EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
30411b351c
commit
a6eae3f7a1
2 changed files with 3 additions and 3 deletions
|
@ -117,8 +117,8 @@ int mschapv2_verify_auth_response(const u8 *auth_response,
|
|||
buf[0] != 'S' || buf[1] != '=' ||
|
||||
hexstr2bin((char *) (buf + 2), recv_response,
|
||||
MSCHAPV2_AUTH_RESPONSE_LEN) ||
|
||||
os_memcmp(auth_response, recv_response,
|
||||
MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
|
||||
os_memcmp_const(auth_response, recv_response,
|
||||
MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -393,7 +393,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
|
|||
return;
|
||||
}
|
||||
|
||||
if (os_memcmp(nt_response, expected, 24) == 0) {
|
||||
if (os_memcmp_const(nt_response, expected, 24) == 0) {
|
||||
const u8 *pw_hash;
|
||||
u8 pw_hash_buf[16], pw_hash_hash[16];
|
||||
|
||||
|
|
Loading…
Reference in a new issue