From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Tue, 3 Oct 2023 21:27:49 +0000
Subject: [PATCH] Fix timing attack in BTM_BleVerifySignature

BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
to be deduced through a side-channel attack.

Change to CRYPTO_memcmp, which is hardened against this attack, to
eliminate this attack.

Bug: 274478807
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fcd1c44f7c4bf431dd6a6902d74c045174bd00ce)
Merged-In: I41a9b586d663d2ad4694222ae451d2d30a428a3c
Change-Id: I41a9b586d663d2ad4694222ae451d2d30a428a3c
---
 main/Android.mk     | 2 ++
 stack/Android.mk    | 5 +++--
 stack/btm/btm_ble.c | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/main/Android.mk b/main/Android.mk
index 2286997e8..985851add 100644
--- a/main/Android.mk
+++ b/main/Android.mk
@@ -52,12 +52,14 @@ LOCAL_C_INCLUDES+= . \
 	$(LOCAL_PATH)/../audio_a2dp_hw \
 	$(LOCAL_PATH)/../utils/include \
 	$(bluetooth_C_INCLUDES) \
+	external/boringssl \
 	external/tinyxml2 \
     external/zlib \
     $(call include-path-for, audio-utils)
 
 LOCAL_SHARED_LIBRARIES := \
     libcutils \
+    libcrypto \
     libdl \
     liblog \
     libz \
diff --git a/stack/Android.mk b/stack/Android.mk
index 4c77e8dd7..49f43fbc5 100644
--- a/stack/Android.mk
+++ b/stack/Android.mk
@@ -33,7 +33,8 @@ LOCAL_C_INCLUDES:= \
                    $(LOCAL_PATH)/../bta/sys \
                    $(LOCAL_PATH)/../utils/include \
                    $(LOCAL_PATH)/../ \
-                   $(bluetooth_C_INCLUDES)
+                   $(bluetooth_C_INCLUDES) \
+                   external/boringssl
 
 LOCAL_SRC_FILES:= \
     ./a2dp/a2d_api.c \
@@ -154,7 +155,7 @@ LOCAL_SRC_FILES:= \
 
 LOCAL_MODULE := libbt-stack
 LOCAL_STATIC_LIBRARIES := libbt-hci
-LOCAL_SHARED_LIBRARIES := libcutils
+LOCAL_SHARED_LIBRARIES := libcutils libcrypto
 
 
 LOCAL_CFLAGS += $(bluetooth_CFLAGS)
diff --git a/stack/btm/btm_ble.c b/stack/btm/btm_ble.c
index 6bb85a4ce..c6e699d49 100644
--- a/stack/btm/btm_ble.c
+++ b/stack/btm/btm_ble.c
@@ -41,6 +41,7 @@
 #include "hcimsgs.h"
 #include "log/log.h"
 #include "l2c_int.h"
+#include "openssl/mem.h"
 #include "osi/include/log.h"
 #include "smp_api.h"
 
@@ -2282,7 +2283,7 @@ BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT
 
         if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
         {
-            if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
+            if (CRYPTO_memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
             {
                 btm_ble_increment_sign_ctr(bd_addr, FALSE);
                 verified = TRUE;