Fix timing attack in BTM_BleVerifySignature
BTM_BleVerifySignature uses a stock memcmp, allowing signature contents to be deduced through a side-channel attack. Change to CRYPTO_memcmp, which is hardened against this attack, to eliminate this attack. Bug: 274478807 Test: atest bluetooth_test_gd_unit Tag: #security Ignore-AOSP-First: Security Merged-In: I7f5646b683209bc6a6fbce8d4702ec311adc9cfc Change-Id: Iddeff055d9064f51a1e0cfb851d8b74135a714c2
Loading