Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: NDavid Gstir <david@sigma-star.at>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>