Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit fb76b30e authored by Brian Delwiche's avatar Brian Delwiche Committed by Android Build Coastguard Worker
Browse files

Fix timing attack in BTM_BleVerifySignature 

BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
to be deduced through a side-channel attack.

Change to CRYPTO_memcmp, which is hardened against this attack, to
eliminate this attack.

Bug: 274478807
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from commit 7a960ac1)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d011f54d04e7ff732d4dc467079574b4e1c7b72d)
Merged-In: Iddeff055d9064f51a1e0cfb851d8b74135a714c2
Change-Id: Iddeff055d9064f51a1e0cfb851d8b74135a714c2
parent 423c0285
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment