eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-14 16:58:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #101 from ErwanLegrand/side-channel

Browse source 
Fix side-channel in HMACSign<Hasher>::verify
This commit is contained in:
Arun Muralidharan 2024-02-11 08:33:39 +05:30 committed by GitHub
commit 4a970bc302
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/jwt/impl/algorithm.ipp
View file

@ -63,7 +63,7 @@ verify_result_t HMACSign<Hasher>::verify(
auto new_len = jwt::base64_uri_encode(&b64_enc_str[0], b64_enc_str.length());
b64_enc_str.resize(new_len);
bool ret = (jwt::string_view{b64_enc_str} == jwt_sign);
bool ret = (new_len == jwt_sign.size()) && (CRYPTO_memcmp(b64_enc_str.data(), jwt_sign.data(), new_len) == 0);
return { ret, ec };
}