From patchwork Thu Oct 5 21:23:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 13410790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 987D3E92FC0 for ; Thu, 5 Oct 2023 21:23:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230140AbjJEVX2 (ORCPT ); Thu, 5 Oct 2023 17:23:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229750AbjJEVX1 (ORCPT ); Thu, 5 Oct 2023 17:23:27 -0400 Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B13A495 for ; Thu, 5 Oct 2023 14:23:26 -0700 (PDT) Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-6969b391791so1170805b3a.3 for ; Thu, 05 Oct 2023 14:23:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696541005; x=1697145805; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=DDhpUIqvl1ORkTIiMf5KpxmE5DtBrjSETYkFCLhSs/U=; b=Ooqcjk2MWgi84wJQPiAcjhCANO7BZ3icVSOHezBR8ZBdXQ1nOYr+97GnlYM5rl6XgZ z8cZnG5gK9+Hgz46QB0JJ0evFqpA1TSNPpPJM3SINAgE5uOUcwclVs6OLpUjeNfnVVKZ KhhxWD166Rom08yUY5rpN4ADsYDgaYCBTU2OivXkfEflZURvfciyYSOOY7paOEIYZ5ZU EsTNVMeBUQul+MPicCPglteqSkZJYkZM+oK2bahYuoGilVXwqN8k7lnIy+FMgzjU4FWV pSIMD4+xwXiK3jNP2dxQqRPX6qz0XIpC+oPHps+ZxleJlTiOXCSQKKxTj1iimjvf1YOG RGTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696541005; x=1697145805; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DDhpUIqvl1ORkTIiMf5KpxmE5DtBrjSETYkFCLhSs/U=; b=PKwL1hjtOruOPfYIkRhOp3QHOvpPCq4bcD9+C4zR1bxircYx02I2sZd+33JvGPdTeE IM3fIt1qbeqT5Amv7CJFTkSaQ0GsEvPa0DOeRkWAajj5PahCadlwkjDCgarUTJPw9tbP T93gcKXtEtlcRBnY6N6TwZyaD0WRK0Jr4HRnfPEY32fRYhoTDp7DUqM0WeXTcwgR87Dk E8ZbmX5s0GDEaqi0v4KY7pEbeQVJB1RDZXHJezyUWOKeqAEAsaaHzo6MsQ4j9mi6V0rG B4zHxngWA9JxzxgPr7ZCFsIzN2+MHxEy/OC+NhYgTnEJuoJUpWKcLnQE76wtVBEKW192 JQOg== X-Gm-Message-State: AOJu0YwykeDDdBS3tlhZQkT/MnCh0QDTmns7G73pzJXa9J5dVaH9/Snc axic6LLsz/LPlJH4E8pHtuQ1K662m0K+i+lS X-Google-Smtp-Source: AGHT+IFg/VMNlQbXAFrgHsDWbbo22W2NOkHKXDeqKWc8wwtdiRZBi4mhiCcU/y7LbZEoR4tTiQcNfA== X-Received: by 2002:a05:6a21:3293:b0:16b:89c2:8c0e with SMTP id yt19-20020a056a21329300b0016b89c28c0emr174759pzb.61.1696541005237; Thu, 05 Oct 2023 14:23:25 -0700 (PDT) Received: from lvondent-mobl4.. (c-98-232-221-87.hsd1.or.comcast.net. [98.232.221.87]) by smtp.gmail.com with ESMTPSA id u10-20020a170902b28a00b001c60a2b5c61sm2208410plr.134.2023.10.05.14.23.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 14:23:24 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH 1/2] Bluetooth: hci_event: Fix using memcmp when comparing keys Date: Thu, 5 Oct 2023 14:23:21 -0700 Message-ID: <20231005212322.3886919-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz memcmp is not consider safe to use with cryptographic secrets: 'Do not use memcmp() to compare security critical data, such as cryptographic secrets, because the required CPU time depends on the number of equal bytes.' While usage of memcmp for ZERO_KEY may not be considered a security critical data, it can lead to more usage of memcmp with pairing keys which could introduce more security problems. Fixes: fe7a9da4fa54 ("Bluetooth: hci_event: Ignore NULL link key") Signed-off-by: Luiz Augusto von Dentz --- net/bluetooth/hci_event.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 43ed691d0d90..d9c1bfb3082f 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -26,6 +26,8 @@ /* Bluetooth HCI event handling. */ #include +#include +#include #include #include @@ -4754,7 +4756,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, void *data, goto unlock; /* Ignore NULL link key against CVE-2020-26555 */ - if (!memcmp(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) { + if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) { bt_dev_dbg(hdev, "Ignore NULL link key (ZERO KEY) for %pMR", &ev->bdaddr); hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); @@ -5294,8 +5296,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) * available, then do not declare that OOB data is * present. */ - if (!memcmp(data->rand256, ZERO_KEY, 16) || - !memcmp(data->hash256, ZERO_KEY, 16)) + if (!crypto_memneq(data->rand256, ZERO_KEY, 