From 8abed17a347f50d5bdb437e90530cb3be4020c7d Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Mon, 18 Oct 2021 15:14:48 +0200 Subject: [PATCH] MINOR: jwt: Do not rely on enum order anymore Replace the test based on the enum value of the algorithm by an explicit switch statement in case someone reorders it for some reason (while still managing not to break the regtest). --- src/jwt.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/jwt.c b/src/jwt.c index bd8137d..e29a1c7 100644 --- a/src/jwt.c +++ b/src/jwt.c @@ -338,18 +338,33 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer /* We have all three sections, signature calculation can begin. */ - if (ctx.alg <= JWS_ALG_HS512) { + switch(ctx.alg) { + + case JWS_ALG_HS256: + case JWS_ALG_HS384: + case JWS_ALG_HS512: /* HMAC + SHA-XXX */ retval = jwt_jwsverify_hmac(&ctx, decoded_sig); - } else if (ctx.alg <= JWS_ALG_ES512) { + break; + case JWS_ALG_RS256: + case JWS_ALG_RS384: + case JWS_ALG_RS512: + case JWS_ALG_ES256: + case JWS_ALG_ES384: + case JWS_ALG_ES512: /* RSASSA-PKCS1-v1_5 + SHA-XXX */ /* ECDSA using P-XXX and SHA-XXX */ retval = jwt_jwsverify_rsa_ecdsa(&ctx, decoded_sig); - } else if (ctx.alg <= JWS_ALG_PS512) { + break; + case JWS_ALG_PS256: + case JWS_ALG_PS384: + case JWS_ALG_PS512: + default: /* RSASSA-PSS using SHA-XXX and MGF1 with SHA-XXX */ /* Not managed yet */ retval = JWT_VRFY_UNMANAGED_ALG; + break; } end: -- 1.7.10.4