From 2c329d2537550681427dea8960a35e2b682bfdeb Mon Sep 17 00:00:00 2001
From: Erwan Legrand <github@erwanlegrand.com>
Date: Sat, 10 Feb 2024 18:45:07 +0100
Subject: [PATCH] Minimal side-channel fix

---
 include/jwt/impl/algorithm.ipp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/jwt/impl/algorithm.ipp b/include/jwt/impl/algorithm.ipp
index c778533..efc21de 100644
--- a/include/jwt/impl/algorithm.ipp
+++ b/include/jwt/impl/algorithm.ipp
@@ -63,7 +63,7 @@ verify_result_t HMACSign<Hasher>::verify(
   auto new_len = jwt::base64_uri_encode(&b64_enc_str[0], b64_enc_str.length());
   b64_enc_str.resize(new_len);
 
-  bool ret = (jwt::string_view{b64_enc_str} == jwt_sign);
+  bool ret = (new_len == jwt_sign.size()) && (CRYPTO_memcmp(b64_enc_str.data(), jwt_sign.data(), new_len) == 0);
 
   return { ret, ec };
 }