16) || + !crypto_memneq(data->hash256, ZERO_KEY, 16)) return 0x00; return 0x02; @@ -5305,8 +5307,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) * not supported by the hardware, then check that if * P-192 data values are present. */ - if (!memcmp(data->rand192, ZERO_KEY, 16) || - !memcmp(data->hash192, ZERO_KEY, 16)) + if (!crypto_memneq(data->rand192, ZERO_KEY, 16) || + !crypto_memneq(data->hash192, ZERO_KEY, 16)) return 0x00; return 0x01; From patchwork Thu Oct 5 21:23:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luiz Augusto von Dentz X-Patchwork-Id: 13410791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25946E92FC7 for ; Thu, 5 Oct 2023 21:23:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230317AbjJEVXb (ORCPT ); Thu, 5 Oct 2023 17:23:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229750AbjJEVXa (ORCPT ); Thu, 5 Oct 2023 17:23:30 -0400 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 402F695 for ; Thu, 5 Oct 2023 14:23:28 -0700 (PDT) Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1c60778a3bfso11814015ad.1 for ; Thu, 05 Oct 2023 14:23:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696541007; x=1697145807; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=guEk/PtnU3eOvEo45bHj6P9ZfTmRkhDnclmkZXMQzf4=; b=XLIPX47pew1GTp7ciscUCWgalsK7nxVvkZ8COzjhEAX+9ERyTB76s5V/hBj4AcYKBe lRh0dVgJxNatU8AeGI99qCoXAAAuH9LvmVtrCFbbzXgNKNoz7DWS5ftcxsIE6XlFlqjv htTEwWeBiUXWP+r0uNOrPlhdUhuMLxHSf3vjKGDGw2cQkF15cav4TGH11w7YhQi/uvKT GYeCSUDWawJtRJhU+yEQBBlomPBd4coFErzWvIEx50tKFjClGeGlWpd26tKn/6U//dS8 Cd9BS/gAOI5Cqc/4TZDo3Akb4rLUfep9IZcURBAuQyORZN6ETwuirAZevFsu431w0D6+ CaFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696541007; x=1697145807; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=guEk/PtnU3eOvEo45bHj6P9ZfTmRkhDnclmkZXMQzf4=; b=IoMUQDWrY/nFI1JvmyITOuDbxhrDkLihYXIE0I9T3WAd6xkTFV19Zm5bFuCjKAeb26 mlHinQF0IfQtyVgo8gEEjfAJiyOHxy+Sx0hDf/SbbYFGjqNkajZJ5N7NwzNsNXGRNeA2 4JZ43H2AUNQUFblxkm2EjsbOF6n2tyauqW6iBKfPU7o5lN2Tiy/PIrzAEUVh3QTLBDrd wZMwqWi5VlBSGPUqF0vBF9VWK9z2EmFrcX2OMhbOtkgtMqRztpVCDW6r0IA8zYhXj7qr WfMTV4eDnYwP161VlpWtB6QJ3tFFB+cDng5cgVdevjtMEnd8lcO/hCGTwbdUnGNQQWwc t6yQ== X-Gm-Message-State: AOJu0YyOK3jw+mWiY81i2oHpNhp+e6ttM911h+bWAI38I49g4dHAbUcH 0K4X7nE/nkKzPYlXZIo6EAF1afh4RIOcf2rt X-Google-Smtp-Source: AGHT+IEU5o/NZhJr/Yx+G2sdTErSi10Pjls1EXTHlHddy3u+ib8vV5VV0j/G7LCLu/c1bMWa9eEQ7g== X-Received: by 2002:a17:902:b909:b0:1c7:2f33:7ccd with SMTP id bf9-20020a170902b90900b001c72f337ccdmr5904129plb.33.1696541007034; Thu, 05 Oct 2023 14:23:27 -0700 (PDT) Received: from lvondent-mobl4.. (c-98-232-221-87.hsd1.or.comcast.net. [98.232.221.87]) by smtp.gmail.com with ESMTPSA id u10-20020a170902b28a00b001c60a2b5c61sm2208410plr.134.2023.10.05.14.23.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Oct 2023 14:23:25 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH 2/2] Bluetooth: hci_event: Fix coding style Date: Thu, 5 Oct 2023 14:23:22 -0700 Message-ID: <20231005212322.3886919-2-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231005212322.3886919-1-luiz.dentz@gmail.com> References: <20231005212322.3886919-1-luiz.dentz@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz This fixes the following code style problem: ERROR: that open brace { should be on the previous line + if (!bacmp(&hdev->bdaddr, &ev->bdaddr)) + { Fixes: d70e44fef862 ("Bluetooth: Reject connection with the device which has same BD_ADDR") Signed-off-by: Luiz Augusto von Dentz --- net/bluetooth/hci_event.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index d9c1bfb3082f..6f4409b4c364 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3273,8 +3273,7 @@ static void hci_conn_request_evt(struct hci_dev *hdev, void *data, /* Reject incoming connection from device with same BD ADDR against * CVE-2020-26555 */ - if (!bacmp(&hdev->bdaddr, &ev->bdaddr)) - { + if (!bacmp(&hdev->bdaddr, &ev->bdaddr)) { bt_dev_dbg(hdev, "Reject connection with same BD_ADDR %pMR\n", &ev->bdaddr); hci_reject_conn(hdev, &ev->bdaddr);