--- /dev/null
+From 329d82309824ff1082dc4a91a5bbed8c3bec1580 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sat, 10 Jun 2017 04:59:11 +0200
+Subject: Bluetooth: use constant time memory comparison for secret values
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit 329d82309824ff1082dc4a91a5bbed8c3bec1580 upstream.
+
+This file is filled with complex cryptography. Thus, the comparisons of
+MACs and secret keys and curve points and so forth should not add timing
+attacks, which could either result in a direct forgery, or, given the
+complexity, some other type of attack.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/smp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/bluetooth/smp.c
++++ b/net/bluetooth/smp.c
+@@ -22,6 +22,7 @@
+
+ #include <linux/crypto.h>
+ #include <linux/scatterlist.h>
++#include <crypto/algapi.h>
+ #include <crypto/b128ops.h>
+
+ #include <net/bluetooth/bluetooth.h>
+@@ -163,7 +164,7 @@ bool smp_irk_matches(struct hci_dev *hde
+ if (err)
+ return false;
+
+- return !memcmp(bdaddr->b, hash, 3);
++ return !crypto_memneq(bdaddr->b, hash, 3);
+ }
+
+ int smp_generate_rpa(struct hci_dev *hdev, u8 irk[16], bdaddr_t *rpa)
+@@ -584,7 +585,7 @@ static u8 smp_random(struct smp_chan *sm
+ if (ret)
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
++ if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
+ BT_ERR("Pairing failed (confirmation values mismatch)");
+ return SMP_CONFIRM_FAILED;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
