eden-emu/cpp-jwt
14
0
Fork 0
mirror of https://github.com/arun11299/cpp-jwt.git synced 2025-05-15 09:18:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

#102 Prevent Algo confusion attack

Browse source
This commit is contained in:
arunmu-nx 2025-04-22 18:49:16 +05:30
parent 4a970bc302
commit b9528b32eb
7 changed files with 82 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

25
include/jwt/impl/algorithm.ipp
View file

@ -25,6 +25,31 @@ SOFTWARE.
namespace jwt {
verify_result_t is_secret_a_public_key(const jwt::string_view secret)
{
std::error_code ec{};
BIO_uptr bufkey{
BIO_new_mem_buf((void*)secret.data(), static_cast<int>(secret.length())),
bio_deletor
};
if (!bufkey) {
throw MemoryAllocationException("BIO_new_mem_buf failed");
}
EC_PKEY_uptr pkey{
PEM_read_bio_PUBKEY(bufkey.get(), nullptr, nullptr, nullptr),
ev_pkey_deletor
};
if (!pkey) {
ec = AlgorithmErrc::InvalidKeyErr;
return { false, ec };
}
return {true, ec};
}
template <typename Hasher>
verify_result_t HMACSign<Hasher>::verify(
const jwt::string_view key,