Skip to content

Commit

Permalink
Prevent segmentation fault when using A256KW + A256GCM
Browse files Browse the repository at this point in the history
  • Loading branch information
@linuxwolf
linuxwolf committed Mar 5, 2018
1 parent b6665de commit fb24d6f
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 12 deletions.
2 changes: 1 addition & 1 deletion src/include/jwe_int.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ typedef struct _jwe_rec_fntable_int
typedef struct _jwe_fntable_int
{

bool (*set_cek)(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
bool (*set_cek)(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, bool prealloc, cjose_err *err);

bool (*set_iv)(cjose_jwe_t *jwe, cjose_err *err);

Expand Down
24 changes: 13 additions & 11 deletions src/jwe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,12 @@
#include "include/jwe_int.h"
#include "include/util_int.h"



////////////////////////////////////////////////////////////////////////////////
static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, bool prealloc, cjose_err *err);

static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, bool prealloc, cjose_err *err);

static bool
_cjose_jwe_encrypt_ek_dir(_jwe_int_recipient_t *recipient, cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
Expand Down Expand Up @@ -359,7 +361,7 @@ static bool _cjose_jwe_validate_alg(cjose_header_t *protected_header,
}

////////////////////////////////////////////////////////////////////////////////
static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err)
static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk, bool prealloc, cjose_err *err)
{
// 256 bits = 32 bytes
static const size_t keysize = 32;
Expand All @@ -373,7 +375,7 @@ static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk,
if (NULL == jwk)
{
_cjose_release_cek(&jwe->cek, jwe->cek_len);
if (!_cjose_jwe_malloc(keysize, true, &jwe->cek, err))
if (!_cjose_jwe_malloc(keysize, !prealloc, &jwe->cek, err))
{
return false;
}
Expand Down Expand Up @@ -402,7 +404,7 @@ static bool _cjose_jwe_set_cek_a256gcm(cjose_jwe_t *jwe, const cjose_jwk_t *jwk,
}

////////////////////////////////////////////////////////////////////////////////
static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *dummy_set_to_null_for_random, cjose_err *err)
static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *cek, bool prealloc, cjose_err *err)
{

if (NULL != jwe->cek)
Expand All @@ -429,7 +431,7 @@ static bool _cjose_jwe_set_cek_aes_cbc(cjose_jwe_t *jwe, const cjose_jwk_t *dumm

// allocate memory for the CEK and fill with random bytes or 0's
_cjose_release_cek(&jwe->cek, jwe->cek_len);
if (!_cjose_jwe_malloc(jwe->cek_len, dummy_set_to_null_for_random == NULL, &jwe->cek, err))
if (!_cjose_jwe_malloc(jwe->cek_len, !prealloc, &jwe->cek, err))
{
return false;
}
Expand All @@ -442,7 +444,7 @@ static bool
_cjose_jwe_encrypt_ek_dir(_jwe_int_recipient_t *recipient, cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err)
{
// for direct encryption, JWE sec 5.1, step 6: let CEK be the symmetric key.
if (!jwe->fns.set_cek(jwe, jwk, err))
if (!jwe->fns.set_cek(jwe, jwk, false, err))
{
return false;
}
Expand All @@ -460,7 +462,7 @@ _cjose_jwe_decrypt_ek_dir(_jwe_int_recipient_t *recipient, cjose_jwe_t *jwe, con
{
// do not try and decrypt the ek. that's impossible.
// instead... only try to realize the truth. there is no ek.
return jwe->fns.set_cek(jwe, jwk, err);
return jwe->fns.set_cek(jwe, jwk, false, err);
}

////////////////////////////////////////////////////////////////////////////////
Expand All @@ -481,7 +483,7 @@ _cjose_jwe_encrypt_ek_aes_kw(_jwe_int_recipient_t *recipient, cjose_jwe_t *jwe,
}

// generate random CEK
if (!jwe->fns.set_cek(jwe, NULL, err))
if (!jwe->fns.set_cek(jwe, NULL, false, err))
{
return false;
}
Expand Down Expand Up @@ -538,7 +540,7 @@ _cjose_jwe_decrypt_ek_aes_kw(_jwe_int_recipient_t *recipient, cjose_jwe_t *jwe,
}

// generate empty CEK so the the right amount of memory is allocated (abuse JWK parameter to empty)
if (!jwe->fns.set_cek(jwe, (const cjose_jwk_t *)1, err))
if (!jwe->fns.set_cek(jwe, NULL, true, err))
{
return false;
}
Expand Down Expand Up @@ -577,7 +579,7 @@ static bool _cjose_jwe_encrypt_ek_rsa_padding(
}

// generate random cek
if (!jwe->fns.set_cek(jwe, NULL, err))
if (!jwe->fns.set_cek(jwe, NULL, false, err))
{
return false;
}
Expand Down
2 changes: 2 additions & 0 deletions test/check_jwe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,8 @@ static void _self_encrypt_self_decrypt(const char *plain1)

_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_A256KW, CJOSE_HDR_ENC_A256CBC_HS512, JWK_OCT, plain1);

_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_A128KW, CJOSE_HDR_ENC_A256GCM, JWK_OCT, plain1);

_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_ECDH_ES, CJOSE_HDR_ENC_A256GCM, JWK_EC, plain1);
}

Expand Down

0 comments on commit fb24d6f

Please sign in to comment.