aboutsummaryrefslogtreecommitdiffstats
path: root/src/eapol_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:16:10 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commit7c24f53c8806fba2b20459c417c5b9dc60dc4666 (patch)
tree867a7bae172124acc3c9b985def71e4bde2175d6 /src/eapol_supp
parent870834a19bb1efd50cc4faf098a781f5c23c994b (diff)
downloadhostap-7c24f53c8806fba2b20459c417c5b9dc60dc4666.zip
hostap-7c24f53c8806fba2b20459c417c5b9dc60dc4666.tar.gz
hostap-7c24f53c8806fba2b20459c417c5b9dc60dc4666.tar.bz2
EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eapol_supp')
-rw-r--r--src/eapol_supp/eapol_supp_sm.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index e00dea3..cf3506d 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -719,8 +719,8 @@ static void eapol_sm_processKey(struct eapol_sm *sm)
hmac_md5(keydata.sign_key, sign_key_len,
sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length),
key->key_signature);
- if (os_memcmp(orig_key_sign, key->key_signature,
- IEEE8021X_KEY_SIGN_LEN) != 0) {
+ if (os_memcmp_const(orig_key_sign, key->key_signature,
+ IEEE8021X_KEY_SIGN_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in "
"EAPOL-Key packet");
os_memcpy(key->key_signature, orig_key_sign,