Return-Path: Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [PATCH 5/6] bluetooth/smp: use constant time memory comparison for secret values From: Marcel Holtmann In-Reply-To: <20170610025912.6499-6-Jason@zx2c4.com> Date: Sat, 10 Jun 2017 15:49:28 +0200 Cc: LKML , kernel-hardening@lists.openwall.com, "Gustavo F. Padovan" , Johan Hedberg , linux-bluetooth@vger.kernel.org, stable@vger.kernel.org Message-Id: <85B759DF-F6A8-46C3-89E6-C8AFDEA1E907@holtmann.org> References: <20170610025912.6499-1-Jason@zx2c4.com> <20170610025912.6499-6-Jason@zx2c4.com> To: "Jason A. Donenfeld" Sender: linux-kernel-owner@vger.kernel.org List-ID: Hi Jason, > This file is filled with complex cryptography. Thus, the comparisons of > MACs and secret keys and curve points and so forth should not add timing > attacks, which could either result in a direct forgery, or, given the > complexity, some other type of attack. > > Signed-off-by: Jason A. Donenfeld > Cc: Marcel Holtmann > Cc: Gustavo Padovan > Cc: Johan Hedberg > Cc: linux-bluetooth@vger.kernel.org > Cc: stable@vger.kernel.org > --- > net/bluetooth/smp.c | 39 ++++++++++++++++++++------------------- > 1 file changed, 20 insertions(+), 19 deletions(-) patch has been applied to bluetooth-next tree. Regards Marcel