Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be919672 authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz Committed by Greg Kroah-Hartman
Browse files

Bluetooth: hci_event: Fix using memcmp when comparing keys 



commit b541260615f601ae1b5d6d0cc54e790de706303b upstream.

memcmp is not consider safe to use with cryptographic secrets:

 'Do  not  use memcmp() to compare security critical data, such as
 cryptographic secrets, because the required CPU time depends on the
 number of equal bytes.'

While usage of memcmp for ZERO_KEY may not be considered a security
critical data, it can lead to more usage of memcmp with pairing keys
which could introduce more security problems.

Fixes: 455c2ff0 ("Bluetooth: Fix BR/EDR out-of-band pairing with only initiator data")
Fixes: 33155c4aae52 ("Bluetooth: hci_event: Ignore NULL link key")
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent c3830fca

net/bluetooth/hci_event.c

+7 −5
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ 
/* Bluetooth HCI event handling. */



#include <asm/unaligned.h>

#include <linux/crypto.h>

#include <crypto/algapi.h>



#include <net/bluetooth/bluetooth.h>

#include <net/bluetooth/hci_core.h>
@@ -3505,7 +3507,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) 
		goto unlock;



	/* Ignore NULL link key against CVE-2020-26555 */

	if (!memcmp(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) {

	if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) {

		bt_dev_dbg(hdev, "Ignore NULL link key (ZERO KEY) for %pMR",

			   &ev->bdaddr);

		hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
@@ -3991,8 +3993,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) 
		 * available, then do not declare that OOB data is

		 * present.

		 */

		if (!memcmp(data->rand256, ZERO_KEY, 16) ||

		    !memcmp(data->hash256, ZERO_KEY, 16))

		if (!crypto_memneq(data->rand256, ZERO_KEY, 16) ||

		    !crypto_memneq(data->hash256, ZERO_KEY, 16))

			return 0x00;



		return 0x02;
@@ -4002,8 +4004,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) 
	 * not supported by the hardware, then check that if

	 * P-192 data values are present.

	 */

	if (!memcmp(data->rand192, ZERO_KEY, 16) ||

	    !memcmp(data->hash192, ZERO_KEY, 16))

	if (!crypto_memneq(data->rand192, ZERO_KEY, 16) ||

	    !crypto_memneq(data->hash192, ZERO_KEY, 16))

		return 0x00;



	return 0x01;