From 54aa4b1c3fb9e3b7e596294b644eb7c49fcc1d78 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Fri, 20 Feb 2026 12:32:14 +0100
Subject: [PATCH] crypto: use timing-safe comparison in Web Cryptography HMAC

Use `CRYPTO_memcmp` instead of `memcmp` in `HMAC`
Web Cryptography algorithm implementations.

Ref: https://hackerone.com/reports/3533945
PR-URL: https://github.com/nodejs-private/node-private/pull/831
Refs: https://hackerone.com/reports/3533945
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
CVE-ID: CVE-2026-21713
origin: https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94fafy

Gbp-Pq: Name CVE-2026-21713.patch
---
 src/crypto/crypto_hmac.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc
index 8173946b1..7f4c50cdf 100644
--- a/src/crypto/crypto_hmac.cc
+++ b/src/crypto/crypto_hmac.cc
@@ -270,7 +270,8 @@ Maybe<bool> HmacTraits::EncodeOutput(
       *result = Boolean::New(
           env->isolate(),
           out->size() > 0 && out->size() == params.signature.size() &&
-              memcmp(out->data(), params.signature.data(), out->size()) == 0);
+              CRYPTO_memcmp(
+                  out->data(), params.signature.data(), out->size()) == 0);
       break;
     default:
       UNREACHABLE();
-- 
2.30.2