dgit.raspbian.org Git - nodejs.git/commit

author	Filip Skokan <panva.ip@gmail.com>
	Fri, 20 Feb 2026 11:32:14 +0000 (12:32 +0100)
committer	Jérémy Lal <kapouer@melix.org>
	Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)
commit	f69e3040f77ac52f3b4ffe29b328f417f703b00c
tree	00685e70098a20e7f40e11ced379b19cf34cf0d1	tree \| snapshot
parent	6943103ee14fedc17881e86d1ca13cfdc850c083	commit \| diff

[PATCH] crypto: use timing-safe comparison in Web Cryptography HMAC

Use `CRYPTO_memcmp` instead of `memcmp` in `HMAC`
Web Cryptography algorithm implementations.

Ref: https://hackerone.com/reports/3533945
PR-URL: https://github.com/nodejs-private/node-private/pull/831
Refs: https://hackerone.com/reports/3533945
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
CVE-ID: CVE-2026-21713

Gbp-Pq: Topic sec
Gbp-Pq: Name 50-crypto-use-timing-safe-comparison-HMAC.patch

src/crypto/crypto_hmac.cc

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom