[jira] [Updated] (CAMEL-23766) camel-crypto: use a constant-time comparison for HMAC verification in HMACAccumulator

Andrea Cosentino (Jira) Wed, 24 Jun 2026 01:33:10 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Cosentino updated CAMEL-23766:
-------------------------------------
    Fix Version/s: 4.22.0
                       (was: 4.21.0)

> camel-crypto: use a constant-time comparison for HMAC verification in 
> HMACAccumulator
> -------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23766
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23766
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.14.8, 4.18.3, 4.22.0
>
>
> HMACAccumulator.validate() compares the expected and actual MAC byte-by-byte 
> with an early-exit loop. This proposes using 
> java.security.MessageDigest.isEqual(...) for a constant-time comparison, 
> which is the standard practice for MAC/signature verification.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CAMEL-23766) camel-crypto: use a constant-time comparison for HMAC verification in HMACAccumulator

Reply via email to