Skip to content

Merge some security fix from openIDC#134

Open
kunqn wants to merge 6 commits into
cisco:masterfrom
kunqn:cisco-master
Open

Merge some security fix from openIDC#134
kunqn wants to merge 6 commits into
cisco:masterfrom
kunqn:cisco-master

Conversation

@kunqn

@kunqn kunqn commented Jun 24, 2026

Copy link
Copy Markdown

2a6e5bd: jwe: fix all-zero CEK for AES-CBC-HMAC content encryption
7325e9a: use fixed authentication tag length of 16 octets in AES GCM decryption
8c51d24: fix heap buffer overflow in AES key unwrap
0754ab9: jwe: require the RSA-decrypted CEK length to match the enc keysize (partially for jwe->cek cleanse)
cc83587: jws: enforce minimum HMAC key length (RFC 7518 section 3.2)

@kunqn kunqn marked this pull request as ready for review June 24, 2026 10:16
@kunqn kunqn marked this pull request as draft June 24, 2026 10:21
powerqk and others added 4 commits June 25, 2026 14:01
by validating the encrypted_key length before AES_unwrap_key

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
# Conflicts:
#	CHANGELOG.md
… 7518 section 3.2)

HMAC signing/verification accepted oct keys shorter than the hash
output. RFC 7518 section 3.2 requires an HS256/384/512 key to be at
least the size of the corresponding hash (32/48/64 bytes). Reject
shorter keys in _cjose_jws_build_dig_hmac_sha(), which runs on both the
sign and verify paths.

(Port of the version-1.0.x J6 fix.)

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

# Conflicts:
#	src/jws.c
@kunqn kunqn changed the title merge fix from openIDC: jwe: fix all-zero CEK for AES-CBC-HMAC content encryption Merge some security fix from openIDC Jun 25, 2026
@kunqn kunqn marked this pull request as ready for review June 26, 2026 03:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants