cjose
cjose copied to clipboard
cisco
C library implementing the Javascript Object Signing and Encryption (JOSE)
**NOTE THAT AES GCM DECRYPTION IS SEVERELY BROKEN FOR ALL VERSIONS OF CJOSE < 0.6.2.2** The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag...
closes: https://github.com/cisco/cjose/issues/125
Most memory leak detectors redefine the "free" function (and others). The struct _key_fntable_int contains the following: void (*free)(cjose_jwk_t *); This clashes with a redefintion of "free". Is it possible to...
in jwe.c, on line 1952: ``` cek = cjose_get_alloc()(cek_len); memcpy(cek, jwe->cek, cek_len); ``` Allocation result is not checked. We should add ``` if (!cek) { CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY); return NULL; }...
There is #114 but that seems to break building with OpenSSL 1.1.1 so that's probably not the best solution. @linuxwolf Is there an official position regarding this?
In jwe.c, `_cjose_jwe_set_iv_aes_cbc` creates different sized IVs depending on the key size. This doesn't seem correct; the CBC IV is based on the block size, which is always 16 bytes...
Looks like the use of `ck_assert_uint_eq` would require at least check-devel 0.10.0: https://github.com/libcheck/check/commit/305371c21f7d865296a8e93791ad8a4f286b0b1a RHEL 7 version of check is 0.9.9 Error: ``` DEBUG util.py:490: BUILDSTDERR: check_cjose-check_concatkdf.o: In function `test_cjose_concatkdf_otherinfo_noextra': DEBUG...
When setting a custom memory allocator and deallocator using https://github.com/cisco/cjose/blob/9261231f08d2a3cbcf5d73c5f9e754a2f1c379ac/src/util.c#L60 it is also applied to json. In https://github.com/cisco/cjose/blob/254ab05e04cc32d866712bea838990eb4011cbf5/src/jws.c#L54-L65 `json_dumps` allocatos `hdr_str` using the custom allocator. However later `hdr_str` is freed...
Hi @linuxwolf , I'm having problems with encryption A128GCM. Is it supported Algorithm A128GCM for this library? thank you, Regards!
A maintenance fork was started here: https://github.com/OpenIDC/cjose/tree/version-0.6.2.x @rnapier @jogu @ajishna @veselov @zachmann @mpsun @securedimensions @traeak I have merged your PRs, please check and see if you need more when done...