EAP-PEAP: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 8634f754c90b70bc23778ec33011cb0c1e6333b2..7740cf99fff65b1de92deaf8099bff1d0132e64c 100644 (file)
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -423,7 +423,7 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
                    buf, sizeof(buf));
        hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
 
-       if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) {
+       if (os_memcmp_const(mac, pos, SHA1_MAC_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in "
                           "cryptobinding TLV");
                wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Received MAC",

diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c
index defcb3c054e3b0334c70ab7d7e2b9cc7016a43aa..55dee88a4bbf4ced59fff5403185c64ad3b0254f 100644 (file)
--- a/src/eap_server/eap_server_peap.c
+++ b/src/eap_server/eap_server_peap.c
@@ -593,7 +593,7 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm,
        buf[60] = EAP_TYPE_PEAP;
        hmac_sha1(data->cmk, 20, buf, sizeof(buf), mac);
 
-       if (os_memcmp(mac, pos, SHA1_MAC_LEN) != 0) {
+       if (os_memcmp_const(mac, pos, SHA1_MAC_LEN) != 0) {
                wpa_printf(MSG_DEBUG, "EAP-PEAP: Invalid Compound_MAC in "
                           "cryptobinding TLV");
                wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK", data->cmk, 20);