Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cjose for openSUSE:Factory checked
in at 2024-09-30 15:42:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cjose (Old)
and /work/SRC/openSUSE:Factory/.cjose.new.29891 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cjose"
Mon Sep 30 15:42:26 2024 rev:6 rq:1204762 version:0.6.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/cjose/cjose.changes 2023-07-18
22:08:59.899282147 +0200
+++ /work/SRC/openSUSE:Factory/.cjose.new.29891/cjose.changes 2024-09-30
15:42:39.510664174 +0200
@@ -1,0 +2,11 @@
+Fri Jul 26 15:38:40 UTC 2024 - Antonio Teixeira <antonio.teixe...@suse.com>
+
+- Update to 0.6.2.3:
+ * disable RSA PKCS 1.5 by default
+ * avoid using empty prototypes; support Clang 15 and XCode 14.3
+ * build shared library on Cygwin by adding -no-undefined to LDFLAGS
+ * reformat using clang-format-18.1.3
+ * regenerate autoconf files using autoconf 2.72
+ * update github actions to avoid warnings
+
+-------------------------------------------------------------------
Old:
----
cjose-0.6.2.2.tar.gz
New:
----
cjose-0.6.2.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cjose.spec ++++++
--- /var/tmp/diff_new_pack.e7pKBU/_old 2024-09-30 15:42:40.166691505 +0200
+++ /var/tmp/diff_new_pack.e7pKBU/_new 2024-09-30 15:42:40.166691505 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cjose
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: cjose
-Version: 0.6.2.2
+Version: 0.6.2.3
Release: 0
Summary: C library implementing the Javascript Object Signing and
Encryption (JOSE)
License: MIT
++++++ cjose-0.6.2.2.tar.gz -> cjose-0.6.2.3.tar.gz ++++++
++++ 6412 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/.github/workflows/archs.yml
new/cjose-0.6.2.3/.github/workflows/archs.yml
--- old/cjose-0.6.2.2/.github/workflows/archs.yml 2023-07-12
11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/.github/workflows/archs.yml 2024-04-24
09:07:39.000000000 +0200
@@ -21,8 +21,8 @@
distro: ubuntu20.04
steps:
- - uses: actions/checkout@v2.4.0
- - uses: uraimo/run-on-arch-action@v2.1.1
+ - uses: actions/checkout@v3
+ - uses: uraimo/run-on-arch-action@v2
name: Build
id: build
with:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/.github/workflows/build.yml
new/cjose-0.6.2.3/.github/workflows/build.yml
--- old/cjose-0.6.2.2/.github/workflows/build.yml 2023-07-12
11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/.github/workflows/build.yml 2024-04-24
09:07:39.000000000 +0200
@@ -6,7 +6,7 @@
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: Dependencies
run: |
sudo apt-get update -y
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/.github/workflows/codeql-analysis.yml
new/cjose-0.6.2.3/.github/workflows/codeql-analysis.yml
--- old/cjose-0.6.2.2/.github/workflows/codeql-analysis.yml 2023-07-12
11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/.github/workflows/codeql-analysis.yml 2024-04-24
09:07:39.000000000 +0200
@@ -32,7 +32,7 @@
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Install packages
run: |
@@ -42,7 +42,7 @@
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v1
+ uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a
config file.
@@ -53,7 +53,7 @@
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually
(see below)
