Merge "RESTRICT AUTOMERGE: Fix HMAC Compare time attack" into tm-dev

commit: b3191a4aa787227f2859e3bb3f78e3ffbfd2a797 [log] [tgz]
author: Timothy Yiu <tyiu@google.com> Mon Apr 03 23:17:20 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Apr 03 23:17:20 2023 +0000
tree: 08071ecfe638cc424d689efcb1ee572fcc85bab9
parent: ac3b73286abc8f620ea26c4f5f3ceb827e9c6cf4 [diff]
parent: ca8d670c1656a6a47ef0f31fdfe1744d75fe5543 [diff]
diff --git a/services/inputflinger/dispatcher/InputDispatcher.cpp b/services/inputflinger/dispatcher/InputDispatcher.cpp
index 5e9427a..da46128 100644
--- a/services/inputflinger/dispatcher/InputDispatcher.cpp
+++ b/services/inputflinger/dispatcher/InputDispatcher.cpp

@@ -27,6 +27,7 @@
 #include <ftl/enum.h>
 #include <gui/SurfaceComposerClient.h>
 #include <input/InputDevice.h>
+#include <openssl/mem.h>
 #include <powermanager/PowerManager.h>
 #include <unistd.h>
 #include <utils/Trace.h>
@@ -4422,7 +4423,7 @@
     if (calculatedHmac == INVALID_HMAC) {
         return nullptr;
     }
-    if (calculatedHmac != event.getHmac()) {
+    if (0 != CRYPTO_memcmp(calculatedHmac.data(), event.getHmac().data(), calculatedHmac.size())) {
         return nullptr;
     }
     return result;
commit	b3191a4aa787227f2859e3bb3f78e3ffbfd2a797	[log] [tgz]
author	Timothy Yiu <tyiu@google.com>	Mon Apr 03 23:17:20 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Apr 03 23:17:20 2023 +0000
tree	08071ecfe638cc424d689efcb1ee572fcc85bab9
parent	ac3b73286abc8f620ea26c4f5f3ceb827e9c6cf4 [diff]
parent	ca8d670c1656a6a47ef0f31fdfe1744d75fe5543 [diff]