Merge pull request #9864 from JacobBarthelmeh/f11

harden compare of mac with TLS 1.3 finished

Author: douzzer

src/tls13.c

@@ -11214,7 +11214,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     if (sniff == NO_SNIFF) {
         /* Actually check verify data. */
         if (size > WC_MAX_DIGEST_SIZE ||
-                XMEMCMP(input + *inOutIdx, mac, size) != 0){
+                ConstantCompare(input + *inOutIdx, mac, size) != 0){
             WOLFSSL_MSG("Verify finished error on hashes");
             SendAlert(ssl, alert_fatal, decrypt_error);
             WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR);