SAE: Use const_time_memcmp() for pwd_value >= prime comparison

This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/sae.c b/src/common/sae.c
index 5a50294a6dc8f68be198082dee31db6d48156869..0d56e5505327b4299b6fdeb4e29f46102980ed0c 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
        wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
                        pwd_value, sae->tmp->prime_len);
 
-       if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
+       if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
                return 0;
 
        x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);