Replace XMEMCMP with ConstantCompare when validating secure renegotiation (SCR) verify data

julek-wolfssl · julek-wolfssl · commit 1555ec4b762f · 2026-03-06T08:51:37.000+01:00
F-16
diff --git a/src/tls.c b/src/tls.c
@@ -6047,7 +6047,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input,
                     input++; /* get past size */
 
                     /* validate client verify data */
-                    if (XMEMCMP(input,
+                    if (ConstantCompare(input,
                             ssl->secure_renegotiation->client_verify_data,
                             TLS_FINISHED_SZ) == 0) {
                         WOLFSSL_MSG("SCR client verify data match");
@@ -6075,10 +6075,10 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input,
                 input++;  /* get past size */
 
                 /* validate client and server verify data */
-                if (XMEMCMP(input,
+                if (ConstantCompare(input,
                             ssl->secure_renegotiation->client_verify_data,
                             TLS_FINISHED_SZ) == 0 &&
-                    XMEMCMP(input + TLS_FINISHED_SZ,
+                    ConstantCompare(input + TLS_FINISHED_SZ,
                             ssl->secure_renegotiation->server_verify_data,
                             TLS_FINISHED_SZ) == 0) {
                     WOLFSSL_MSG("SCR client and server verify data match");
