diff options
Diffstat (limited to 'Authentication/JWT.php')
| -rw-r--r-- | Authentication/JWT.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/Authentication/JWT.php b/Authentication/JWT.php index 38a4f7e..90c1ac7 100644 --- a/Authentication/JWT.php +++ b/Authentication/JWT.php @@ -157,7 +157,16 @@ class JWT } case 'hash_hmac': default: - return $signature === hash_hmac($algo, $msg, $key, true); + $hash = hash_hmac($algo, $msg, $key, true); + $len = min(strlen($signature), strlen($hash)); + + $status = 0; + for ($i = 0; $i < $len; $i++) { + $status |= (ord($signature[$i]) ^ ord($hash[$i])); + } + $status |= (strlen($signature) ^ strlen($hash)); + + return ($status === 0); } } |