aboutsummaryrefslogtreecommitdiffstats
path: root/main/wpa_supplicant/0016-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch
blob: 073f1e3ce10cdc4581529578a7f4f8465793e62e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
From e43f08991f00820c1f711ca254021d5f83b5cd7d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 25 Apr 2019 18:52:34 +0300
Subject: [PATCH 1/6] SAE: Use const_time_memcmp() for pwd_value >= prime
 comparison

This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
(cherry picked from commit 8e14b030e558d23f65d761895c07089404e61cf1)
---
 src/common/sae.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/sae.c b/src/common/sae.c
index 5a50294a6..0d56e5505 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
 			pwd_value, sae->tmp->prime_len);
 
-	if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
+	if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
 		return 0;
 
 	x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
-- 
2.20.1