Snippets Groups Projects

Commit 7a960ac1 authored 1 year ago by Brian Delwiche

Fix timing attack in BTM_BleVerifySignature

BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
to be deduced through a side-channel attack.

Change to CRYPTO_memcmp, which is hardened against this attack, to
eliminate this attack.

Bug: 274478807
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
Merged-In: I7f5646b683209bc6a6fbce8d4702ec311adc9cfc
Change-Id: Iddeff055d9064f51a1e0cfb851d8b74135a714c2

parent c2166e96

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 4 additions and 3 deletions

LMO GerritBot @lmo-gerritbot
mentioned in commit fb76b30e
· 5 months ago

mentioned in commit fb76b30e

mentioned in commit fb76b30e021090d71d7c0e6a57c1ca3acdb9e2d4

Toggle commit list

Please register or to comment