diff --git a/ntpd/ntp_leapsec.c b/ntpd/ntp_leapsec.c
index 2618862c57..f358b658dd 100644
--- a/ntpd/ntp_leapsec.c
+++ b/ntpd/ntp_leapsec.c
@@ -1141,8 +1141,16 @@ leapsec_validate(
 		return LSVALID_NOHASH;
 	if (0 == hlseen)
 		return LSVALID_BADFORMAT;
-	if (0 != memcmp(&rdig, &ldig, sizeof(sha1_digest)))
-		return LSVALID_BADHASH;
+	{
+		volatile unsigned char diff = 0;
+		const unsigned char *a = (const unsigned char *)&rdig;
+		const unsigned char *b = (const unsigned char *)&ldig;
+		size_t i;
+		for (i = 0; i < sizeof(sha1_digest); i++)
+			diff |= a[i] ^ b[i];
+		if (diff != 0)
+			return LSVALID_BADHASH;
+	}
 	return LSVALID_GOODHASH;
 }
 
diff --git a/ntpd/refclock_ripencc.c b/ntpd/refclock_ripencc.c
index a7339e3d49..1f9659f3b6 100644
--- a/ntpd/refclock_ripencc.c
+++ b/ntpd/refclock_ripencc.c
@@ -1507,7 +1507,7 @@ parse0x8FAD(
 	utcflags =	buf[19];
 
 
-	sprintf(logbuf, "U1 %d.%d.%d %02d:%02d:%02d %d %02x",
+	snprintf(logbuf, sizeof(logbuf), "U1 %d.%d.%d %02d:%02d:%02d %d %02x",
 		day, month, year, hour, minute, second, trackstat, utcflags);
 
 #ifdef DEBUG_NCC
@@ -1674,7 +1674,7 @@ parse0x8F0B(
 	}
 
 
-	sprintf(logbuf, "C1 %02d%02d%04d %02d%02d%02d %d %7.0f %.1f %.0f %.1f %d %02d%09.6f %c %02d%09.6f %c %.0f  %d %d %d %d %d %d %d %d",
+	snprintf(logbuf, sizeof(logbuf), "C1 %02d%02d%04d %02d%02d%02d %d %7.0f %.1f %.0f %.1f %d %02d%09.6f %c %02d%09.6f %c %.0f  %d %d %d %d %d %d %d %d",
 		day, month, year, hour, minute, second, mode, bias, biasunc,
 		rate, rateunc, utcoff, lat_deg, lat_min, north_south, lon_deg,
 		lon_min, east_west, alt, sv[0], sv[1], sv[2], sv[3], sv[4],
@@ -1750,7 +1750,7 @@ parse0x4F(
 	dn = bGetShort (&buf[22]);
 	dt_lsf = bGetShort (&buf[24]);
 
-	sprintf(logbuf, "L1 %d %d %d %g %g %g %d %d %d",
+	snprintf(logbuf, sizeof(logbuf), "L1 %d %d %d %g %g %g %d %d %d",
 		dt_lsf - dt_ls, dt_ls, dt_lsf, a0, a1, tot, wn_t, wn_lsf, dn); 
 
 #ifdef DEBUG_NCC
@@ -1802,7 +1802,7 @@ parse0x5C(
 	elevation = bGetSingle(&buf[12]) * R2D;
 	azinuth = bGetSingle(&buf[16]) * R2D;
 
-	sprintf(logbuf, "S1 %02d %d %d %02x %4.1f %5.1f %4.1f",
+	snprintf(logbuf, sizeof(logbuf), "S1 %02d %d %d %02x %4.1f %5.1f %4.1f",
 		prn, channel, aqflag, ephstat, snr, azinuth, elevation);
 
 #ifdef DEBUG_NCC
diff --git a/sntp/crypto.c b/sntp/crypto.c
index 1be2ea3f0c..d4cbd4e084 100644
--- a/sntp/crypto.c
+++ b/sntp/crypto.c
@@ -174,11 +174,16 @@ auth_md5(
 
 	pkt_ptr += pkt_len + sizeof(keyid_t);
 
-	/* isc_tsmemcmp will be better when its easy to link with.  sntp
-	 * is a 1-shot program, so snooping for timing attacks is
-	 * Harder.
-	 */
-	return mac_len == len && !memcmp(dbuf, pkt_ptr, mac_len);
+	/* Use constant-time comparison for MAC verification. */
+	if (mac_len != len)
+		return 0;
+	{
+		volatile unsigned char diff = 0;
+		size_t i;
+		for (i = 0; i < mac_len; i++)
+			diff |= dbuf[i] ^ pkt_ptr[i];
+		return (diff == 0);
+	}
 }
 
 static int