Skip to content

Commit

Permalink
Remove is_pss and just check type == EVP_PKEY_RSA_PSS
Browse files Browse the repository at this point in the history 
Signed-off-by: Ben Collins <[email protected]>
  • Loading branch information
@benmcollins
benmcollins committed Dec 2, 2024
1 parent 9cc79d9 commit fd7259d
Showing 1 changed file with 3 additions and 10 deletions.
13 changes: 3 additions & 10 deletions libjwt/jwt-openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len,
EVP_PKEY *pkey = NULL;
unsigned char *sig;
int ret = 0;
size_t slen, is_pss = 0;
size_t slen;

switch (jwt->alg) {
/* RSA */
Expand All @@ -263,17 +263,14 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len,
case JWT_ALG_PS256:
alg = EVP_sha256();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;
case JWT_ALG_PS384:
alg = EVP_sha384();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;
case JWT_ALG_PS512:
alg = EVP_sha512();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;

/* ECC */
Expand Down Expand Up @@ -317,7 +314,7 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len,
if (EVP_DigestSignInit(mdctx, &pkey_ctx, alg, NULL, pkey) != 1)
SIGN_ERROR(EINVAL);

if (is_pss) {
if (type == EVP_PKEY_RSA_PSS) {
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) < 0)
SIGN_ERROR(EINVAL);
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, RSA_PSS_SALTLEN_DIGEST) < 0)
Expand Down Expand Up @@ -415,7 +412,6 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons
BIO *bufkey = NULL;
int ret = 0;
int slen;
int is_pss = 0;

switch (jwt->alg) {
/* RSA */
Expand All @@ -436,17 +432,14 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons
case JWT_ALG_PS256:
alg = EVP_sha256();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;
case JWT_ALG_PS384:
alg = EVP_sha384();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;
case JWT_ALG_PS512:
alg = EVP_sha512();
type = EVP_PKEY_RSA_PSS;
is_pss = 1;
break;

/* ECC */
Expand Down Expand Up @@ -532,7 +525,7 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons
if (EVP_DigestVerifyInit(mdctx, &pkey_ctx, alg, NULL, pkey) != 1)
VERIFY_ERROR(EINVAL);

if (is_pss) {
if (type == EVP_PKEY_RSA_PSS) {
if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) < 0)
VERIFY_ERROR(EINVAL);
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, RSA_PSS_SALTLEN_DIGEST) < 0)
Expand Down

0 comments on commit fd7259d

Please sign in to comment.