aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_psk.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:24:10 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commit468548255272aee552a83b578d1e6be08e5284c4 (patch)
tree6707e2977ee3b3c7221f6fb5eaa73d82bf372ee8 /src/eap_server/eap_server_psk.c
parentcba0f8698b3edd254ae237b7921e0ec668051b79 (diff)
downloadhostap-468548255272aee552a83b578d1e6be08e5284c4.zip
hostap-468548255272aee552a83b578d1e6be08e5284c4.tar.gz
hostap-468548255272aee552a83b578d1e6be08e5284c4.tar.bz2
EAP-PSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server/eap_server_psk.c')
-rw-r--r--src/eap_server/eap_server_psk.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c
index 46bedd9..2cff493 100644
--- a/src/eap_server/eap_server_psk.c
+++ b/src/eap_server/eap_server_psk.c
@@ -314,7 +314,7 @@ static void eap_psk_process_2(struct eap_sm *sm,
}
os_free(buf);
wpa_hexdump(MSG_DEBUG, "EAP-PSK: MAC_P", resp->mac_p, EAP_PSK_MAC_LEN);
- if (os_memcmp(mac, resp->mac_p, EAP_PSK_MAC_LEN) != 0) {
+ if (os_memcmp_const(mac, resp->mac_p, EAP_PSK_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-PSK: Invalid MAC_P");
wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: Expected MAC_P",
mac, EAP_PSK_MAC_LEN);