summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2021-03-05 10:08:04 +0100
committerSascha Hauer <s.hauer@pengutronix.de>2021-07-30 19:50:36 +0200
commita3337563c705bc8e0cf32f910b3e9e3c43d962ff (patch)
tree25ebe5505b0f2f861418b561c132fd24ed911451
parent0a9f9a7410681e55362f8311537ebc7be9ad0fbe (diff)
downloadbarebox-a3337563c705bc8e0cf32f910b3e9e3c43d962ff.tar.gz
barebox-a3337563c705bc8e0cf32f910b3e9e3c43d962ff.tar.xz
password: Use crypto_memneq() to compare hashes
Cryptographic verifications should be time-constant so that an attacker cannot get information about the secrets used by observing the system, so use crypto_memneq() rather than memcmp() to compare password hashes. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
-rw-r--r--common/password.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/common/password.c b/common/password.c
index 3f05b81c0c..aea7c7ff5d 100644
--- a/common/password.c
+++ b/common/password.c
@@ -18,6 +18,7 @@
#include <init.h>
#include <stdlib.h>
#include <globalvar.h>
+#include <crypto.h>
#include <generated/passwd.h>
#include <crypto/pbkdf2.h>
@@ -311,7 +312,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
if (ret)
goto err;
- if (strncmp(passwd1_sum, key, keylen) == 0)
+ if (!crypto_memneq(passwd1_sum, key, keylen))
ret = 1;
} else {
ret = digest_digest(d, passwd, length, passwd1_sum);
@@ -319,7 +320,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
if (ret)
goto err;
- if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0)
+ if (!crypto_memneq(passwd1_sum, passwd2_sum, hash_len))
ret = 1;
}