projects
/
mech_eap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
870834a
)
EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons
author
Jouni Malinen
<j@w1.fi>
Sun, 29 Jun 2014 17:16:10 +0000
(20:16 +0300)
committer
Jouni Malinen
<j@w1.fi>
Wed, 2 Jul 2014 09:38:47 +0000
(12:38 +0300)
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
src/eapol_supp/eapol_supp_sm.c
patch
|
blob
|
history
diff --git
a/src/eapol_supp/eapol_supp_sm.c
b/src/eapol_supp/eapol_supp_sm.c
index
e00dea3
..
cf3506d
100644
(file)
--- a/
src/eapol_supp/eapol_supp_sm.c
+++ b/
src/eapol_supp/eapol_supp_sm.c
@@
-719,8
+719,8
@@
static void eapol_sm_processKey(struct eapol_sm *sm)
hmac_md5(keydata.sign_key, sign_key_len,
sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length),
key->key_signature);
- if (os_memcmp(orig_key_sign, key->key_signature,
- IEEE8021X_KEY_SIGN_LEN) != 0) {
+ if (os_memcmp
_const
(orig_key_sign, key->key_signature,
+
IEEE8021X_KEY_SIGN_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in "
"EAPOL-Key packet");
os_memcpy(key->key_signature, orig_key_sign,