BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs
As Tim reported in github issue #1414, we ought to use a constant-time
memcmp() when comparing hashes to avoid time-based attacks. Let's use
CRYPTO_memcmp() since this code already depends on openssl.
No backport is needed, this was just merged into 2.5.
diff --git a/src/jwt.c b/src/jwt.c
index 0e23305..24459b0 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -205,7 +205,7 @@
ctx->jose.length + ctx->claims.length + 1, signature, &signature_length);
if (hmac_res && signature_length == decoded_signature->data &&
- (memcmp(decoded_signature->area, signature, signature_length) == 0))
+ (CRYPTO_memcmp(decoded_signature->area, signature, signature_length) == 0))
retval = JWT_VRFY_OK;
free_trash_chunk(trash);