91f48261e7
[ Upstream commit b541260615f601ae1b5d6d0cc54e790de706303b ]
memcmp is not consider safe to use with cryptographic secrets:
'Do not use memcmp() to compare security critical data, such as
cryptographic secrets, because the required CPU time depends on the
number of equal bytes.'
While usage of memcmp for ZERO_KEY may not be considered a security
critical data, it can lead to more usage of memcmp with pairing keys
which could introduce more security problems.
Fixes:
|
||
---|---|---|
.. | ||
bnep | ||
cmtp | ||
hidp | ||
rfcomm | ||
6lowpan.c | ||
a2mp.c | ||
a2mp.h | ||
af_bluetooth.c | ||
amp.c | ||
amp.h | ||
ecdh_helper.c | ||
ecdh_helper.h | ||
hci_conn.c | ||
hci_core.c | ||
hci_debugfs.c | ||
hci_debugfs.h | ||
hci_event.c | ||
hci_request.c | ||
hci_request.h | ||
hci_sock.c | ||
hci_sysfs.c | ||
Kconfig | ||
l2cap_core.c | ||
l2cap_sock.c | ||
leds.c | ||
leds.h | ||
lib.c | ||
Makefile | ||
mgmt.c | ||
mgmt_util.c | ||
mgmt_util.h | ||
sco.c | ||
selftest.c | ||
selftest.h | ||
smp.c | ||
smp.h |