aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:13:01 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commitc2371953f8305ec950615e69e182cd29140af0e0 (patch)
treebce6e14698b3b7ffb5c4d1da2f0d73c5528df251 /src/radius
parentce9c9bcc3883929f2768e8b72bd7fc9cfdab79b7 (diff)
downloadhostap-c2371953f8305ec950615e69e182cd29140af0e0.zip
hostap-c2371953f8305ec950615e69e182cd29140af0e0.tar.gz
hostap-c2371953f8305ec950615e69e182cd29140af0e0.tar.bz2
RADIUS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius.c10
-rw-r--r--src/radius/radius_server.c2
2 files changed, 6 insertions, 6 deletions
diff --git a/src/radius/radius.c b/src/radius/radius.c
index e34d08b..f2d8e96 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -508,7 +508,7 @@ int radius_msg_verify_acct_req(struct radius_msg *msg, const u8 *secret,
addr[3] = secret;
len[3] = secret_len;
md5_vector(4, addr, len, hash);
- return os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
+ return os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
}
@@ -535,7 +535,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
addr[3] = secret;
len[3] = secret_len;
md5_vector(4, addr, len, hash);
- if (os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
+ if (os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
return 1;
for (i = 0; i < msg->attr_used; i++) {
@@ -568,7 +568,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
os_memcpy(msg->hdr->authenticator, orig_authenticator,
sizeof(orig_authenticator));
- return os_memcmp(orig, auth, MD5_MAC_LEN) != 0;
+ return os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0;
}
@@ -801,7 +801,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
sizeof(orig_authenticator));
}
- if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
+ if (os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "Invalid Message-Authenticator!");
return 1;
}
@@ -838,7 +838,7 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
addr[3] = secret;
len[3] = secret_len;
md5_vector(4, addr, len, hash);
- if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
+ if (os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
wpa_printf(MSG_INFO, "Response Authenticator invalid!");
return 1;
}
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index c35ba55..00ad6af 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -864,7 +864,7 @@ radius_server_macacl(struct radius_server_data *data,
os_free(tmp.password);
if (res < 0 || pw_len != (size_t) res ||
- os_memcmp(pw, buf, res) != 0) {
+ os_memcmp_const(pw, buf, res) != 0) {
RADIUS_DEBUG("Incorrect User-Password");
code = RADIUS_CODE_ACCESS_REJECT;
}