#- name: Autobuild
- # uses: github/codeql-action/autobuild@v1
+ # uses: github/codeql-action/autobuild@v2
# â¹ï¸ Command-line programs to run using the OS shell.
# ð https://git.io/JvXDl
@@ -67,4 +67,4 @@
make check
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ uses: github/codeql-action/analyze@v2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/.gitignore new/cjose-0.6.2.3/.gitignore
--- old/cjose-0.6.2.2/.gitignore 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/.gitignore 2024-04-24 09:07:39.000000000 +0200
@@ -56,3 +56,6 @@
cjose-*.tar.gz
dist/
/configure~
+/config.guess~
+/config.sub~
+/install-sh~
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/AUTHORS new/cjose-0.6.2.3/AUTHORS
--- old/cjose-0.6.2.2/AUTHORS 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/AUTHORS 2024-04-24 09:07:39.000000000 +0200
@@ -2,6 +2,7 @@
# Listed alphabetically by surname
Andrew Biggs <balthor...@gmail.com>
+Tomáš Halman <https://github.com/thalman>
Leif Hedström <zw...@apache.org>
Matthew A. Miller <linuxw...@outer-planes.net>
Phil Sorber <sor...@apache.org>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/CHANGELOG.md new/cjose-0.6.2.3/CHANGELOG.md
--- old/cjose-0.6.2.2/CHANGELOG.md 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/CHANGELOG.md 2024-04-24 09:07:39.000000000 +0200
@@ -1,5 +1,12 @@
# Release Notes #
+<a name="v0.6.2.3"></a>
+## [v0.6.2.3](https://github.com/OpenIDC/cjose/compare/v0.6.2.2...v0.6.2.3)
(2024-04-24)
+* disable RSA PKCS 1.5 by default ((https://github.com/OpenIDC/cjose/pull/22);
thanks @thalman
+* avoid using empty prototypes; support Clang 15 and XCode 14.3
+* build shared library on Cygwin by adding -no-undefined to LDFLAGS
+ (https://github.com/OpenIDC/cjose/pull/20); thanks @fd00
+
<a name="v0.6.2.2"></a>
## [v0.6.2.2](https://github.com/OpenIDC/cjose/compare/v0.6.2.1...v0.6.2.2)
(2023-07-12)
* use fixed authentication tag length of 16 octets in AES GCM decryption
(https://github.com/cisco/cjose/issues/125)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/configure.ac new/cjose-0.6.2.3/configure.ac
--- old/cjose-0.6.2.2/configure.ac 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/configure.ac 2024-04-24 09:07:39.000000000 +0200
@@ -3,7 +3,7 @@
#
### Prerequisites
-AC_INIT([cjose], [0.6.2.2])
+AC_INIT([cjose], [0.6.2.3])
AM_INIT_AUTOMAKE([foreign])
LT_PREREQ([2.2])
LT_INIT([dlopen])
@@ -67,6 +67,20 @@
[AC_MSG_ERROR([Jansson is missing; it is required for this software])]
)
+#### Allow risky rsa pkcs 1.5 for systems where this is really needed
+AC_MSG_CHECKING([for RSA PKCS v1.5])
+AC_ARG_WITH(
+ [rsapkcs1_5],
+ [AS_HELP_STRING([--with-rsapkcs1_5], [Enable risky RSA PKCS v1.5])],
+ [rsapkcs1_5=${withval}],
+ [rsapkcs1_5=no])
+
+AC_MSG_RESULT([$rsapkcs1_5])
+
+if test "x$rsapkcs1_5" == xyes ; then
+ AC_DEFINE(HAVE_RSA_PKCS1_PADDING, 1)
+fi
+
AM_EXTRA_RECURSIVE_TARGETS([package])
AC_CONFIG_FILES([Makefile
include/Makefile include/cjose/version.h
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/include/cjose/util.h new/cjose-0.6.2.3/include/cjose/util.h
--- old/cjose-0.6.2.2/include/cjose/util.h 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/include/cjose/util.h 2024-04-24 09:07:39.000000000
+0200
@@ -109,7 +109,7 @@
*
* \returns The configured allocator function
*/
-cjose_alloc_fn_t cjose_get_alloc();
+cjose_alloc_fn_t cjose_get_alloc(void);
/**
* Retrieves the configured enhanced allocator function. If an enhanced
@@ -119,7 +119,7 @@
*
* \returns The configured enhanced allocator function
*/
-cjose_alloc3_fn_t cjose_get_alloc3();
+cjose_alloc3_fn_t cjose_get_alloc3(void);
/**
* Retrieve the configured reallocator function. If a reallocator function is
@@ -127,7 +127,7 @@
*
* \returns The configured reallocator function
*/
-cjose_realloc_fn_t cjose_get_realloc();
+cjose_realloc_fn_t cjose_get_realloc(void);
/**
* Retrieves the configured enhanced reallocator function. If an enhanced
@@ -137,7 +137,7 @@
*
* \returns The configured enhanced allocator function
*/
-cjose_realloc3_fn_t cjose_get_realloc3();
+cjose_realloc3_fn_t cjose_get_realloc3(void);
/**
* Retrieves the configured deallocator function. If a deallocator function is
@@ -145,7 +145,7 @@
*
* \returns The configured deallocator function
*/
-cjose_dealloc_fn_t cjose_get_dealloc();
+cjose_dealloc_fn_t cjose_get_dealloc(void);
/**
* Retrieves the configured enhanced deallocator function. If an enhanced
@@ -155,7 +155,7 @@
*
* \returns The configured enhanced allocator function
*/
-cjose_dealloc3_fn_t cjose_get_dealloc3();
+cjose_dealloc3_fn_t cjose_get_dealloc3(void);
/**
* Compares the first n bytes of the memory areas s1 and s2 in constant time.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/include/cjose/version.h.in
new/cjose-0.6.2.3/include/cjose/version.h.in
--- old/cjose-0.6.2.2/include/cjose/version.h.in 2023-07-12
11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/include/cjose/version.h.in 2024-04-24
09:07:39.000000000 +0200
@@ -29,7 +29,7 @@
*
* \returns the implementation version number.
