From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 12 Jun 2025 07:34:07 +0000 (+0200)
Subject: - xfr-tsig, constant time memcmp is used.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea0973002f7e1b8e6c9b44a996c65742154ece6b;p=thirdparty%2Funbound.git

- xfr-tsig, constant time memcmp is used.
---

diff --git a/util/tsig.c b/util/tsig.c
index 053d6ff3e..4e774d891 100644
--- a/util/tsig.c
+++ b/util/tsig.c
@@ -140,7 +140,7 @@ tsig_verify(sldns_buffer* pkt, const uint8_t* name, const uint8_t* alg,
 	hmac_result_len = sizeof(hmac_result);
 	HMAC( digester, secret, secret_len, sldns_buffer_begin(pkt), pos
 	    , hmac_result, &hmac_result_len);
-	if(memcmp(mac, hmac_result, hmac_result_len) == 0) {
+	if(CRYPTO_memcmp(mac, hmac_result, hmac_result_len) == 0) {
 		return now > time_signed ?
 		     ( time_signed - now > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 )
 		     : now - time_signed > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 ;