DragonFlyBSD Kernel Audit
← dashboard
DF-0305

HMAC comparison uses non-constant-time bcmp: timing side-channel

Summary

carp_hmac_verify(:581) bcmp(md,md2,sizeof(md2)) not constant-time. May short-circuit on first differing byte -> timing oracle for byte-by-byte brute force. Network jitter makes remote exploit impractical but violates crypto coding standards.