From 000f9d97a1bd1810d51e69176bfbcdd39d5241e9 Mon Sep 17 00:00:00 2001
From: Koda Reef <koda.reef5@gmail.com>
Date: Mon, 23 Mar 2026 12:48:01 +0000
Subject: [PATCH] Use memcmp_constant_time for SHA-256 hash comparisons

Three security-critical comparisons use memcmp() on SHA-256 digests
where memcmp_constant_time() should be used:

- ssl_verify.c:244: certificate fingerprint comparison
- ssl_mbedtls.c:1038: TLS certificate hash comparison during renegotiation
- init.c:2167-2168: configuration digest comparison

The HMAC verification at crypto.c:652 already uses
memcmp_constant_time (CVE-2025-13086 fix). These three sites
have the same pattern but were not updated.
---
 src/openvpn/init.c        | 5 +++--
 src/openvpn/ssl_mbedtls.c | 3 ++-
 src/openvpn/ssl_verify.c  | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 34ed4eb5..78988714 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -31,6 +31,7 @@
 #endif
 
 #include "win32.h"
+#include "crypto.h"
 #include "init.h"
 #include "run_command.h"
 #include "sig.h"
@@ -2164,8 +2165,8 @@ static bool
 options_hash_changed_or_zero(const struct sha256_digest *a, const struct sha256_digest *b)
 {
     const struct sha256_digest zero = { { 0 } };
-    return memcmp(a, b, sizeof(struct sha256_digest))
-           || !memcmp(a, &zero, sizeof(struct sha256_digest));
+    return memcmp_constant_time(a, b, sizeof(struct sha256_digest))
+           || !memcmp_constant_time(a, &zero, sizeof(struct sha256_digest));
 }
 
 /**
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index d0c481e9..4c4f4a79 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -35,6 +35,7 @@
 
 #if defined(ENABLE_CRYPTO_MBEDTLS)
 
+#include "crypto.h"
 #include "errlevel.h"
 #include "ssl_backend.h"
 #include "base64.h"
@@ -1035,7 +1036,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
             msg(M_WARN, "WARNING: failed to personalise random");
         }
 
-        if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
+        if (0 != memcmp_constant_time(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
         {
             if (!mbed_ok(mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32)))
             {
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index d44f25fc..61a294ce 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -37,6 +37,7 @@
 #include "manage.h"
 #include "otime.h"
 #include "run_command.h"
+#include "crypto.h"
 #include "ssl_verify.h"
 #include "ssl_verify_backend.h"
 
@@ -241,7 +242,7 @@ cert_hash_compare(const struct cert_hash_set *chs1, const struct cert_hash_set *
                 continue;
             }
             else if (ch1 && ch2
-                     && !memcmp(ch1->sha256_hash, ch2->sha256_hash, sizeof(ch1->sha256_hash)))
+                     && !memcmp_constant_time(ch1->sha256_hash, ch2->sha256_hash, sizeof(ch1->sha256_hash)))
             {
                 continue;
             }