*/
-const char *cjose_version();
+const char *cjose_version(void);
#ifdef __cplusplus
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/Makefile.am new/cjose-0.6.2.3/src/Makefile.am
--- old/cjose-0.6.2.2/src/Makefile.am 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/Makefile.am 2024-04-24 09:07:39.000000000 +0200
@@ -2,7 +2,7 @@
lib_LTLIBRARIES=libcjose.la
libcjose_la_CPPFLAGS= -I$(top_srcdir)/include
-libcjose_la_LDFLAGS= -lm
+libcjose_la_LDFLAGS= -no-undefined -lm
libcjose_la_SOURCES=version.c \
util.c \
base64.c \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/base64.c new/cjose-0.6.2.3/src/base64.c
--- old/cjose-0.6.2.2/src/base64.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/base64.c 2024-04-24 09:07:39.000000000 +0200
@@ -124,7 +124,8 @@
}
}
- if ((shift == 1) || (shift == 4)) {
+ if ((shift == 1) || (shift == 4))
+ {
CJOSE_ERROR(err, CJOSE_ERR_INVALID_STATE);
goto b64_decode_failed;
}
@@ -143,7 +144,8 @@
*output = buffer;
*outlen = pos;
- if (*outlen > rlen) {
+ if (*outlen > rlen)
+ {
CJOSE_ERROR(err, CJOSE_ERR_INVALID_STATE);
goto b64_decode_failed;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/concatkdf.c new/cjose-0.6.2.3/src/concatkdf.c
--- old/cjose-0.6.2.2/src/concatkdf.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/concatkdf.c 2024-04-24 09:07:39.000000000 +0200
@@ -140,14 +140,14 @@
|| 1 != EVP_DigestUpdate(ctx, ikm, ikmLen) || 1 !=
EVP_DigestUpdate(ctx, otherinfo, otherinfoLen)
|| 1 != EVP_DigestFinal_ex(ctx, hash, NULL))
{
- cjose_get_dealloc()(hash);
+ cjose_get_dealloc()(hash);
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto concatkdf_derive_finish;
}
uint8_t *ptr = buffer + offset;
memcpy(ptr, hash, min_len(hashlen, amt));
- cjose_get_dealloc()(hash);
+ cjose_get_dealloc()(hash);
offset += hashlen;
amt -= hashlen;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/jwe.c new/cjose-0.6.2.3/src/jwe.c
--- old/cjose-0.6.2.2/src/jwe.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/jwe.c 2024-04-24 09:07:39.000000000 +0200
@@ -45,9 +45,11 @@
static bool
_cjose_jwe_decrypt_ek_rsa_oaep(_jwe_int_recipient_t *recipient, cjose_jwe_t
*jwe, const cjose_jwk_t *jwk, cjose_err *err);
+#ifdef HAVE_RSA_PKCS1_PADDING
static bool _cjose_jwe_encrypt_ek_rsa1_5(_jwe_int_recipient_t *recipient,
cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
static bool _cjose_jwe_decrypt_ek_rsa1_5(_jwe_int_recipient_t *recipient,
cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err);
+#endif // HAVE_RSA_PKCS1_PADDING
static bool
_cjose_jwe_encrypt_ek_ecdh_es(_jwe_int_recipient_t *recipient, cjose_jwe_t
*jwe, const cjose_jwk_t *jwk, cjose_err *err);
@@ -327,11 +329,14 @@
recipient->fns.encrypt_ek = _cjose_jwe_encrypt_ek_rsa_oaep;
recipient->fns.decrypt_ek = _cjose_jwe_decrypt_ek_rsa_oaep;
}
+
+#ifdef HAVE_RSA_PKCS1_PADDING
if (strcmp(alg, CJOSE_HDR_ALG_RSA1_5) == 0)
{
recipient->fns.encrypt_ek = _cjose_jwe_encrypt_ek_rsa1_5;
recipient->fns.decrypt_ek = _cjose_jwe_decrypt_ek_rsa1_5;
}
+#endif // HAVE_RSA_PKCS1_PADDING
if (strcmp(alg, CJOSE_HDR_ALG_ECDH_ES) == 0)
{
if (is_multiple)
@@ -642,6 +647,15 @@
return false;
}
+#ifndef HAVE_RSA_PKCS1_PADDING
+ // prohibite RSA_PKCS1_PADDING because it is not safe
+ if (padding == RSA_PKCS1_PADDING)
+ {
+ CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
+ return false;
+ }
+#endif // HAVE_RSA_PKCS1_PADDING
+
// encrypt the CEK using RSA v1.5 or OAEP padding
if (RSA_public_encrypt(jwe->cek_len, jwe->cek, recipient->enc_key.raw,
(RSA *)jwk->keydata, padding)
!= recipient->enc_key.raw_len)
@@ -687,6 +701,16 @@
return false;
}
+#ifndef HAVE_RSA_PKCS1_PADDING
+ // prohibite RSA_PKCS1_PADDING because implementation are often vulnerable
+ // See marvin attack
