{
return FAILED;
}
- if (!memeq(mac, xmac, AKA_MAC_LEN))
+ if (!memeq_const(mac, xmac, AKA_MAC_LEN))
{
DBG1(DBG_IKE, "received MAC does not match XMAC");
DBG3(DBG_IKE, "MAC %b\nXMAC %b", mac, AKA_MAC_LEN, xmac, AKA_MAC_LEN);
return &this->public;
}
-
{
return FALSE;
}
- if (!memeq(macs, xmacs, AKA_MAC_LEN))
+ if (!memeq_const(macs, xmacs, AKA_MAC_LEN))
{
DBG1(DBG_IKE, "received MACS does not match XMACS");
DBG3(DBG_IKE, "MACS %b XMACS %b",
return &this->public;
}
-
}
response = chunk_create(data.ptr + 6, data.ptr[5]);
if (response.len < expected.len ||
- !memeq(response.ptr, expected.ptr, expected.len))
+ !memeq_const(response.ptr, expected.ptr, expected.len))
{
chunk_free(&expected);
DBG1(DBG_IKE, "EAP-MD5 verification failed");
return &this->public;
}
-
userid->destroy(userid);
chunk_clear(&nt_hash);
- if (memeq(res->response.nt_response, this->nt_response.ptr,
- this->nt_response.len))
+ if (memeq_const(res->response.nt_response, this->nt_response.ptr,
+ this->nt_response.len))
{
chunk_t hex;
char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
return &this->public;
}
-
/* excepting two or three RAND, each 16 bytes. We require two valid
* and different RANDs */
if ((rands.len != 2 * SIM_RAND_LEN && rands.len != 3 * SIM_RAND_LEN) ||
- memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
+ memeq_const(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
{
DBG1(DBG_IKE, "no valid AT_RAND received");
if (!create_client_error(this, SIM_INSUFFICIENT_CHALLENGES, out))
return &this->public;
}
-
c_rand, SIM_RAND_LEN, c_sres, SIM_SRES_LEN, c_kc, SIM_KC_LEN);
if (id->matches(id, cand))
{
- if (memeq(c_rand, rand, SIM_RAND_LEN))
+ if (memeq_const(c_rand, rand, SIM_RAND_LEN))
{
DBG2(DBG_CFG, " => triplet matches");
memcpy(sres, c_sres, SIM_SRES_LEN);
return &this->public;
}
-
/* verify Response-Authenticator */
if (!hasher->get_hash(hasher, msg, NULL) ||
!hasher->get_hash(hasher, secret, buf) ||
- !memeq(buf, res_auth, HASH_SIZE_MD5))
+ !memeq_const(buf, res_auth, HASH_SIZE_MD5))
{
DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed");
return FALSE;
return FALSE;
}
return this->mac->get_mac(this->mac, data, mac) &&
- memeq(signature.ptr, mac, this->truncation);
+ memeq_const(signature.ptr, mac, this->truncation);
}
METHOD(signer_t, get_key_size, size_t,
return &this->public;
}
-
{
return FALSE;
}
- return memeq(signature.ptr, sig, signature.len);
+ return memeq_const(signature.ptr, sig, signature.len);
}
METHOD(signer_t, get_key_size, size_t,
char buf[this->icv_size];
return create_icv(this, plain, assoc, iv, buf) &&
- memeq(buf, icv, this->icv_size);
+ memeq_const(buf, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
char tmp[this->icv_size];
return create_icv(this, assoc, crypt, j, tmp) &&
- memeq(tmp, icv, this->icv_size);
+ memeq_const(tmp, icv, this->icv_size);
}
METHOD(aead_t, encrypt, bool,
" %u bytes", em.len, data.len);
goto end;
}
- success = memeq(em.ptr, data.ptr, data.len);
+ success = memeq_const(em.ptr, data.ptr, data.len);
}
else
{ /* IKEv2 and X.509 certificate signatures */
goto end_parser;
}
hasher->destroy(hasher);
- success = memeq(object.ptr, hash.ptr, hash.len);
+ success = memeq_const(object.ptr, hash.ptr, hash.len);
free(hash.ptr);
break;
}
return &this->public;
}
-