projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dddf7bb)
EAP-FAST: Use os_memcmp_const() for hash/password comparisons
authorJouni Malinen <j@w1.fi>
Sun, 29 Jun 2014 17:21:03 +0000 (20:21 +0300)
committerJouni Malinen <j@w1.fi>
Wed, 2 Jul 2014 09:38:47 +0000 (12:38 +0300)
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_peer/eap_fast.c patch | blob | history
src/eap_server/eap_server_fast.c patch | blob | history

diff --git a/src/eap_peer/eap_fast.c b/src/eap_peer/eap_fast.c
index b3f6a52..127a0d9 100644 (file)
--- a/src/eap_peer/eap_fast.c
+++ b/src/eap_peer/eap_fast.c
@@ -767,7 +767,7 @@ static struct wpabuf * eap_fast_process_crypto_binding(
                    "MAC calculation", (u8 *) _bind, bind_len);
        hmac_sha1(cmk, EAP_FAST_CMK_LEN, (u8 *) _bind, bind_len,
                  _bind->compound_mac);
-       res = os_memcmp(cmac, _bind->compound_mac, sizeof(cmac));
+       res = os_memcmp_const(cmac, _bind->compound_mac, sizeof(cmac));
        wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Received Compound MAC",
                    cmac, sizeof(cmac));
        wpa_hexdump(MSG_MSGDUMP, "EAP-FAST: Calculated Compound MAC",
diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c
index 44a443a..06dcf74 100644 (file)
--- a/src/eap_server/eap_server_fast.c
+++ b/src/eap_server/eap_server_fast.c
@@ -1198,7 +1198,7 @@ static int eap_fast_validate_crypto_binding(
                return -1;
        }
 
-       if (os_memcmp(data->crypto_binding_nonce, b->nonce, 31) != 0 ||
+       if (os_memcmp_const(data->crypto_binding_nonce, b->nonce, 31) != 0 ||
            (data->crypto_binding_nonce[31] | 1) != b->nonce[31]) {
                wpa_printf(MSG_DEBUG, "EAP-FAST: Invalid nonce in "
                           "Crypto-Binding");
@@ -1212,7 +1212,7 @@ static int eap_fast_validate_crypto_binding(
                    (u8 *) b, bind_len);
        hmac_sha1(data->cmk, EAP_FAST_CMK_LEN, (u8 *) b, bind_len,
                  b->compound_mac);
-       if (os_memcmp(cmac, b->compound_mac, sizeof(cmac)) != 0) {
+       if (os_memcmp_const(cmac, b->compound_mac, sizeof(cmac)) != 0) {
                wpa_hexdump(MSG_MSGDUMP,
                            "EAP-FAST: Calculated Compound MAC",
                            b->compound_mac, sizeof(cmac));
Moonshot GSS-API mechanism