crypto: axis - use a constant time tag compare

Avoid plain memcmp() on the AEAD tag value as this could leak
information through a timing side channel.

Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c
index 5089ad2c49f916cec43a0209c14826a6ed8b1118..109efab6a9df2849e70a7ef26928a2d0a547eab9 100644 (file)
--- a/drivers/crypto/axis/artpec6_crypto.c
+++ b/drivers/crypto/axis/artpec6_crypto.c
@@ -2201,9 +2201,9 @@ static void artpec6_crypto_complete_aead(struct crypto_async_request *req)
                                   areq->assoclen + areq->cryptlen -
                                   authsize);
 
-               if (memcmp(req_ctx->decryption_tag,
-                          input_tag,
-                          authsize)) {
+               if (crypto_memneq(req_ctx->decryption_tag,
+                                 input_tag,
+                                 authsize)) {
                        pr_debug("***EBADMSG:\n");
                        print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1,
                                             input_tag, authsize, true);