diff options
| author | Jouni Malinen <j@w1.fi> | 2014-06-29 17:22:44 (GMT) |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2014-07-02 09:38:47 (GMT) |
| commit | cba0f8698b3edd254ae237b7921e0ec668051b79 (patch) | |
| tree | bb0d165fd49073d18cd6553da66e910de2d25837 /src/eap_server | |
| parent | 7b1e7458709354aed02e815cfa4b882247a4f29b (diff) | |
| download | hostap-cba0f8698b3edd254ae237b7921e0ec668051b79.zip hostap-cba0f8698b3edd254ae237b7921e0ec668051b79.tar.gz hostap-cba0f8698b3edd254ae237b7921e0ec668051b79.tar.bz2 | |
EAP-PEAP: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server')
| -rw-r--r-- | src/eap_server/eap_server_peap.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c index defcb3c..55dee88 100644 --- a/src/eap_server/eap_server_peap.c +++ b/src/eap_server/eap_server_peap.c @@ -593,7 +593,7 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, buf[60] = EAP_TYPE_PEAP; hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac); - if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) { + if (os_memcmp_const(mac, pos, SHA1_MAC_LEN) != 0) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in " "cryptobinding TLV"); wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK", data->cmk, 20); |