Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons

This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
30411b351c
commit
a6eae3f7a1
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 2 2
      src/eap_peer/mschapv2.c
  2. 1 1
      src/eap_server/eap_server_mschapv2.c

+ 2 - 2
src/eap_peer/mschapv2.c
View File 

@@ -117,8 +117,8 @@ int mschapv2_verify_auth_response(const u8 *auth_response,
 
 	    buf[0] != 'S' || buf[1] != '=' ||
 
 	    hexstr2bin((char *) (buf + 2), recv_response,
 
 		       MSCHAPV2_AUTH_RESPONSE_LEN) ||
 
-	    os_memcmp(auth_response, recv_response,
 
-		      MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
 
+	    os_memcmp_const(auth_response, recv_response,
 
+			    MSCHAPV2_AUTH_RESPONSE_LEN) != 0)
 
 		return -1;
 
 	return 0;
 
 }

+ 1 - 1
src/eap_server/eap_server_mschapv2.c
View File 

@@ -393,7 +393,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 
 		return;
 
 	}
 
 
-	if (os_memcmp(nt_response, expected, 24) == 0) {
 
+	if (os_memcmp_const(nt_response, expected, 24) == 0) {
 
 		const u8 *pw_hash;
 
 		u8 pw_hash_buf[16], pw_hash_hash[16];