Module Name: src
Committed By: christos
Date: Thu Aug 8 08:55:48 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
SAE: Use const_time_memcmp() for pwd_value >= prime comparison
This reduces timing and memory access pattern differences for an
operation that could depend on the used password.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/wpa/dist/src/common/sae.c
diff -u src/external/bsd/wpa/dist/src/common/sae.c:1.7 src/external/bsd/wpa/dist/src/common/sae.c:1.8
--- src/external/bsd/wpa/dist/src/common/sae.c:1.7 Wed Apr 10 14:01:08 2019
+++ src/external/bsd/wpa/dist/src/common/sae.c Thu Aug 8 04:55:48 2019
@@ -294,7 +294,7 @@ static int sae_test_pwd_seed_ecc(struct
wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
pwd_value, sae->tmp->prime_len);
- if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
+ if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
return 0;
x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
