From: Eric Biggers <ebiggers@kernel.org>
Date: Thu, 31 Jul 2025 19:25:44 +0000 (-0700)
Subject: thunderbolt: Compare HMAC values in constant time
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=dced755df3bc49e417ee4de45eec89bf5570b192;p=users%2Fhch%2Fmisc.git

thunderbolt: Compare HMAC values in constant time

To prevent timing attacks, HMAC value comparison needs to be constant
time.  Replace the memcmp() with the correct function, crypto_memneq().

Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)")
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
---

diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 45239703745e..7e0eb3c07f1c 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -13,6 +13,7 @@
 #include <linux/slab.h>
 #include <linux/random.h>
 #include <crypto/hash.h>
+#include <crypto/utils.h>
 
 #include "tb.h"
 
@@ -748,7 +749,7 @@ int tb_domain_challenge_switch_key(struct tb *tb, struct tb_switch *sw)
 		goto err_free_shash;
 
 	/* The returned HMAC must match the one we calculated */
-	if (memcmp(response, hmac, sizeof(hmac))) {
+	if (crypto_memneq(response, hmac, sizeof(hmac))) {
 		ret = -EKEYREJECTED;
 		goto err_free_shash;
 	}