aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_common
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:20:28 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commitdddf7bbd4e522666775db58ff1187ac99d971d7e (patch)
treef7621a0d74f2419da186cf81d3db8fc815004cff /src/eap_common
parentdfb56081391eff5cf3a46898ff1046c588d82005 (diff)
downloadhostap-dddf7bbd4e522666775db58ff1187ac99d971d7e.zip
hostap-dddf7bbd4e522666775db58ff1187ac99d971d7e.tar.gz
hostap-dddf7bbd4e522666775db58ff1187ac99d971d7e.tar.bz2
EAP-EKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_common')
-rw-r--r--src/eap_common/eap_eke_common.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_common/eap_eke_common.c b/src/eap_common/eap_eke_common.c
index a62ac8e..4dfdb3f 100644
--- a/src/eap_common/eap_eke_common.c
+++ b/src/eap_common/eap_eke_common.c
@@ -692,7 +692,7 @@ int eap_eke_decrypt_prot(struct eap_eke_session *sess,
if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
prot_len - block_size - icv_len, icv) < 0)
return -1;
- if (os_memcmp(icv, prot + prot_len - icv_len, icv_len) != 0) {
+ if (os_memcmp_const(icv, prot + prot_len - icv_len, icv_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: ICV mismatch in Prot() data");
return -1;
}