From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Mon, 18 Oct 2021 13:14:48 +0000 (+0200)
Subject: MINOR: jwt: Do not rely on enum order anymore
X-Git-Tag: v2.5-dev11~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8abed17a347f50d5bdb437e90530cb3be4020c7d;p=thirdparty%2Fhaproxy.git

MINOR: jwt: Do not rely on enum order anymore

Replace the test based on the enum value of the algorithm by an explicit
switch statement in case someone reorders it for some reason (while
still managing not to break the regtest).
---

diff --git a/src/jwt.c b/src/jwt.c
index bd8137d66b..e29a1c797b 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -338,18 +338,33 @@ enum jwt_vrfy_status jwt_verify(const struct buffer *token, const struct buffer
 
 	/* We have all three sections, signature calculation can begin. */
 
-	if (ctx.alg <= JWS_ALG_HS512) {
+	switch(ctx.alg) {
+
+	case JWS_ALG_HS256:
+	case JWS_ALG_HS384:
+	case JWS_ALG_HS512:
 		/* HMAC + SHA-XXX */
 		retval = jwt_jwsverify_hmac(&ctx, decoded_sig);
-	} else if (ctx.alg <= JWS_ALG_ES512) {
+		break;
+	case JWS_ALG_RS256:
+	case JWS_ALG_RS384:
+	case JWS_ALG_RS512:
+	case JWS_ALG_ES256:
+	case JWS_ALG_ES384:
+	case JWS_ALG_ES512:
 		/* RSASSA-PKCS1-v1_5 + SHA-XXX */
 		/* ECDSA using P-XXX and SHA-XXX */
 		retval = jwt_jwsverify_rsa_ecdsa(&ctx, decoded_sig);
-	} else if (ctx.alg <= JWS_ALG_PS512) {
+		break;
+	case JWS_ALG_PS256:
+	case JWS_ALG_PS384:
+	case JWS_ALG_PS512:
+	default:
 		/* RSASSA-PSS using SHA-XXX and MGF1 with SHA-XXX */
 
 		/* Not managed yet */
 		retval = JWT_VRFY_UNMANAGED_ALG;
+		break;
 	}
 
 end: