BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs As Tim reported in github issue #1414, we ought to use a constant-time memcmp() when comparing hashes to avoid time-based attacks. Let's use CRYPTO_memcmp() since this code already depends on openssl. No backport is needed, this was just merged into 2.5.

commit: ce16db4145e71cf1264e4f40e55c582f13c68798 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Fri Oct 15 11:52:41 2021 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Oct 15 11:54:04 2021 +0200
tree: 0def16122041dc7928a4f8c30e01057c701119d7
parent: 468c000db0ddb93540948a1c12c9f9e129f76470 [diff]
diff --git a/src/jwt.c b/src/jwt.c
index 0e23305..24459b0 100644
--- a/src/jwt.c
+++ b/src/jwt.c

@@ -205,7 +205,7 @@
 			ctx->jose.length + ctx->claims.length + 1, signature, &signature_length);
 
 	if (hmac_res && signature_length == decoded_signature->data &&
-		  (memcmp(decoded_signature->area, signature, signature_length) == 0))
+		  (CRYPTO_memcmp(decoded_signature->area, signature, signature_length) == 0))
 		retval = JWT_VRFY_OK;
 
 	free_trash_chunk(trash);
commit	ce16db4145e71cf1264e4f40e55c582f13c68798	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Fri Oct 15 11:52:41 2021 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Oct 15 11:54:04 2021 +0200
tree	0def16122041dc7928a4f8c30e01057c701119d7
parent	468c000db0ddb93540948a1c12c9f9e129f76470 [diff]