thunderbolt: Compare HMAC values in constant time

To prevent timing attacks, HMAC value comparison needs to be constant time. Replace the memcmp() with the correct function, crypto_memneq(). Fixes: f67cf491175a ("thunderbolt: Add support for Internal Connection Manager (ICM)") Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
author: Eric Biggers <ebiggers@kernel.org> 2025-07-31 12:25:44 -0700
committer: Mika Westerberg <mika.westerberg@linux.intel.com> 2025-08-11 07:56:13 +0200
commit: dced755df3bc49e417ee4de45eec89bf5570b192 (patch)
tree: 4300c49ab642cb9b6d453d090d9e1999e40e5238
parent: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/thunderbolt/domain.c b/drivers/thunderbolt/domain.c
index 45239703745e..7e0eb3c07f1c 100644
--- a/drivers/thunderbolt/domain.c
+++ b/drivers/thunderbolt/domain.c
@@ -13,6 +13,7 @@
 #include <linux/slab.h>
 #include <linux/random.h>
 #include <crypto/hash.h>
+#include <crypto/utils.h>
 
 #include "tb.h"
 
@@ -748,7 +749,7 @@ int tb_domain_challenge_switch_key(struct tb *tb, struct tb_switch *sw)
 		goto err_free_shash;
 
 	/* The returned HMAC must match the one we calculated */
-	if (memcmp(response, hmac, sizeof(hmac))) {
+	if (crypto_memneq(response, hmac, sizeof(hmac))) {
 		ret = -EKEYREJECTED;
 		goto err_free_shash;
 	}
author	Eric Biggers <ebiggers@kernel.org>	2025-07-31 12:25:44 -0700
committer	Mika Westerberg <mika.westerberg@linux.intel.com>	2025-08-11 07:56:13 +0200
commit	dced755df3bc49e417ee4de45eec89bf5570b192 (patch)
tree	4300c49ab642cb9b6d453d090d9e1999e40e5238
parent	8f5ae30d69d7543eee0d70083daf4de8fe15d585 (diff)