- xfr-tsig, constant time memcmp is used.

author W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)

committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>

Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)
author W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)
committer W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)
diff --git a/util/tsig.c b/util/tsig.c

index 053d6ff3edfc5fcb52e08608cd2ca9ac4085a3fc..4e774d891631f644fd40f1a0e0cfa2f610804c87 100644 (file)
--- a/util/tsig.c
+++ b/util/tsig.c
@@ -140,7 +140,7 @@ tsig_verify(sldns_buffer* pkt, const uint8_t* name, const uint8_t* alg,
         hmac_result_len = sizeof(hmac_result);
         HMAC( digester, secret, secret_len, sldns_buffer_begin(pkt), pos
             , hmac_result, &hmac_result_len);
-       if(memcmp(mac, hmac_result, hmac_result_len) == 0) {
+       if(CRYPTO_memcmp(mac, hmac_result, hmac_result_len) == 0) {
                 return now > time_signed ?
                      ( time_signed - now > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 )
                      : now - time_signed > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 ;
author	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)
committer	W.C.A. Wijngaards <wouter@nlnetlabs.nl>
	Thu, 12 Jun 2025 07:34:07 +0000 (09:34 +0200)