DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SIM/AKA: Use os_memcmp_const() for hash/password comparisons

Browse source 
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-29 20:19:19 +03:00
parent 675ddad1c2
commit 05c79d6acd
3 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/eap_server/eap_server_aka.c
View file

@ -336,7 +336,7 @@ static int eap_aka_verify_checkcode(struct eap_aka_data *data,
else
sha1_vector(1, &addr, &len, hash);
if (os_memcmp(hash, checkcode, hash_len) != 0) {
if (os_memcmp_const(hash, checkcode, hash_len) != 0) {
wpa_printf(MSG_DEBUG, "EAP-AKA: Mismatch in AT_CHECKCODE");
return -1;
}
@ -963,7 +963,7 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
*/
if (attr->res == NULL || attr->res_len < data->res_len ||
attr->res_len_bits != data->res_len * 8 ||
os_memcmp(attr->res, data->res, data->res_len) != 0) {
os_memcmp_const(attr->res, data->res, data->res_len) != 0) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not "
"include valid AT_RES (attr len=%lu, res len=%lu "
"bits, expected %lu bits)",