mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 15:17:01 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: jwt: Rename pkey to pubkey in jwt_cert_tree_entry struct

Browse Source 
Rename the jwt_cert_tree_entry member pkey to pubkey to avoid any
confusion between private and public key.
This commit is contained in:
Remi Tricot-Le Breton 2025-06-30 16:56:24 +02:00 committed by William Lallemand
parent 5c3d0a554b
commit cd89ce1766
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/jwt-t.h
View File

@ -65,7 +65,7 @@ enum jwt_elt {
}; };
struct jwt_cert_tree_entry { struct jwt_cert_tree_entry {
EVP_PKEY *pkey; EVP_PKEY *pubkey;
struct ebmb_node node; struct ebmb_node node;
char path[VAR_ARRAY]; char path[VAR_ARRAY];
}; };

20
src/jwt.c
View File

@ -131,7 +131,7 @@ int jwt_tree_load_cert(char *path, int pathlen, char **err)
{ {
int retval = -1; int retval = -1;
struct jwt_cert_tree_entry *entry = NULL; struct jwt_cert_tree_entry *entry = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pubkey = NULL;
BIO *bio = NULL; BIO *bio = NULL;
entry = calloc(1, sizeof(*entry) + pathlen + 1); entry = calloc(1, sizeof(*entry) + pathlen + 1);
@ -154,20 +154,20 @@ int jwt_tree_load_cert(char *path, int pathlen, char **err)
if (BIO_read_filename(bio, path) == 1) { if (BIO_read_filename(bio, path) == 1) {
pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); pubkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
if (!pkey) { if (!pubkey) {
memprintf(err, "%sfile not found (%s)\n", err && *err ? *err : "", path); memprintf(err, "%sfile not found (%s)\n", err && *err ? *err : "", path);
goto end; goto end;
} }
entry->pkey = pkey; entry->pubkey = pubkey;
retval = 0; retval = 0;
} }
end: end:
if (retval) { if (retval) {
/* Some error happened during pkey parsing, remove the already /* Some error happened during pubkey parsing, remove the already
* inserted node from the tree and free it. * inserted node from the tree and free it.
*/ */
ebmb_delete(&entry->node); ebmb_delete(&entry->node);
@ -220,7 +220,7 @@ jwt_jwsverify_hmac(const struct jwt_ctx *ctx, const struct buffer *decoded_signa
* verification functions. * verification functions.
* Returns 0 in case of success. * Returns 0 in case of success.
*/ */
static int convert_ecdsa_sig(const struct jwt_ctx *ctx, EVP_PKEY *pkey, struct buffer *signature) static int convert_ecdsa_sig(const struct jwt_ctx *ctx, EVP_PKEY *pubkey, struct buffer *signature)
{ {
int retval = 0; int retval = 0;
ECDSA_SIG *ecdsa_sig = NULL; ECDSA_SIG *ecdsa_sig = NULL;
@ -334,7 +334,7 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx *ctx, struct buffer *decoded_signat
entry = ebmb_entry(eb, struct jwt_cert_tree_entry, node); entry = ebmb_entry(eb, struct jwt_cert_tree_entry, node);
if (!entry->pkey) { if (!entry->pubkey) {
retval = JWT_VRFY_UNKNOWN_CERT; retval = JWT_VRFY_UNKNOWN_CERT;
goto end; goto end;
} }
@ -345,14 +345,14 @@ jwt_jwsverify_rsa_ecdsa(const struct jwt_ctx *ctx, struct buffer *decoded_signat
* work with OpenSSL. * work with OpenSSL.
*/ */
if (is_ecdsa) { if (is_ecdsa) {
int conv_retval = convert_ecdsa_sig(ctx, entry->pkey, decoded_signature); int conv_retval = convert_ecdsa_sig(ctx, entry->pubkey, decoded_signature);
if (conv_retval != 0) { if (conv_retval != 0) {
retval = conv_retval; retval = conv_retval;
goto end; goto end;
} }
} }
if (EVP_DigestVerifyInit(evp_md_ctx, &pkey_ctx, evp, NULL, entry->pkey) == 1) { if (EVP_DigestVerifyInit(evp_md_ctx, &pkey_ctx, evp, NULL, entry->pubkey) == 1) {
if (is_ecdsa || EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) > 0) { if (is_ecdsa || EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, padding) > 0) {
if (EVP_DigestVerifyUpdate(evp_md_ctx, (const unsigned char*)ctx->jose.start, if (EVP_DigestVerifyUpdate(evp_md_ctx, (const unsigned char*)ctx->jose.start,
ctx->jose.length + ctx->claims.length + 1) == 1 && ctx->jose.length + ctx->claims.length + 1) == 1 &&
@ -474,7 +474,7 @@ static void jwt_deinit(void)
while (node) { while (node) {
entry = ebmb_entry(node, struct jwt_cert_tree_entry, node); entry = ebmb_entry(node, struct jwt_cert_tree_entry, node);
ebmb_delete(node); ebmb_delete(node);
EVP_PKEY_free(entry->pkey); EVP_PKEY_free(entry->pubkey);
ha_free(&entry); ha_free(&entry);
node = ebmb_first(&jwt_cert_tree); node = ebmb_first(&jwt_cert_tree);
} }