]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 468c000) | patch
BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs
authorWilly Tarreau <w@1wt.eu>
Fri, 15 Oct 2021 09:52:41 +0000 (11:52 +0200)
committerWilly Tarreau <w@1wt.eu>
Fri, 15 Oct 2021 09:54:04 +0000 (11:54 +0200)
commitce16db4145e71cf1264e4f40e55c582f13c68798
tree0def16122041dc7928a4f8c30e01057c701119d7tree
parent468c000db0ddb93540948a1c12c9f9e129f76470commit | diff
BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs

As Tim reported in github issue #1414, we ought to use a constant-time
memcmp() when comparing hashes to avoid time-based attacks. Let's use
CRYPTO_memcmp() since this code already depends on openssl.

No backport is needed, this was just merged into 2.5.
src/jwt.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git