EAP-GPSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
e1550d4be8
commit
8f92826b15
2 changed files with 3 additions and 3 deletions
|
@ -565,7 +565,7 @@ static const u8 * eap_gpsk_validate_gpsk_3_mic(struct eap_gpsk_data *data,
|
|||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC");
|
||||
return NULL;
|
||||
}
|
||||
if (os_memcmp(mic, pos, miclen) != 0) {
|
||||
if (os_memcmp_const(mic, pos, miclen) != 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-3");
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue