head	1.1;
access;
symbols;
locks; strict;
comment	@# @;


1.1
date	2026.06.13.10.02.33;	author markd;	state Exp;
branches;
next	;
commitid	RRbPskgJPdukBCJG;


desc
@@


1.1
log
@cjose: update to 0.6.2.6

0.6.2.6
* **Security fix**: AES-CBC-HMAC JWE encryption used an all-zero content-encryption key.
  `_cjose_jwe_set_cek_aes_cbc` inverted the "random" flag and zero-filled the CEK instead
  of generating it from `RAND_bytes`. Every JWE produced with an AES-CBC-HMAC `enc`
  (A128CBC-HS256 / A192CBC-HS384 / A256CBC-HS512) combined with a non-`dir` key-management
  `alg` (A128/192/256KW, RSA-OAEP, RSA1_5) was encrypted and authenticated under an
  all-zero key, breaking confidentiality and integrity for those ciphertexts. The `dir`
  algorithm and all AES-GCM `enc` values were not affected. Adds a regression test.
* Additional hardening from a security audit of `jwe.c` / `jwk.c` / `jws.c`:
  * Fix EVP_CIPHER_CTX leak in AES-CBC content encryption on authentication-tag failure
  * Avoid NULL dereference of the optional `cjose_err` in ECDH-ES key decryption
  * Use a constant-time comparison for the multi-recipient CEK consistency check
  * Cleanse private key material (RSA/EC/oct) on JWK import and export, and fix a leak of
    the base64url buffer in EC private-key export
  * Check the ephemeral-key allocation in ECDH key derivation
  * Use integer arithmetic (instead of floating-point) for the base64url length check on
    imported JWK fields
  * Harden JWS EC signature reconstruction against allocation failures (NULL checks on
    ECDSA_SIG_new and BN_new)
  * Enforce the RFC 7518 minimum HMAC key length (key >= hash size) for JWS sign/verify

0.6.2.5
* Fix heap buffer overflow in AES key unwrap by validating the encrypted_key length before
  AES_unwrap_key
* Fix functions that rely on nonportable malloc behaviour
* Merge fixes from cisco/cjose
  * Check ECDH secret allocation result
  * Check base64 decode length bounds
  * Guard JWK retain count overflow
  * Enforce JOSE IV lengths
  * Check JOSE algorithms against key types
  * Validate critical JOSE headers
  * Cleanse sensitive buffers before release
  * Guard JWE buffer length calculations
  * Use OpenSSL constant-time comparisons
  * Validate EC inputs before key agreement
  * Fix JWS import allocation handling

0.6.2.4
* fix memory leak in ECDH-ES JWE encryption/decryption
* fix rsa_q = NULL initialization in _RSA_private_fields
* fix memory allocation check (typo) in jwk.c
* fix gcc10 errors for -Werror=ignored-qualifiers and remove unused includes
* re-generate automake/autoconf files with automake v1.17 and libtool v2.5.4

0.6.2.3
* disable RSA PKCS 1.5 by default
* avoid using empty prototypes; support Clang 15 and XCode 14.3
* build shared library on Cygwin by adding -no-undefined to LDFLAGS
@
text
@$NetBSD$

test ... == ...

--- configure.orig	2026-06-02 13:25:04.000000000 +0000
+++ configure
@@@@ -17082,7 +17082,7 @@@@ fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $rsapkcs1_5" >&5
 printf "%s\n" "$rsapkcs1_5" >&6; }
 
-if test "x$rsapkcs1_5" == xyes ; then
+if test "x$rsapkcs1_5" = xyes ; then
     printf "%s\n" "#define HAVE_RSA_PKCS1_PADDING 1" >>confdefs.h
 
 fi
@