29 lines
1007 B
Diff
29 lines
1007 B
Diff
|
From e43f08991f00820c1f711ca254021d5f83b5cd7d Mon Sep 17 00:00:00 2001
|
||
|
|
From: Jouni Malinen <jouni@codeaurora.org>
|
||
|
|
Date: Thu, 25 Apr 2019 18:52:34 +0300
|
||
|
|
Subject: [PATCH 1/6] SAE: Use const_time_memcmp() for pwd_value >= prime
|
||
|
|
comparison
|
||
|
|
|
||
|
|
This reduces timing and memory access pattern differences for an
|
||
|
|
operation that could depend on the used password.
|
||
|
|
|
||
|
|
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||
|
|
(cherry picked from commit 8e14b030e558d23f65d761895c07089404e61cf1)
|
||
|
|
|
||
|
|
diff --git a/src/common/sae.c b/src/common/sae.c
|
||
|
|
index 72b7954..4741753 100644
|
||
|
|
--- a/src/common/sae.c
|
||
|
|
+++ b/src/common/sae.c
|
||
|
|
@@ -287,7 +287,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
|
||
|
|
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
|
||
|
|
pwd_value, sae->tmp->prime_len);
|
||
|
|
|
||
|
|
- if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
|
||
|
|
+ if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
|
||
|
|
return 0;
|
||
|
|
|
||
|
|
x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
|
||
|
|
--
|
||
|
|
2.23.0
|
||
|
|
|