From ea0973002f7e1b8e6c9b44a996c65742154ece6b Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Thu, 12 Jun 2025 09:34:07 +0200
Subject: [PATCH] - xfr-tsig, constant time memcmp is used.

---
 util/tsig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/tsig.c b/util/tsig.c
index 053d6ff3e..4e774d891 100644
--- a/util/tsig.c
+++ b/util/tsig.c
@@ -140,7 +140,7 @@ tsig_verify(sldns_buffer* pkt, const uint8_t* name, const uint8_t* alg,
 	hmac_result_len = sizeof(hmac_result);
 	HMAC( digester, secret, secret_len, sldns_buffer_begin(pkt), pos
 	    , hmac_result, &hmac_result_len);
-	if(memcmp(mac, hmac_result, hmac_result_len) == 0) {
+	if(CRYPTO_memcmp(mac, hmac_result, hmac_result_len) == 0) {
 		return now > time_signed ?
 		     ( time_signed - now > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 )
 		     : now - time_signed > fudge ? LDNS_TSIG_ERROR_BADTIME : 0 ;
-- 
2.47.2