The OpenSSL documentation (https://www.openssl.org/docs/man1.1.0/man3/HMAC.html)
specifies:
> It places the result in md (which must have space for the output of the hash
> function, which is no more than EVP_MAX_MD_SIZE bytes). If md is NULL, the
> digest is placed in a static array. The size of the output is placed in
> md_len, unless it is NULL. Note: passing a NULL value for md to use the
> static array is not thread safe.
`EVP_MAX_MD_SIZE` appears to be defined as `64`, so let's simply use a stack
buffer to avoid the whole memory management.
---
src/jwt.c | 12 +---
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/src/jwt.c b/src/jwt.c
index e29a1c797..d075bcfd4 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -175,19 +175,11 @@ static enum jwt_vrfy_status
jwt_jwsverify_hmac(const struct jwt_ctx *ctx, const struct buffer
*decoded_signature)
{
const EVP_MD *evp = NULL;
- unsigned char *signature = NULL;
+ unsigned char signature[EVP_MAX_MD_SIZE];
unsigned int signature_length = 0;
- struct buffer *trash = NULL;
unsigned char *hmac_res = NULL;
enum jwt_vrfy_status retval = JWT_VRFY_KO;
- trash = alloc_trash_chunk();
- if (!trash)
- return JWT_VRFY_OUT_OF_MEMORY;
-
- signature = (unsigned char*)trash->area;
- signature_length = trash->size;
-
switch(ctx->alg) {
case JWS_ALG_HS256:
evp = EVP_sha256();
@@ -208,8 +200,6 @@ jwt_jwsverify_hmac(const struct jwt_ctx *ctx, const struct
buffer *decoded_signa
(CRYPTO_memcmp(decoded_signature->area, signature,
signature_length) == 0))
retval = JWT_VRFY_OK;
- free_trash_chunk(trash);
-
return retval;
}
--
2.33.0
