rpms/cjose
5
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2023-37464 AES GCM decryption

Browse Source 
AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE

Resolves: rhbz#2223307
This commit is contained in:
Tomas Halman 2023-07-21 11:13:41 +02:00
parent e02a34a658
commit a7ee7f6477
3 changed files with 98 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
0001-Define-OPENSSL_API_COMPAT-to-0x10101000L.patch
View File

@ -1,53 +0,0 @@
From b339a18aa06c78d64ac33d891d400eac7b86fff3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 17 May 2021 13:30:24 +0200
Subject: [PATCH] Define OPENSSL_API_COMPAT to 0x10101000L
---
src/jwe.c | 2 ++
src/jwk.c | 2 ++
src/jws.c | 2 ++
3 files changed, 6 insertions(+)
diff --git a/src/jwe.c b/src/jwe.c
index 822d408..d6f3149 100644
--- a/src/jwe.c
+++ b/src/jwe.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include <cjose/base64.h>
#include <cjose/header.h>
#include <cjose/jwe.h>
diff --git a/src/jwk.c b/src/jwk.c
index 860f0e7..87408e9 100644
--- a/src/jwk.c
+++ b/src/jwk.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include "include/jwk_int.h"
#include "include/util_int.h"
diff --git a/src/jws.c b/src/jws.c
index 4e03554..9d682a0 100644
--- a/src/jws.c
+++ b/src/jws.c
@@ -5,6 +5,8 @@
* Copyright (c) 2014-2016 Cisco Systems, Inc. All Rights Reserved.
*/
+#define OPENSSL_API_COMPAT 0x10101000L
+
#include <cjose/base64.h>
#include <cjose/header.h>
#include <cjose/jws.h>
--
2.31.1

91
0003-CVE-2023-37464.patch Normal file
View File

@ -0,0 +1,91 @@
diff -up cjose-0.6.1/src/jwe.c.orig cjose-0.6.1/src/jwe.c
--- cjose-0.6.1/src/jwe.c.orig 2023-07-19 16:23:44.658712950 +0200
+++ cjose-0.6.1/src/jwe.c 2023-07-19 16:55:02.173914437 +0200
@@ -1227,6 +1227,12 @@ static bool _cjose_jwe_decrypt_dat_a256g
goto _cjose_jwe_decrypt_dat_a256gcm_fail;
}
+ if (jwe->enc_auth_tag.raw_len != 16)
+ {
+ CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
+ goto _cjose_jwe_decrypt_dat_a256gcm_fail;
+ }
+
// set the expected GCM-mode authentication tag
if (EVP_CIPHER_CTX_ctrl(ctx, CJOSE_EVP_CTRL_GCM_SET_TAG, jwe->enc_auth_tag.raw_len, jwe->enc_auth_tag.raw) != 1)
{
diff -up cjose-0.6.1/test/check_jwe.c.orig cjose-0.6.1/test/check_jwe.c
--- cjose-0.6.1/test/check_jwe.c.orig 2018-04-12 00:39:58.000000000 +0200
+++ cjose-0.6.1/test/check_jwe.c 2023-07-19 16:38:45.412336742 +0200
@@ -809,6 +809,63 @@ START_TEST(test_cjose_jwe_decrypt_aes)
}
END_TEST
+START_TEST(test_cjose_jwe_decrypt_aes_gcm)
+{
+ cjose_err err;
+
+ const char *key = JWK_OCT_32;
+ const char *plain1 = "Live long and prosper.";
+ char *compact1 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA";
+ char *compact2 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.Gp";
+
+ cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err);
+ ck_assert_msg(NULL != jwk,
+ "cjose_jwk_import failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
+
+ cjose_jwe_t *jwe1 = cjose_jwe_import(compact1, strlen(compact1), &err);
+ ck_assert_msg(NULL != jwe1,
+ "cjose_jwe_import failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
+
+ uint8_t *plain2 = NULL;
+ size_t plain2_len = 0;
+ plain2 = cjose_jwe_decrypt(jwe1, jwk, &plain2_len, &err);
+ ck_assert_msg(NULL != plain2,
+ "cjose_jwe_decrypt failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
+
+ ck_assert_msg(plain2_len == strlen(plain1),
+ "length of decrypted plaintext does not match length of original, "
+ "expected: %lu, found: %lu",
+ strlen(plain1), plain2_len);
+ ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext");
+
+ cjose_get_dealloc()(plain2);
+ cjose_jwe_release(jwe1);
+
+ cjose_jwe_t *jwe2 = cjose_jwe_import(compact2, strlen(compact2), &err);
+ ck_assert_msg(NULL != jwe2,
+ "cjose_jwe_import failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
+
+ uint8_t *plain3 = NULL;
+ size_t plain3_len = 0;
+ plain3 = cjose_jwe_decrypt(jwe2, jwk, &plain3_len, &err);
+ ck_assert_msg(NULL == plain3,
+ "cjose_jwe_decrypt succeeded where it should have failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
+
+ cjose_jwe_release(jwe2);
+ cjose_jwk_release(jwk);
+}
+END_TEST
+
START_TEST(test_cjose_jwe_decrypt_rsa)
{
struct cjose_jwe_decrypt_rsa
@@ -1210,6 +1267,7 @@ Suite *cjose_jwe_suite()
tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_large);
tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_many);
tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes);
+ tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes_gcm);
tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_rsa);
tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_header);
tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_key);

8
cjose.spec
View File

@ -1,6 +1,6 @@
Name: cjose
Version: 0.6.1
Release: 3%{?dist}
Release: 4%{?dist}
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)
License: MIT
@ -9,6 +9,7 @@ Source0: https://github.com/cisco/%{name}/archive/%{version}/%{name}-%{version
Patch1: concatkdf.patch
Patch2: 0002-check-cjose_get_alloc.patch
Patch3: 0003-CVE-2023-37464.patch
BuildRequires: gcc
BuildRequires: doxygen
@ -65,6 +66,11 @@ make check || (cat test/test-suite.log; exit 1)
%changelog
* Wed Jul 19 2023 <thalman@redhat.com> - 0.6.1-4
- CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual
Authentication Tag provided in the JWE
Resolves: rhbz#2223308
* Fri Mar 17 2023 <thalman@redhat.com> - 0.6.1-3
- Random memory override
Resolves: rhbz#2072469