[src/trunk]: src/external/bsd/wpa/dist/src/common SAE: Use const_time_memcmp(...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/wpa/dist/src/common SAE: Use const_time_memcmp(...
From: christos <christos%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 20:57:31 +0000

details:   https://anonhg.NetBSD.org/src/rev/b01fa3f65f76
branches:  trunk
changeset: 458733:b01fa3f65f76
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Aug 08 08:55:48 2019 +0000

description:
SAE: Use const_time_memcmp() for pwd_value >= prime comparison

This reduces timing and memory access pattern differences for an
operation that could depend on the used password.

diffstat:

 external/bsd/wpa/dist/src/common/sae.c |  2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r f975eefcd292 -r b01fa3f65f76 external/bsd/wpa/dist/src/common/sae.c
--- a/external/bsd/wpa/dist/src/common/sae.c    Thu Aug 08 06:16:39 2019 +0000
+++ b/external/bsd/wpa/dist/src/common/sae.c    Thu Aug 08 08:55:48 2019 +0000
@@ -294,7 +294,7 @@
        wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
                        pwd_value, sae->tmp->prime_len);
 
-       if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
+       if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
                return 0;
 
        x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);

Prev by Date: [src/trunk]: src/sys/dev Teach urndis to handle some REMOTE_NDIS_INDICATE_STA...
Next by Date: [src/trunk]: src/external/bsd/wpa/dist/src/eap_common EAP-pwd: Use const_time...
Previous by Thread: [src/trunk]: src/sys/dev Teach urndis to handle some REMOTE_NDIS_INDICATE_STA...
Next by Thread: [src/trunk]: src/external/bsd/wpa/dist/src/eap_common EAP-pwd: Use const_time...
Indexes:

Home | Main Index | Thread Index | Old Index