EAP-pwd: Use os_memcmp_const() for hash comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>

diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
index 089aec36d78b44c7137b9309c3691655a9225940..ef80dba35264e1e357ed7fc09042de5e618cc3b1 100644 (file)
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -589,7 +589,7 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
        eap_pwd_h_final(hash, conf);
 
        ptr = (u8 *) payload;
-       if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
+       if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
                wpa_printf(MSG_INFO, "EAP-PWD (peer): confirm did not verify");
                goto fin;
        }

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 38fa0f2015c5cc488cc1028ab0cded4441ac3a00..fc2ae263e3b30107855958764042886463055693 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -835,7 +835,7 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
        eap_pwd_h_final(hash, conf);
 
        ptr = (u8 *) payload;
-       if (os_memcmp(conf, ptr, SHA256_MAC_LEN)) {
+       if (os_memcmp_const(conf, ptr, SHA256_MAC_LEN)) {
                wpa_printf(MSG_INFO, "EAP-PWD (server): confirm did not "
                           "verify");
                goto fin;