|
||||
wpa_printf(MSG_DEBUG, "Milenage: MAC mismatch");
|
||||
wpa_hexdump(MSG_DEBUG, "Milenage: Received MAC_A",
|
||||
autn + 8, 8);
|
||||
|
|
|
|||
Loading…
Reference in a new issue