aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_pwd.c
diff options
context:
space:
mode:
authorFlorent Daigniere <nextgens@freenetproject.org>2014-06-27 10:05:47 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-24 16:39:44 (GMT)
commit5197f0335cd682079e268edab1967dcee353a942 (patch)
tree27c0148b1b84c3d6151c296ff0cc73a7272584c5 /src/eap_peer/eap_pwd.c
parent26c10f797cced4eab68590accc96508d70325ff7 (diff)
downloadhostap-5197f0335cd682079e268edab1967dcee353a942.zip
hostap-5197f0335cd682079e268edab1967dcee353a942.tar.gz
hostap-5197f0335cd682079e268edab1967dcee353a942.tar.bz2
EAP-pwd: Use os_memcmp_const() for hash comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
Diffstat (limited to 'src/eap_peer/eap_pwd.c')
-rw-r--r--src/eap_peer/eap_pwd.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index 089aec3..ef80dba 100644
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -589,7 +589,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
eap_pwd_h_final(hash, conf);
ptr = (u8 *) payload;
- if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
+ if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm did not verify");
goto fin;
}