aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_common
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:18:40 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commit675ddad1c20fffdb2795c80db9aa8ae96683ff81 (patch)
tree74abac9d0e0cfa4c41ef0f15283ab8735d2ffcbd /src/eap_common
parent2049a3c8749a66b302fcb105760997cc66805bbd (diff)
downloadhostap-675ddad1c20fffdb2795c80db9aa8ae96683ff81.zip
hostap-675ddad1c20fffdb2795c80db9aa8ae96683ff81.tar.gz
hostap-675ddad1c20fffdb2795c80db9aa8ae96683ff81.tar.bz2
EAP-IKEv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_common')
-rw-r--r--src/eap_common/eap_ikev2_common.c2
-rw-r--r--src/eap_common/ikev2_common.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/eap_common/eap_ikev2_common.c b/src/eap_common/eap_ikev2_common.c
index da9f3cc..585c79c 100644
--- a/src/eap_common/eap_ikev2_common.c
+++ b/src/eap_common/eap_ikev2_common.c
@@ -100,7 +100,7 @@ int eap_ikev2_validate_icv(int integ_alg, struct ikev2_keys *keys,
return -1;
}
- if (os_memcmp(icv, end - icv_len, icv_len) != 0) {
+ if (os_memcmp_const(icv, end - icv_len, icv_len) != 0) {
wpa_printf(MSG_INFO, "EAP-IKEV2: Invalid ICV");
wpa_hexdump(MSG_DEBUG, "EAP-IKEV2: Calculated ICV",
icv, icv_len);
diff --git a/src/eap_common/ikev2_common.c b/src/eap_common/ikev2_common.c
index b98a3e8..3d4fb6f 100644
--- a/src/eap_common/ikev2_common.c
+++ b/src/eap_common/ikev2_common.c
@@ -477,7 +477,7 @@ u8 * ikev2_decrypt_payload(int encr_id, int integ_id,
"hash");
return NULL;
}
- if (os_memcmp(integ, hash, integ_alg->hash_len) != 0) {
+ if (os_memcmp_const(integ, hash, integ_alg->hash_len) != 0) {
wpa_printf(MSG_INFO, "IKEV2: Incorrect Integrity Checksum "
"Data");
return NULL;