MACsec: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index fb8a8ca9a395104b7515712767960e28d3d8052e..56c195abc2761273da2ef56c814b67176e7e883e 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -2942,8 +2942,9 @@ static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
                                                 mka_msg_len);
 
        if (msg_icv) {
-               if (os_memcmp(msg_icv, icv,
-                             mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
+               if (os_memcmp_const(msg_icv, icv,
+                                   mka_alg_tbl[kay->mka_algindex].icv_len) !=
+                   0) {
                        wpa_printf(MSG_ERROR,
                                   "KaY: Computed ICV is not equal to Received ICV");
                return -1;