Module Name: src
Committed By: christos
Date: Wed Apr 10 17:59:07 UTC 2019
Modified Files:
src/external/bsd/wpa/dist/src/common: sae.c
Log Message:
The QR test result can provide information about the password to an
attacker, so try to minimize differences in how the
sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)
Use heap memory for the dummy password to allow the same password length
to be used even with long passwords.
Use constant time selection functions to track the real vs. dummy
variables so that the exact same operations can be performed for both QR
test results.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/wpa/dist/src/common/sae.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
