From 94adedd109cec2ad347907a436676e0d0c5c6116 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 6 Mar 2026 08:43:20 +0100
Subject: [PATCH] Replace XMEMCMP with ConstantCompare for ticket MAC
 verification

F-15
---
 src/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index e691ac432f3..35db1ea98f6 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -16423,7 +16423,7 @@ static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
             goto end;
         if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz))
             goto end;
-        if (XMEMCMP(mac, digest, mdSz) != 0)
+        if (ConstantCompare(mac, digest, (int)mdSz) != 0)
             goto end;
 
         /* Decrypt the ticket data in place. */