Skip to content

Commit

Permalink
Merge pull request #101 from ErwanLegrand/side-channel
Browse files Browse the repository at this point in the history 
Fix side-channel in HMACSign<Hasher>::verify
  • Loading branch information
@arun11299
arun11299 authored Feb 11, 2024
2 parents 10ef573 + 2c329d2 commit 4a970bc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion include/jwt/impl/algorithm.ipp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ verify_result_t HMACSign<Hasher>::verify(
auto new_len = jwt::base64_uri_encode(&b64_enc_str[0], b64_enc_str.length());
b64_enc_str.resize(new_len);

bool ret = (jwt::string_view{b64_enc_str} == jwt_sign);
bool ret = (new_len == jwt_sign.size()) && (CRYPTO_memcmp(b64_enc_str.data(), jwt_sign.data(), new_len) == 0);

return { ret, ec };
}
Expand Down

0 comments on commit 4a970bc

Please sign in to comment.