DF-0305
HMAC comparison uses non-constant-time bcmp: timing side-channel
Summary
carp_hmac_verify(:581) bcmp(md,md2,sizeof(md2)) not constant-time. May short-circuit on first differing byte -> timing oracle for byte-by-byte brute force. Network jitter makes remote exploit impractical but violates crypto coding standards.