swapped hash_equals() arguments

[marco-at-citec]

From https://www.php.net/manual/en/function.hash-equals:

Both arguments must be of the same length to be compared successfully. When arguments of differing length are supplied, false is returned immediately and the length of the known string may be leaked in case of a timing attack.

It is important to provide the user-supplied string as the second parameter, rather than the first.

It is used in the wrong way from verify static function, defeating hash_equals's goal of preventing timing attacks.

private static function verify($msg, $signature, $key, $alg)
{
...
$hash = \hash_hmac($algorithm, $msg, $key, true);
return self::constantTimeEquals($signature, $hash);

    public static function constantTimeEquals($left, $right)
    {
        if (\function_exists('hash_equals')) {
            return \hash_equals($left, $right);
        }

php-jwt/src/JWT.php

Line 297 in 83b6090

return self::constantTimeEquals($signature, $hash);

[bshaffer]

Fixed! Thank you for pointing this out.