aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 17:18:00 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:47 (GMT)
commit2049a3c8749a66b302fcb105760997cc66805bbd (patch)
treea3db259d601d8fa707b3cfe419a0f2887bc7e21f /src/tls
parenta79aea531e695b2a35170feb37643dbfa3b6e1bb (diff)
downloadhostap-2049a3c8749a66b302fcb105760997cc66805bbd.zip
hostap-2049a3c8749a66b302fcb105760997cc66805bbd.tar.gz
hostap-2049a3c8749a66b302fcb105760997cc66805bbd.tar.bz2
TLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/pkcs1.c2
-rw-r--r--src/tls/tlsv1_client_read.c2
-rw-r--r--src/tls/tlsv1_common.c3
-rw-r--r--src/tls/tlsv1_record.c2
-rw-r--r--src/tls/tlsv1_server_read.c2
-rw-r--r--src/tls/x509v3.c2
6 files changed, 7 insertions, 6 deletions
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index 381b7a0..141ac50 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -298,7 +298,7 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
hdr.payload, hdr.length);
if (hdr.length != hash_len ||
- os_memcmp(hdr.payload, hash, hdr.length) != 0) {
+ os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
wpa_printf(MSG_INFO, "PKCS #1: Digest value does not match calculated hash");
os_free(decrypted);
return -1;
diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c
index f78921d..4f08e0f 100644
--- a/src/tls/tlsv1_client_read.c
+++ b/src/tls/tlsv1_client_read.c
@@ -962,7 +962,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct,
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (server)",
verify_data, TLS_VERIFY_DATA_LEN);
- if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
+ if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data");
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_DECRYPT_ERROR);
diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index 8a4645b..ced28cf 100644
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -481,7 +481,8 @@ int tls_verify_signature(u16 tls_version, struct crypto_public_key *pk,
}
#endif /* CONFIG_TLSV12 */
- if (buflen != data_len || os_memcmp(decrypted, data, data_len) != 0) {
+ if (buflen != data_len ||
+ os_memcmp_const(decrypted, data, data_len) != 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid Signature in CertificateVerify - did not match calculated hash");
os_free(buf);
*alert = TLS_ALERT_DECRYPT_ERROR;
diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c
index 3bec3be..0c6897a 100644
--- a/src/tls/tlsv1_record.c
+++ b/src/tls/tlsv1_record.c
@@ -456,7 +456,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
return -1;
}
if (hlen != rl->hash_size ||
- os_memcmp(hash, out_data + plen, hlen) != 0 ||
+ os_memcmp_const(hash, out_data + plen, hlen) != 0 ||
force_mac_error) {
wpa_printf(MSG_DEBUG, "TLSv1: Invalid HMAC value in "
"received message (force_mac_error=%d)",
diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index c34545e..728e137 100644
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -1135,7 +1135,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct,
wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (client)",
verify_data, TLS_VERIFY_DATA_LEN);
- if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
+ if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) {
tlsv1_server_log(conn, "Mismatch in verify_data");
return -1;
}
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 751a268..e1e4df8 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1776,7 +1776,7 @@ skip_digest_oid:
}
if (hdr.length != hash_len ||
- os_memcmp(hdr.payload, hash, hdr.length) != 0) {
+ os_memcmp_const(hdr.payload, hash, hdr.length) != 0) {
wpa_printf(MSG_INFO, "X509: Certificate Digest does not match "
"with calculated tbsCertificate hash");
os_free(data);