Version in base suite: 0.6.1+dfsg1-1 Base version: cjose_0.6.1+dfsg1-1 Target version: cjose_0.6.1+dfsg1-1+deb11u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/cjose/cjose_0.6.1+dfsg1-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/c/cjose/cjose_0.6.1+dfsg1-1+deb11u1.dsc changelog | 6 ++ patches/CVE-2023-37464.patch | 109 +++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 116 insertions(+) diff: /srv/release.debian.org/tmp/aNZzHdn67k/cjose-0.6.1+dfsg1/lib: No such file or directory diff: /srv/release.debian.org/tmp/7lifhWzLPt/cjose-0.6.1+dfsg1/lib: No such file or directory diff -Nru cjose-0.6.1+dfsg1/debian/changelog cjose-0.6.1+dfsg1/debian/changelog --- cjose-0.6.1+dfsg1/debian/changelog 2018-08-06 13:35:23.000000000 +0000 +++ cjose-0.6.1+dfsg1/debian/changelog 2023-08-04 13:43:36.000000000 +0000 @@ -1,3 +1,9 @@ +cjose (0.6.1+dfsg1-1+deb11u1) bullseye-security; urgency=medium + + * CVE-2023-37464 (Closes: #1041423) + + -- Moritz Muehlenhoff Fri, 04 Aug 2023 15:43:36 +0200 + cjose (0.6.1+dfsg1-1) unstable; urgency=medium * New upstream version 0.6.1+dfsg1 diff -Nru cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch --- cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch 1970-01-01 00:00:00.000000000 +0000 +++ cjose-0.6.1+dfsg1/debian/patches/CVE-2023-37464.patch 2023-08-04 13:43:36.000000000 +0000 @@ -0,0 +1,109 @@ +From: Hans Zandbelt +Date: Wed, 12 Jul 2023 10:52:45 +0200 +Subject: use fixed authentication tag length of 16 octets in AES GCM + decryption + +Signed-off-by: Hans Zandbelt +Origin: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e +Bug: https://github.com/cisco/cjose/issues/125 +Bug: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-37464 +Bug-Debian: https://bugs.debian.org/1041423 +--- + src/jwe.c | 6 ++++++ + test/check_jwe.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 64 insertions(+) + +diff --git a/src/jwe.c b/src/jwe.c +index 822d408..3b7bf73 100644 +--- a/src/jwe.c ++++ b/src/jwe.c +@@ -1225,6 +1225,12 @@ static bool _cjose_jwe_decrypt_dat_a256gcm(cjose_jwe_t *jwe, cjose_err *err) + goto _cjose_jwe_decrypt_dat_a256gcm_fail; + } + ++ if (jwe->enc_auth_tag.raw_len != 16) ++ { ++ CJOSE_ERROR(err, CJOSE_ERR_CRYPTO); ++ goto _cjose_jwe_decrypt_dat_a256gcm_fail; ++ } ++ + // set the expected GCM-mode authentication tag + if (EVP_CIPHER_CTX_ctrl(ctx, CJOSE_EVP_CTRL_GCM_SET_TAG, jwe->enc_auth_tag.raw_len, jwe->enc_auth_tag.raw) != 1) + { +diff --git a/test/check_jwe.c b/test/check_jwe.c +index 459dce1..43d258e 100644 +--- a/test/check_jwe.c ++++ b/test/check_jwe.c +@@ -809,6 +809,63 @@ START_TEST(test_cjose_jwe_decrypt_aes) + } + END_TEST + ++START_TEST(test_cjose_jwe_decrypt_aes_gcm) ++{ ++ cjose_err err; ++ ++ const char *key = JWK_OCT_32; ++ const char *plain1 = "Live long and prosper."; ++ char *compact1 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA"; ++ char *compact2 = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.Gp"; ++ ++ cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err); ++ ck_assert_msg(NULL != jwk, ++ "cjose_jwk_import failed: " ++ "%s, file: %s, function: %s, line: %ld", ++ err.message, err.file, err.function, err.line); ++ ++ cjose_jwe_t *jwe1 = cjose_jwe_import(compact1, strlen(compact1), &err); ++ ck_assert_msg(NULL != jwe1, ++ "cjose_jwe_import failed: " ++ "%s, file: %s, function: %s, line: %ld", ++ err.message, err.file, err.function, err.line); ++ ++ uint8_t *plain2 = NULL; ++ size_t plain2_len = 0; ++ plain2 = cjose_jwe_decrypt(jwe1, jwk, &plain2_len, &err); ++ ck_assert_msg(NULL != plain2, ++ "cjose_jwe_decrypt failed: " ++ "%s, file: %s, function: %s, line: %ld", ++ err.message, err.file, err.function, err.line); ++ ++ ck_assert_msg(plain2_len == strlen(plain1), ++ "length of decrypted plaintext does not match length of original, " ++ "expected: %lu, found: %lu", ++ strlen(plain1), plain2_len); ++ ck_assert_msg(strncmp(plain1, plain2, plain2_len) == 0, "decrypted plaintext does not match encrypted plaintext"); ++ ++ cjose_get_dealloc()(plain2); ++ cjose_jwe_release(jwe1); ++ ++ cjose_jwe_t *jwe2 = cjose_jwe_import(compact2, strlen(compact2), &err); ++ ck_assert_msg(NULL != jwe2, ++ "cjose_jwe_import failed: " ++ "%s, file: %s, function: %s, line: %ld", ++ err.message, err.file, err.function, err.line); ++ ++ uint8_t *plain3 = NULL; ++ size_t plain3_len = 0; ++ plain3 = cjose_jwe_decrypt(jwe2, jwk, &plain3_len, &err); ++ ck_assert_msg(NULL == plain3, ++ "cjose_jwe_decrypt succeeded where it should have failed: " ++ "%s, file: %s, function: %s, line: %ld", ++ err.message, err.file, err.function, err.line); ++ ++ cjose_jwe_release(jwe2); ++ cjose_jwk_release(jwk); ++} ++END_TEST ++ + START_TEST(test_cjose_jwe_decrypt_rsa) + { + struct cjose_jwe_decrypt_rsa +@@ -1210,6 +1267,7 @@ Suite *cjose_jwe_suite() + tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_large); + tcase_add_test(tc_jwe, test_cjose_jwe_self_encrypt_self_decrypt_many); + tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes); ++ tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_aes_gcm); + tcase_add_test(tc_jwe, test_cjose_jwe_decrypt_rsa); + tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_header); + tcase_add_test(tc_jwe, test_cjose_jwe_encrypt_with_bad_key); diff -Nru cjose-0.6.1+dfsg1/debian/patches/series cjose-0.6.1+dfsg1/debian/patches/series --- cjose-0.6.1+dfsg1/debian/patches/series 2018-08-06 13:28:10.000000000 +0000 +++ cjose-0.6.1+dfsg1/debian/patches/series 2023-08-04 13:43:36.000000000 +0000 @@ -1,2 +1,3 @@ remove-platform-dir.patch fix-concatkdf-failures-on-big-endian-architectures.patch +CVE-2023-37464.patch