Hans Zandbelt issues

Results 9 issues of


                                            Hans Zandbelt

DES: support binary keys/plaintext/ciphertext and PKCS#5 padding, improve efficiency and add test script against OpenSSL

- parse keys that include 0's e.g. converted from hexadecimal inputs - handle arbitrary binary plaintext/ciphertext without assuming they should be NULL terminated strings (which are handled properly anyhow) -...

packages for Debian/Ubuntu don't contain .so file

for versions >= 1.4.5.3

SECURITY VULNERABILITY: incorrect Authentication Tag length usage in AES GCM decryption

**NOTE THAT AES GCM DECRYPTION IS SEVERELY BROKEN FOR ALL VERSIONS OF CJOSE < 0.6.2.2** The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag...

use fixed authentication tag length of 16 octets in AES GCM decryption

closes: https://github.com/cisco/cjose/issues/125

external maintenance fork 0.6.2.x

A maintenance fork was started here: https://github.com/OpenIDC/cjose/tree/version-0.6.2.x @rnapier @jogu @ajishna @veselov @zachmann @mpsun @securedimensions @traeak I have merged your PRs, please check and see if you need more when done...

Fix double free on decrypt ek rsa padding failure

fixes two problems when decryption fails

add support for A128GCM and A192GCM encryption

preserve key order in order to be able to compare serialized JWTs

`_cjose_test_json_serial` in `check_jwe` would fail with older versions of Jansson that don't have the JSON_PRESERVE_ORDER flag set by default this would happen e.g. on Ubuntu Xenial

Enabling Metrics Endpoint causes Segmentation Faults during Shutdown

### Discussed in https://github.com/OpenIDC/mod_auth_openidc/discussions/1207 Originally posted by **studersi** March 22, 2024 When enabling the new Prometheus metrics endpoint, we see memory corruption errors. Sometimes this causes backtraces to be logged:...