mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2026-05-05 10:46:10 +02:00
Code Issues Projects Releases Wiki Activity

Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC (#1869)

Browse Source 
memcmp short-circuits on first differing byte, letting an attacker
recover a valid HMAC byte-by-byte via response-time differences. Switch
to CRYPTO_memcmp, which is constant-time regardless of the first
mismatching byte.
This commit is contained in:
Pavel Punsky 2026-04-18 17:08:46 -07:00 committed by GitHub
parent c3a17d06fd
commit dbc2884096
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/client/ns_turn_msg.c
View File

@ -1931,7 +1931,9 @@ int stun_check_message_integrity_by_key_str(turn_credential_type ct, uint8_t *bu
return -1;
}
if (0 != memcmp(old_hmac, new_hmac, shasize)) {
/* Use constant-time comparison: a short-circuiting memcmp leaks the matching prefix
length via response timing, allowing byte-by-byte HMAC recovery. */
if (0 != CRYPTO_memcmp(old_hmac, new_hmac, shasize)) {
return 0;
}