diff --git a/src/crypto_utils.c b/src/crypto_utils.c
index 8af31e8..9be06db 100644
--- a/src/crypto_utils.c
+++ b/src/crypto_utils.c
@@ -27,16 +27,6 @@
 #include "otp.h"
 #include "random.h"
 
-int ct_memcmp(const void *a, const void *b, size_t n) {
-    const volatile uint8_t *x = (const volatile uint8_t *)a;
-    const volatile uint8_t *y = (const volatile uint8_t *)b;
-    uint8_t r = 0;
-    for (size_t i = 0; i < n; ++i) {
-        r |= x[i] ^ y[i];
-    }
-    return r;
-}
-
 static const mbedtls_md_info_t *SHA256(void) {
     return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
 }
@@ -333,7 +323,9 @@ int base64url_encode(unsigned char *dst, size_t dlen, size_t *olen, const unsign
 
 int base64url_decode(unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen) {
     // First convert from base64url to standard base64
-    unsigned char *b64_src = (unsigned char *)malloc(slen + 2); // +2 for padding if needed
+    if ((slen % 4) == 1) return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+    size_t padding = (4 - (slen % 4)) % 4;
+    unsigned char *b64_src = malloc(slen + padding);
     if (b64_src == NULL) {
         return PICOKEYS_ERR_MEMORY_FATAL;
     }
@@ -348,7 +340,6 @@ int base64url_decode(unsigned char *dst, size_t dlen, size_t *olen, const unsign
             b64_src[i] = src[i];
         }
     }
-    size_t padding = (4 - (slen % 4)) % 4;
     for (size_t i = 0; i < padding; i++) {
         b64_src[slen + i] = '=';
     }
@@ -358,3 +349,18 @@ int base64url_decode(unsigned char *dst, size_t dlen, size_t *olen, const unsign
     free(b64_src);
     return rc;
 }
+
+int b64url_decoded_len(size_t n, size_t *out_len) {
+    if (out_len == NULL) return -1;
+    if ((n % 4) == 1) return -2; // longitud base64url invàlida
+
+    size_t pad = (4 - (n % 4)) % 4;   // 0,1,2
+    size_t total = n + pad;
+    size_t out = (total / 4) * 3;
+
+    if (pad == 1) out -= 1;
+    else if (pad == 2) out -= 2;
+
+    *out_len = out;
+    return 0;
+}
\ No newline at end of file
diff --git a/src/crypto_utils.h b/src/crypto_utils.h
index 2f56317..b1e8f50 100644
--- a/src/crypto_utils.h
+++ b/src/crypto_utils.h
@@ -46,7 +46,6 @@ typedef enum {
 
 #define PIN_KDF_DEFAULT_VERSION PIN_KDF_V2
 
-extern int ct_memcmp(const void *a, const void *b, size_t n);
 // Newer and safe functions
 extern void derive_kbase(uint8_t kbase[32]);
 extern void derive_kver(const uint8_t *pin, size_t pin_len, uint8_t kver[32]);
@@ -68,6 +67,7 @@ extern mbedtls_ecp_group_id ec_get_curve_from_prime(const uint8_t *prime, size_t
 extern uint32_t crc32c(const uint8_t *buf, size_t len);
 extern int base64url_encode(unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen);
 extern int base64url_decode(unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen);
+extern int b64url_decoded_len(size_t n, size_t *out_len);
 
 #define PIN_KDF_SIZE(x)  (12 + (x) + 16)
 
diff --git a/src/usb/lwip/rest_server.c b/src/usb/lwip/rest_server.c
index c6ed6fb..8bf10c6 100644
--- a/src/usb/lwip/rest_server.c
+++ b/src/usb/lwip/rest_server.c
@@ -21,6 +21,7 @@
 #include "usb.h"
 #include "pico_time.h"
 #include "serial.h"
+#include "mbedtls/constant_time.h"
 
 #include <ctype.h>
 #ifdef _WIN32
@@ -718,7 +719,7 @@ static int rest_verify_request_signature(const rest_request_t *request, const re
         return PICOKEYS_EXEC_ERROR;
     }
     mbedtls_md_free(&ctx);
-    if (ct_memcmp(hmac, hmac_x, sizeof(hmac)) != 0) {
+    if (mbedtls_ct_memcmp(hmac, hmac_x, sizeof(hmac)) != 0) {
         return PICOKEYS_EXEC_ERROR;
     }
     return PICOKEYS_OK;