esp-idf/components/bt/host/bluedroid
Chinmay Chhajed d73ebb570b Bluedroid: Fixes for some vulnerabilities.
This commit fixes 'Impersonation in Passkey entry protocol'
(CVE-2020-26558) and suggests fixes for other vulnerabilites like
'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and
'Authentication of the LE Legacy Pairing Protocol'

CVE-2020-26558 can be easily implemented if the peer device can
impersonate our public key. This commit adds a check by comparing our
and received public key and returns failed pairing if keys are same.

This commit also adds comments suggesting to use secure connection when
supported by all devices.
2020-12-24 10:52:12 +00:00
..
api Bluedroid: Fixes for some vulnerabilities. 2020-12-24 10:52:12 +00:00
bta component/bt: support BLE Read Attribute value by UUID 2020-12-02 20:04:36 +08:00
btc fix spp vfs demo crash when use dynamic memory 2020-12-09 19:46:43 +08:00
common/include/common component/bt: support BLE Application Layer Encryption key size check 2020-12-02 09:08:03 +08:00
device Whitespace: Automated whitespace fixes (large commit) 2020-11-11 07:36:35 +00:00
external/sbc Whitespace: Automated whitespace fixes (large commit) 2020-11-11 07:36:35 +00:00
hci Whitespace: Automated whitespace fixes (large commit) 2020-11-11 07:36:35 +00:00
main tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
stack Bluedroid: Fixes for some vulnerabilities. 2020-12-24 10:52:12 +00:00
Kconfig.in component/bt: Add a macro to control the compilation of blufi. 2020-11-24 10:43:18 +08:00