Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / ce16db4145e71cf1264e4f40e55c582f13c68798
commitce16db4145e71cf1264e4f40e55c582f13c68798[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Fri Oct 15 11:52:41 2021 +0200
committerWilly Tarreau <w@1wt.eu>Fri Oct 15 11:54:04 2021 +0200
tree0def16122041dc7928a4f8c30e01057c701119d7
parent468c000db0ddb93540948a1c12c9f9e129f76470 [diff]
BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs

As Tim reported in github issue #1414, we ought to use a constant-time
memcmp() when comparing hashes to avoid time-based attacks. Let's use
CRYPTO_memcmp() since this code already depends on openssl.

No backport is needed, this was just merged into 2.5.
1 file changed
tree: 0def16122041dc7928a4f8c30e01057c701119d7
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. ROADMAP
  26. SUBVERS
  27. VERDATE
  28. VERSION