if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
prot_len - block_size - icv_len, icv) < 0)
return -1;
- if (os_memcmp(icv, prot + prot_len - icv_len, icv_len) != 0) {
+ if (os_memcmp_const(icv, prot + prot_len - icv_len, icv_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: ICV mismatch in Prot() data");
return -1;
}
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
- if (os_memcmp(auth_s, pos + data->sess.pnonce_ps_len,
- data->sess.prf_len) != 0) {
+ if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
+ data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
return eap_eke_build_fail(data, ret, reqData,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth_p, data->sess.prf_len);
- if (os_memcmp(auth_p, payload + data->sess.pnonce_len,
- data->sess.prf_len) != 0) {
+ if (os_memcmp_const(auth_p, payload + data->sess.pnonce_len,
+ data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_P does not match");
eap_eke_fail(data, EAP_EKE_FAIL_AUTHENTICATION_FAIL);
return;