SAE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
34ef46ce54
commit
0233dcac5b
2 changed files with 2 additions and 2 deletions
|
@ -403,7 +403,7 @@ static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
|
|||
return -1;
|
||||
if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
|
||||
addr, ETH_ALEN, mac) < 0 ||
|
||||
os_memcmp(token, mac, SHA256_MAC_LEN) != 0)
|
||||
os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue