EAP-EKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
dfb5608139
commit
dddf7bbd4e
|
|
@ -692,7 +692,7 @@ int eap_eke_decrypt_prot(struct eap_eke_session *sess,
|
|||
if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
|
||||
prot_len - block_size - icv_len, icv) < 0)
|
||||
return -1;
|
||||
if (os_memcmp(icv, prot + prot_len - icv_len, icv_len) != 0) {
|
||||
if (os_memcmp_const(icv, prot + prot_len - icv_len, icv_len) != 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: ICV mismatch in Prot() data");
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -566,8 +566,8 @@ static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
|
|||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
|
||||
if (os_memcmp(auth_s, pos + data->sess.pnonce_ps_len,
|
||||
data->sess.prf_len) != 0) {
|
||||
if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
|
||||
data->sess.prf_len) != 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
|
||||
return eap_eke_build_fail(data, ret, reqData,
|
||||
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
|
||||
|
|
|
|||
|
|
@ -635,8 +635,8 @@ static void eap_eke_process_confirm(struct eap_sm *sm,
|
|||
return;
|
||||
}
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth_p, data->sess.prf_len);
|
||||
if (os_memcmp(auth_p, payload + data->sess.pnonce_len,
|
||||
data->sess.prf_len) != 0) {
|
||||
if (os_memcmp_const(auth_p, payload + data->sess.pnonce_len,
|
||||
data->sess.prf_len) != 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Auth_P does not match");
|
||||
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
|
||||
return;
|
||||
|
|
|
|||
Loading…
Reference in a new issue