CVS commit: src/external/bsd/wpa/dist/src/common

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/external/bsd/wpa/dist/src/common
From: "Christos Zoulas" <christos%netbsd.org@localhost>
Date: Wed, 10 Apr 2019 13:59:07 -0400

Module Name:    src
Committed By:   christos
Date:           Wed Apr 10 17:59:07 UTC 2019

Modified Files:
        src/external/bsd/wpa/dist/src/common: sae.c

Log Message:
The QR test result can provide information about the password to an
attacker, so try to minimize differences in how the
sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)

Use heap memory for the dummy password to allow the same password length
to be used even with long passwords.

Use constant time selection functions to track the real vs. dummy
variables so that the exact same operations can be performed for both QR
test results.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/sae.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/external/bsd/wpa/dist/src/eap_common
Next by Date: CVS commit: src/external/bsd/wpa/dist/src/common
Previous by Thread: CVS commit: src/external/bsd/wpa/dist/src/eap_common
Next by Thread: CVS commit: src/external/bsd/wpa/dist/src/common
Indexes:

Home | Main Index | Thread Index | Old Index