crypto: use timing-safe comparison in Web Cryptography HMAC

Use `CRYPTO_memcmp` instead of `memcmp` in `HMAC`
Web Cryptography algorithm implementations.

Ref: https://hackerone.com/reports/3533945
PR-URL: https://github.com/nodejs-private/node-private/pull/831
Refs: https://hackerone.com/reports/3533945
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
CVE-ID: CVE-2026-21713
origin: https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94fafy

Gbp-Pq: Name CVE-2026-21713.patch

diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc
index 8173946b12bc75ea4a44346df65d7bd3e9bb1b9e..7f4c50cdfe4a9043fed9f785fa7661e8c06eabb5 100644 (file)
--- a/src/crypto/crypto_hmac.cc
+++ b/src/crypto/crypto_hmac.cc
@@ -270,7 +270,8 @@ Maybe<bool> HmacTraits::EncodeOutput(
       *result = Boolean::New(
           env->isolate(),
           out->size() > 0 && out->size() == params.signature.size() &&
-              memcmp(out->data(), params.signature.data(), out->size()) == 0);
+              CRYPTO_memcmp(
+                  out->data(), params.signature.data(), out->size()) == 0);
       break;
     default:
       UNREACHABLE();