From a3337563c705bc8e0cf32f910b3e9e3c43d962ff Mon Sep 17 00:00:00 2001
From: Sascha Hauer <s.hauer@pengutronix.de>
Date: Fri, 5 Mar 2021 10:08:04 +0100
Subject: password: Use crypto_memneq() to compare hashes

Cryptographic verifications should be time-constant so that an attacker
cannot get information about the secrets used by observing the system,
so use crypto_memneq() rather than memcmp() to compare password hashes.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 common/password.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'common')

diff --git a/common/password.c b/common/password.c
index 3f05b81c0c..aea7c7ff5d 100644
--- a/common/password.c
+++ b/common/password.c
@@ -18,6 +18,7 @@
 #include <init.h>
 #include <stdlib.h>
 #include <globalvar.h>
+#include <crypto.h>
 #include <generated/passwd.h>
 #include <crypto/pbkdf2.h>
 
@@ -311,7 +312,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
 		if (ret)
 			goto err;
 
-		if (strncmp(passwd1_sum, key, keylen) == 0)
+		if (!crypto_memneq(passwd1_sum, key, keylen))
 			ret = 1;
 	} else {
 		ret = digest_digest(d, passwd, length, passwd1_sum);
@@ -319,7 +320,7 @@ static int check_passwd(unsigned char *passwd, size_t length)
 		if (ret)
 			goto err;
 
-		if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0)
+		if (!crypto_memneq(passwd1_sum, passwd2_sum, hash_len))
 			ret = 1;
 	}
 
-- 
cgit v1.2.3