| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201207174957.408-1-encrypted.def@gmail.com>
Date: Tue, 8 Dec 2020 02:49:57 +0900
From: Mincheol Son <encrypted.def@...il.com>
To: marcel@...tmann.org
Cc: johan.hedberg@...il.com, davem@...emloft.net, kuba@...nel.org,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
Mincheol Son <encrypted.def@...il.com>
Subject: [PATCH] Bluetooth: smp: Fix biased random passkey generation
Since u32 range size is not a multiple of 1,000,000, current passkey generation logic is biased.
Fixed this by adding a routine that selects passkey again if passkey is 4,200,000,000 or more.
Signed-off-by: Mincheol Son <encrypted.def@...il.com>
---
net/bluetooth/smp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index c659c464f7ca..26ed83e0db34 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -922,7 +922,9 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
/* Generate random passkey. */
if (smp->method == CFM_PASSKEY) {
memset(smp->tk, 0, sizeof(smp->tk));
- get_random_bytes(&passkey, sizeof(passkey));
+ do {
+ get_random_bytes(&passkey, sizeof(passkey));
+ } while (passkey >= (u32)4200000000);
passkey %= 1000000;
put_unaligned_le32(passkey, smp->tk);
BT_DBG("PassKey: %d", passkey);
--
2.25.1
Powered by blists - more mailing lists