RADIUS: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/radius/radius.c b/src/radius/radius.c
index e34d08b352ea8e897828d7ed85ab12575fa7a55a..f2d8e96fe70b123343db219a805b0050ea0c631c 100644 (file)
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -508,7 +508,7 @@ int radius_msg_verify_acct_req(struct radius_msg *msg, const u8 *secret,
        addr[3] = secret;
        len[3] = secret_len;
        md5_vector(4, addr, len, hash);
-       return os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
+       return os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
 }
 
 
@@ -535,7 +535,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
        addr[3] = secret;
        len[3] = secret_len;
        md5_vector(4, addr, len, hash);
-       if (os_memcmp(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
+       if (os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
                return 1;
 
        for (i = 0; i < msg->attr_used; i++) {
@@ -568,7 +568,7 @@ int radius_msg_verify_das_req(struct radius_msg *msg, const u8 *secret,
        os_memcpy(msg->hdr->authenticator, orig_authenticator,
                  sizeof(orig_authenticator));
 
-       return os_memcmp(orig, auth, MD5_MAC_LEN) != 0;
+       return os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0;
 }
 
 
@@ -801,7 +801,7 @@ int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret,
                          sizeof(orig_authenticator));
        }
 
-       if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) {
+       if (os_memcmp_const(orig, auth, MD5_MAC_LEN) != 0) {
                wpa_printf(MSG_INFO, "Invalid Message-Authenticator!");
                return 1;
        }
@@ -838,7 +838,7 @@ int radius_msg_verify(struct radius_msg *msg, const u8 *secret,
        addr[3] = secret;
        len[3] = secret_len;
        md5_vector(4, addr, len, hash);
-       if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
+       if (os_memcmp_const(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) {
                wpa_printf(MSG_INFO, "Response Authenticator invalid!");
                return 1;
        }

diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index c35ba557a1fc3158b58b148d7ad86906b0bf188d..00ad6af6f81d2b8b49ab40be7c88f9190918f3a3 100644 (file)
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -864,7 +864,7 @@ radius_server_macacl(struct radius_server_data *data,
                        os_free(tmp.password);
 
                        if (res < 0 || pw_len != (size_t) res ||
-                           os_memcmp(pw, buf, res) != 0) {
+                           os_memcmp_const(pw, buf, res) != 0) {
                                RADIUS_DEBUG("Incorrect User-Password");
                                code = RADIUS_CODE_ACCESS_REJECT;
                        }