File 8945-inet_dns_tsig-compute-MAC-using-senders-timestamp-no.patch of Package erlang

From 656a3b1b45b608f6adbb28fdb556f0e15c77c0a0 Mon Sep 17 00:00:00 2001
From: Alexander Clouter <alex@digriz.org.uk>
Date: Wed, 3 Sep 2025 18:35:25 +0100
Subject: [PATCH 5/5] inet_dns_tsig: compute MAC using senders timestamp, not
 ours

This resolves the racey {notauth,badsig} errors seen. Before this could
be seen on a tight loop after about 100 client queries. With the fix, no
issue seen after making 10k requests.
---
 lib/kernel/src/inet_dns_tsig.erl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/kernel/src/inet_dns_tsig.erl b/lib/kernel/src/inet_dns_tsig.erl
index 41bea4cb3f..88fdad2b2a 100644
--- a/lib/kernel/src/inet_dns_tsig.erl
+++ b/lib/kernel/src/inet_dns_tsig.erl
@@ -243,10 +243,10 @@ do_verify(Pkt, _Response, TS, TSigRR) ->
     ]),
     MACCalc = if
         element(1, TS#tsig_state.mac) == ?MODULE ->
-            mac(PktS, TS, Error, Now, OtherData);
+            mac(PktS, TS, Error, NowSigned, OtherData);
         %% RFC8945, section 5.3.1: TSIG on TCP Connections
         true ->
-            mac(TS, Error, Now, OtherData)
+            mac(TS, Error, NowSigned, OtherData)
     end,
     if
         %% RFC8945, section 5.2 - MUST check time after MAC
-- 
2.51.0