diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2014-07-02 10:32:10 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2014-07-02 10:32:10 -0700 |
| commit | c28170251eb54dbf64a9074a07fee377587425b2 (patch) | |
| tree | ebbb5127648c86a789a927e5ef3e47acde4bddad /src/tls | |
| parent | d30ac604c9f6da71a0dd7f46d25be05a2a62cfbb (diff) | |
| download | android_external_wpa_supplicant_8-c28170251eb54dbf64a9074a07fee377587425b2.tar.gz android_external_wpa_supplicant_8-c28170251eb54dbf64a9074a07fee377587425b2.tar.bz2 android_external_wpa_supplicant_8-c28170251eb54dbf64a9074a07fee377587425b2.zip | |
Cumulative patch from commit e376290c667e970d751acc916e0efe2ed16292ed
e376290 HS 2.0R2: Add update_identifier field to network
5bc2857 Fix some sparse warnings about u16 vs. le16
42619d6 Fix CTRL-EVENT-REGDOM-CHANGE event init= value
a520bf4 Mark function static
0cb79d3 dbus: Fix indentation level to match code logic
8f03ac9 Mark functions static
6891f0e Allow SCAN command to specify scan_ssid=1 SSIDs
18389ab WPS: Clear keys/PINs explicitly
b7175b4 Clear hostapd configuration keys explicitly
d1ecca6 HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly
0a13e06 EAP server: Clear keying material on deinit
f534ee0 EAP peer: Clear keying material on deinit
19c48da Clear wpa_supplicant configuration keys explicitly
28bfa29 EAP-AKA: Remove unnecessary dead increment
62493df EAP-GPSK: Avoid dead increment by checking pos pointer
164a453 FT: Debug print extra response data
70bfc77 PCSC: Debug print extra response data
5dbbf36 Interworking: Remove unnecessary dead increment
a1e46f3 Check for no key_mgmt/proto/auth_alg entries in config writer
290ea6a Remove unnecessary tracking of first entry
d3fa2bb WFD: Explicit limit for subelement length (CID 68127)
745ef18 HS 2.0: Verify assoc_req_ie buffer size for indication elements
0233dca SAE: Use os_memcmp_const() for hash/password comparisons
34ef46c WEP shared key: Use os_memcmp_const() for hash/password comparisons
3e4b77c EAP-GTC: Use os_memcmp_const() for hash/password comparisons
a6eae3f EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons
30411b3 EAP-TTLS: Use os_memcmp_const() for hash/password comparisons
a564d9c EAP-MD5: Use os_memcmp_const() for hash/password comparisons
4685482 EAP-PSK: Use os_memcmp_const() for hash/password comparisons
cba0f86 EAP-PEAP: Use os_memcmp_const() for hash/password comparisons
7b1e745 EAP-LEAP: Use os_memcmp_const() for hash/password comparisons
8f92826 EAP-GPSK: Use os_memcmp_const() for hash/password comparisons
e1550d4 EAP-PAX: Use os_memcmp_const() for hash/password comparisons
c434503 EAP-FAST: Use os_memcmp_const() for hash/password comparisons
dddf7bb EAP-EKE: Use os_memcmp_const() for hash/password comparisons
dfb5608 EAP-SAKE: Use os_memcmp_const() for hash/password comparisons
05c79d6 EAP-SIM/AKA: Use os_memcmp_const() for hash/password comparisons
675ddad EAP-IKEv2: Use os_memcmp_const() for hash/password comparisons
2049a3c TLS: Use os_memcmp_const() for hash/password comparisons
a79aea5 Milenage: Use os_memcmp_const() for hash/password comparisons
05f916e AES-GCM: Use os_memcmp_const() for hash/password comparisons
87a5c93 AES-CCM: Use os_memcmp_const() for hash/password comparisons
7c24f53 EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons
870834a RSN authenticator: Use os_memcmp_const() for hash/password comparisons
0d15b69 RSN supplicant: Use os_memcmp_const() for hash/password comparisons
72619ce MACsec: Use os_memcmp_const() for hash/password comparisons
c237195 RADIUS: Use os_memcmp_const() for hash/password comparisons
ce9c9bc WPS: Use os_memcmp_const() for hash/password comparisons
afc3c8b Add constant time memory comparison function os_memcmp_const
ee352f1 EAP-pwd: Add explicit total length limit
b2b8a4c EAP-SIM/AKA: Pass EAP type as argument to eap_sim_msg_finish()
f107d00 PeerKey: Clean up EAPOL-Key Key Data processing
010fc5f dbus: Clean up array-array-type property getter
Change-Id: I1dbe483be2678a7468e6955d70ea261f8e53b26d
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/pkcs1.c | 2 | ||||
| -rw-r--r-- | src/tls/tlsv1_client_read.c | 2 | ||||
| -rw-r--r-- | src/tls/tlsv1_common.c | 3 | ||||
| -rw-r--r-- | src/tls/tlsv1_record.c | 2 | ||||
| -rw-r--r-- | src/tls/tlsv1_server_read.c | 2 | ||||
| -rw-r--r-- | src/tls/x509v3.c | 2 |
6 files changed, 7 insertions, 6 deletions
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c index 381b7a03..141ac50d 100644 --- a/src/tls/pkcs1.c +++ b/src/tls/pkcs1.c @@ -298,7 +298,7 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, hdr.payload, hdr.length); if (hdr.length != hash_len || - os_memcmp(hdr.payload, hash, hdr.length) != 0) { + os_memcmp_const(hdr.payload, hash, hdr.length) != 0) { wpa_printf(MSG_INFO, "PKCS #1: Digest value does not match calculated hash"); os_free(decrypted); return -1; diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c index f78921d9..4f08e0f9 100644 --- a/src/tls/tlsv1_client_read.c +++ b/src/tls/tlsv1_client_read.c @@ -962,7 +962,7 @@ static int tls_process_server_finished(struct tlsv1_client *conn, u8 ct, wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (server)", verify_data, TLS_VERIFY_DATA_LEN); - if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) { + if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) { wpa_printf(MSG_INFO, "TLSv1: Mismatch in verify_data"); tls_alert(conn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DECRYPT_ERROR); diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c index 8a4645bf..ced28cff 100644 --- a/src/tls/tlsv1_common.c +++ b/src/tls/tlsv1_common.c @@ -481,7 +481,8 @@ int tls_verify_signature(u16 tls_version, struct crypto_public_key *pk, } #endif /* CONFIG_TLSV12 */ - if (buflen != data_len || os_memcmp(decrypted, data, data_len) != 0) { + if (buflen != data_len || + os_memcmp_const(decrypted, data, data_len) != 0) { wpa_printf(MSG_DEBUG, "TLSv1: Invalid Signature in CertificateVerify - did not match calculated hash"); os_free(buf); *alert = TLS_ALERT_DECRYPT_ERROR; diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c index 3bec3be3..0c6897a8 100644 --- a/src/tls/tlsv1_record.c +++ b/src/tls/tlsv1_record.c @@ -456,7 +456,7 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, return -1; } if (hlen != rl->hash_size || - os_memcmp(hash, out_data + plen, hlen) != 0 || + os_memcmp_const(hash, out_data + plen, hlen) != 0 || force_mac_error) { wpa_printf(MSG_DEBUG, "TLSv1: Invalid HMAC value in " "received message (force_mac_error=%d)", diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c index c34545ed..728e1372 100644 --- a/src/tls/tlsv1_server_read.c +++ b/src/tls/tlsv1_server_read.c @@ -1135,7 +1135,7 @@ static int tls_process_client_finished(struct tlsv1_server *conn, u8 ct, wpa_hexdump_key(MSG_DEBUG, "TLSv1: verify_data (client)", verify_data, TLS_VERIFY_DATA_LEN); - if (os_memcmp(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) { + if (os_memcmp_const(pos, verify_data, TLS_VERIFY_DATA_LEN) != 0) { tlsv1_server_log(conn, "Mismatch in verify_data"); return -1; } diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c index 751a268e..e1e4df8d 100644 --- a/src/tls/x509v3.c +++ b/src/tls/x509v3.c @@ -1776,7 +1776,7 @@ skip_digest_oid: } if (hdr.length != hash_len || - os_memcmp(hdr.payload, hash, hdr.length) != 0) { + os_memcmp_const(hdr.payload, hash, hdr.length) != 0) { wpa_printf(MSG_INFO, "X509: Certificate Digest does not match " "with calculated tbsCertificate hash"); os_free(data); |