RADIUS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
ce9c9bcc38
commit
c2371953f8
2 changed files with 6 additions and 6 deletions
|
|
@ -508,7 +508,7 @@ int radius_msg_verify_acct_req(struct radius_msg *msg, const u8 *secret,
|
||||||
addr[3] = secret;
|
addr[3] = secret;
|
||||||
len[3] = secret_len;
|
len[3] = secret_len;
|
||||||
md5_vector(4, addr, len, hash);
|
md5_vector(4, addr, len, hash);
|
||||||
return os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
|
return os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -535,7 +535,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
|
||||||
addr[3] = secret;
|
addr[3] = secret;
|
||||||
len[3] = secret_len;
|
len[3] = secret_len;
|
||||||
md5_vector(4, addr, len, hash);
|
md5_vector(4, addr, len, hash);
|
||||||
if (os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
|
if (os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
for (i = 0; i < msg->attr_used; i++) {
|
for (i = 0; i < msg->attr_used; i++) {
|
||||||
|
|
@ -568,7 +568,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
|
||||||
os_memcpy(msg->hdr->authenticator, orig_authenticator,
|
os_memcpy(msg->hdr->authenticator, orig_authenticator,
|
||||||
sizeof(orig_authenticator));
|
sizeof(orig_authenticator));
|
||||||
|
|
||||||
return os_memcmp(orig, auth, MD5_MAC_LEN) != 0;
|
return os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -801,7 +801,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
|
||||||
sizeof(orig_authenticator));
|
sizeof(orig_authenticator));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
|
if (os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0) {
|
||||||
wpa_printf(MSG_INFO, "Invalid Message-Authenticator!");
|
wpa_printf(MSG_INFO, "Invalid Message-Authenticator!");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
@ -838,7 +838,7 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
|
||||||
addr[3] = secret;
|
addr[3] = secret;
|
||||||
len[3] = secret_len;
|
len[3] = secret_len;
|
||||||
md5_vector(4, addr, len, hash);
|
md5_vector(4, addr, len, hash);
|
||||||
if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
|
if (os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
|
||||||
wpa_printf(MSG_INFO, "Response Authenticator invalid!");
|
wpa_printf(MSG_INFO, "Response Authenticator invalid!");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -864,7 +864,7 @@ radius_server_macacl(struct radius_server_data *data,
|
||||||
os_free(tmp.password);
|
os_free(tmp.password);
|
||||||
|
|
||||||
if (res < 0 || pw_len != (size_t) res ||
|
if (res < 0 || pw_len != (size_t) res ||
|
||||||
os_memcmp(pw, buf, res) != 0) {
|
os_memcmp_const(pw, buf, res) != 0) {
|
||||||
RADIUS_DEBUG("Incorrect User-Password");
|
RADIUS_DEBUG("Incorrect User-Password");
|
||||||
code = RADIUS_CODE_ACCESS_REJECT;
|
code = RADIUS_CODE_ACCESS_REJECT;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue