EAP-pwd: Use os_memcmp_const() for hash comparisons

This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
author: Florent Daigniere <nextgens@freenetproject.org> 2014-06-27 10:05:47 (GMT)
committer: Jouni Malinen <j@w1.fi> 2014-07-24 16:39:44 (GMT)
commit: 5197f0335cd682079e268edab1967dcee353a942 (patch)
tree: 27c0148b1b84c3d6151c296ff0cc73a7272584c5 /src/eap_server
parent: 26c10f797cced4eab68590accc96508d70325ff7 (diff)
download: hostap-5197f0335cd682079e268edab1967dcee353a942.zip
hostap-5197f0335cd682079e268edab1967dcee353a942.tar.gz
hostap-5197f0335cd682079e268edab1967dcee353a942.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 38fa0f2..fc2ae26 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -835,7 +835,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
 	eap_pwd_h_final(hash, conf);
 
 	ptr = (u8 *) payload;
-	if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
+	if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
 		wpa_printf(MSG_INFO, "EAP-PWD (server): confirm did not "
 			   "verify");
 		goto fin;
author	Florent Daigniere <nextgens@freenetproject.org>	2014-06-27 10:05:47 (GMT)
committer	Jouni Malinen <j@w1.fi>	2014-07-24 16:39:44 (GMT)
commit	5197f0335cd682079e268edab1967dcee353a942 (patch)
tree	27c0148b1b84c3d6151c296ff0cc73a7272584c5 /src/eap_server
parent	26c10f797cced4eab68590accc96508d70325ff7 (diff)
download	hostap-5197f0335cd682079e268edab1967dcee353a942.zip hostap-5197f0335cd682079e268edab1967dcee353a942.tar.gz hostap-5197f0335cd682079e268edab1967dcee353a942.tar.bz2