Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

MACsec: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
c2371953f8
commit
72619ce61b
1 changed files with 3 additions and 2 deletions
Split View Show Diff Stats
  1. 3 2
      src/pae/ieee802_1x_kay.c

+ 3 - 2
src/pae/ieee802_1x_kay.c
View File 

@@ -2942,8 +2942,9 @@ static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
 
 						 mka_msg_len);
 
 
 	if (msg_icv) {
 
-		if (os_memcmp(msg_icv, icv,
 
-			      mka_alg_tbl[kay->mka_algindex].icv_len) != 0) {
 
+		if (os_memcmp_const(msg_icv, icv,
 
+				    mka_alg_tbl[kay->mka_algindex].icv_len) !=
 
+		    0) {
 
 			wpa_printf(MSG_ERROR,
 
 				   "KaY: Computed ICV is not equal to Received ICV");
 
 		return -1;