This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
return -1;
if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
addr, ETH_ALEN, mac) < 0 ||
- os_memcmp(token, mac, SHA256_MAC_LEN) != 0)
+ os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
return -1;
return 0;
sae->tmp->own_commit_element_ffc,
verifier);
- if (os_memcmp(verifier, data + 2, SHA256_MAC_LEN) != 0) {
+ if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch");
wpa_hexdump(MSG_DEBUG, "SAE: Received confirm",
data + 2, SHA256_MAC_LEN);