mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Bluetooth: hci_event: Fix using memcmp when comparing keys 

[ Upstream commit b541260615 ]

memcmp is not consider safe to use with cryptographic secrets:

 'Do  not  use memcmp() to compare security critical data, such as
 cryptographic secrets, because the required CPU time depends on the
 number of equal bytes.'

While usage of memcmp for ZERO_KEY may not be considered a security
critical data, it can lead to more usage of memcmp with pairing keys
which could introduce more security problems.

Fixes: 455c2ff0a5 ("Bluetooth: Fix BR/EDR out-of-band pairing with only initiator data")
Fixes: 33155c4aae ("Bluetooth: hci_event: Ignore NULL link key")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Luiz Augusto von Dentz 2023-10-05 13:59:59 -07:00 committed by Greg Kroah-Hartman
parent 758610516f
commit a1a9e57037
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/bluetooth/hci_event.c
View File

@ -25,6 +25,8 @@
/* Bluetooth HCI event handling. */
#include <asm/unaligned.h>
#include <linux/crypto.h>
#include <crypto/algapi.h>
#include <net/bluetooth/bluetooth.h>
#include <net/bluetooth/hci_core.h>
@ -4697,7 +4699,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, void *data,
goto unlock;
/* Ignore NULL link key against CVE-2020-26555 */
if (!memcmp(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) {
if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) {
bt_dev_dbg(hdev, "Ignore NULL link key (ZERO KEY) for %pMR",
&ev->bdaddr);
hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
@ -5240,8 +5242,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn)
* available, then do not declare that OOB data is
* present.
*/
if (!memcmp(data->rand256, ZERO_KEY, 16) ||
!memcmp(data->hash256, ZERO_KEY, 16))
if (!crypto_memneq(data->rand256, ZERO_KEY, 16) ||
!crypto_memneq(data->hash256, ZERO_KEY, 16))
return 0x00;
return 0x02;
@ -5251,8 +5253,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn)
* not supported by the hardware, then check that if
* P-192 data values are present.
*/
if (!memcmp(data->rand192, ZERO_KEY, 16) ||
!memcmp(data->hash192, ZERO_KEY, 16))
if (!crypto_memneq(data->rand192, ZERO_KEY, 16) ||
!crypto_memneq(data->hash192, ZERO_KEY, 16))
return 0x00;
return 0x01;