From fd7259d95a90b5ff433a10bfa7e9afdf0bf1c8be Mon Sep 17 00:00:00 2001 From: Ben Collins Date: Mon, 2 Dec 2024 09:05:41 -0500 Subject: [PATCH] Remove is_pss and just check type == EVP_PKEY_RSA_PSS Signed-off-by: Ben Collins --- libjwt/jwt-openssl.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/libjwt/jwt-openssl.c b/libjwt/jwt-openssl.c index 1d48265..dcf296f 100644 --- a/libjwt/jwt-openssl.c +++ b/libjwt/jwt-openssl.c @@ -242,7 +242,7 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len, EVP_PKEY *pkey = NULL; unsigned char *sig; int ret = 0; - size_t slen, is_pss = 0; + size_t slen; switch (jwt->alg) { /* RSA */ @@ -263,17 +263,14 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len, case JWT_ALG_PS256: alg = EVP_sha256(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; case JWT_ALG_PS384: alg = EVP_sha384(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; case JWT_ALG_PS512: alg = EVP_sha512(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; /* ECC */ @@ -317,7 +314,7 @@ int jwt_sign_sha_pem(jwt_t *jwt, char **out, unsigned int *len, if (EVP_DigestSignInit(mdctx, &pkey_ctx, alg, NULL, pkey) != 1) SIGN_ERROR(EINVAL); - if (is_pss) { + if (type == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) < 0) SIGN_ERROR(EINVAL); if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, RSA_PSS_SALTLEN_DIGEST) < 0) @@ -415,7 +412,6 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons BIO *bufkey = NULL; int ret = 0; int slen; - int is_pss = 0; switch (jwt->alg) { /* RSA */ @@ -436,17 +432,14 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons case JWT_ALG_PS256: alg = EVP_sha256(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; case JWT_ALG_PS384: alg = EVP_sha384(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; case JWT_ALG_PS512: alg = EVP_sha512(); type = EVP_PKEY_RSA_PSS; - is_pss = 1; break; /* ECC */ @@ -532,7 +525,7 @@ int jwt_verify_sha_pem(jwt_t *jwt, const char *head, unsigned int head_len, cons if (EVP_DigestVerifyInit(mdctx, &pkey_ctx, alg, NULL, pkey) != 1) VERIFY_ERROR(EINVAL); - if (is_pss) { + if (type == EVP_PKEY_RSA_PSS) { if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) < 0) VERIFY_ERROR(EINVAL); if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, RSA_PSS_SALTLEN_DIGEST) < 0)