[PATCH] Bluetooth: smp: Fix biased random passkey generation

From: Mincheol Son
Date: Mon Dec 07 2020 - 12:51:05 EST

Next message: Thomas Gleixner: "Re: [patch V2 9/9] tasklets: Prevent kill/unlock_wait deadlock on RT"
Previous message: Thomas Gleixner: "Re: [patch V2 9/9] tasklets: Prevent kill/unlock_wait deadlock on RT"
Next in thread: kernel test robot: "Re: [PATCH] Bluetooth: smp: Fix biased random passkey generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since u32 range size is not a multiple of 1,000,000, current passkey generation logic is biased.

Fixed this by adding a routine that selects passkey again if passkey is 4,200,000,000 or more.

Signed-off-by: Mincheol Son <encrypted.def@xxxxxxxxx>
---
net/bluetooth/smp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index c659c464f7ca..26ed83e0db34 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -922,7 +922,9 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
/* Generate random passkey. */
if (smp->method == CFM_PASSKEY) {
memset(smp->tk, 0, sizeof(smp->tk));
- get_random_bytes(&passkey, sizeof(passkey));
+ do {
+ get_random_bytes(&passkey, sizeof(passkey));
+ } while (passkey >= (u32)4200000000);
passkey %= 1000000;
put_unaligned_le32(passkey, smp->tk);
BT_DBG("PassKey: %d", passkey);
--
2.25.1

Next message: Thomas Gleixner: "Re: [patch V2 9/9] tasklets: Prevent kill/unlock_wait deadlock on RT"
Previous message: Thomas Gleixner: "Re: [patch V2 9/9] tasklets: Prevent kill/unlock_wait deadlock on RT"
Next in thread: kernel test robot: "Re: [PATCH] Bluetooth: smp: Fix biased random passkey generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]