thunderbolt: Compare HMAC values in constant time

To prevent timing attacks, HMAC value comparison needs to be constant
time.  Replace the memcmp() with the correct function, crypto_memneq().

Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)")
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>

diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 45239703745e540c42fbffcf332c5e293814eea7..7e0eb3c07f1c71f5c8e4877dcd993a4e9ec24b8e 100644 (file)
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -13,6 +13,7 @@
 #include <linux/slab.h>
 #include <linux/random.h>
 #include <crypto/hash.h>
+#include <crypto/utils.h>
 
 #include "tb.h"
 
@@ -748,7 +749,7 @@ int tb_domain_challenge_switch_key(struct tb *tb, struct tb_switch *sw)
                goto err_free_shash;
 
        /* The returned HMAC must match the one we calculated */
-       if (memcmp(response, hmac, sizeof(hmac))) {
+       if (crypto_memneq(response, hmac, sizeof(hmac))) {
                ret = -EKEYREJECTED;
                goto err_free_shash;
        }