From: Willy Tarreau <w@1wt.eu>
Date: Fri, 15 Oct 2021 09:52:41 +0000 (+0200)
Subject: BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs
X-Git-Tag: v2.5-dev10~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce16db4145e71cf1264e4f40e55c582f13c68798;p=thirdparty%2Fhaproxy.git

BUG/MINOR: jwt: use CRYPTO_memcmp() to compare HMACs

As Tim reported in github issue #1414, we ought to use a constant-time
memcmp() when comparing hashes to avoid time-based attacks. Let's use
CRYPTO_memcmp() since this code already depends on openssl.

No backport is needed, this was just merged into 2.5.
---

diff --git a/src/jwt.c b/src/jwt.c
index 0e233059f6..24459b0665 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -205,7 +205,7 @@ jwt_jwsverify_hmac(const struct jwt_ctx *ctx, const struct buffer *decoded_signa
 			ctx->jose.length + ctx->claims.length + 1, signature, &signature_length);
 
 	if (hmac_res && signature_length == decoded_signature->data &&
-		  (memcmp(decoded_signature->area, signature, signature_length) == 0))
+		  (CRYPTO_memcmp(decoded_signature->area, signature, signature_length) == 0))
 		retval = JWT_VRFY_OK;
 
 	free_trash_chunk(trash);