+ if (padding == RSA_PKCS1_PADDING)
+ {
+ CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
+ return false;
+ }
+#endif // HAVE_RSA_PKCS1_PADDING
+
// decrypt the CEK using RSA v1.5 or OAEP padding
int len = RSA_private_decrypt(recipient->enc_key.raw_len,
recipient->enc_key.raw, jwe->cek, (RSA *)jwk->keydata, padding);
if (-1 == len)
@@ -714,6 +738,7 @@
return _cjose_jwe_decrypt_ek_rsa_padding(recipient, jwe, jwk,
RSA_PKCS1_OAEP_PADDING, err);
}
+#ifdef HAVE_RSA_PKCS1_PADDING
////////////////////////////////////////////////////////////////////////////////
static bool _cjose_jwe_encrypt_ek_rsa1_5(_jwe_int_recipient_t *recipient,
cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err)
{
@@ -725,6 +750,7 @@
{
return _cjose_jwe_decrypt_ek_rsa_padding(recipient, jwe, jwk,
RSA_PKCS1_PADDING, err);
}
+#endif // HAVE_RSA_PKCS1_PADDING
////////////////////////////////////////////////////////////////////////////////
static bool _cjose_jwe_encrypt_ek_ecdh_es(_jwe_int_recipient_t *recipient,
cjose_jwe_t *jwe, const cjose_jwk_t *jwk, cjose_err *err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/jwk.c new/cjose-0.6.2.3/src/jwk.c
--- old/cjose-0.6.2.2/src/jwk.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/jwk.c 2024-04-24 09:07:39.000000000 +0200
@@ -189,7 +189,8 @@
jwk->kid = NULL;
// assumes freefunc is set
- if (NULL != jwk->fns->free_func) {
+ if (NULL != jwk->fns->free_func)
+ {
jwk->fns->free_func(jwk);
}
jwk = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/jws.c new/cjose-0.6.2.3/src/jws.c
--- old/cjose-0.6.2.2/src/jws.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/jws.c 2024-04-24 09:07:39.000000000 +0200
@@ -618,7 +618,8 @@
// compute length of compact serialization
jws->cser_len = jws->hdr_b64u_len + jws->dat_b64u_len + jws->sig_b64u_len
+ 3;
- if (NULL != jws->cser) {
+ if (NULL != jws->cser)
+ {
CJOSE_ERROR(err, CJOSE_ERR_INVALID_STATE);
return false;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/util.c new/cjose-0.6.2.3/src/util.c
--- old/cjose-0.6.2.2/src/util.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/util.c 2024-04-24 09:07:39.000000000 +0200
@@ -46,7 +46,7 @@
cjose_get_dealloc()(p);
}
-static void cjose_apply_allocs()
+static void cjose_apply_allocs(void)
{
// set upstream
json_set_alloc_funcs(cjose_get_alloc(), cjose_get_dealloc());
@@ -83,14 +83,14 @@
cjose_apply_allocs();
}
-cjose_alloc_fn_t cjose_get_alloc() { return (!_alloc) ? malloc : _alloc; }
-cjose_alloc3_fn_t cjose_get_alloc3() { return (!_alloc3) ?
cjose_alloc3_default : _alloc3; }
+cjose_alloc_fn_t cjose_get_alloc(void) { return (!_alloc) ? malloc : _alloc; }
+cjose_alloc3_fn_t cjose_get_alloc3(void) { return (!_alloc3) ?
cjose_alloc3_default : _alloc3; }
-cjose_realloc_fn_t cjose_get_realloc() { return (!_realloc) ? realloc :
_realloc; }
-cjose_realloc3_fn_t cjose_get_realloc3() { return (!_realloc3) ?
cjose_realloc3_default : _realloc3; }
+cjose_realloc_fn_t cjose_get_realloc(void) { return (!_realloc) ? realloc :
_realloc; }
+cjose_realloc3_fn_t cjose_get_realloc3(void) { return (!_realloc3) ?
cjose_realloc3_default : _realloc3; }
-cjose_dealloc_fn_t cjose_get_dealloc() { return (!_dealloc) ? free : _dealloc;
}
-cjose_dealloc3_fn_t cjose_get_dealloc3() { return (!_dealloc3) ?
cjose_dealloc3_default : _dealloc3; }
+cjose_dealloc_fn_t cjose_get_dealloc(void) { return (!_dealloc) ? free :
_dealloc; }
+cjose_dealloc3_fn_t cjose_get_dealloc3(void) { return (!_dealloc3) ?
cjose_dealloc3_default : _dealloc3; }
int cjose_const_memcmp(const uint8_t *a, const uint8_t *b, const size_t size)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/src/version.c new/cjose-0.6.2.3/src/version.c
--- old/cjose-0.6.2.2/src/version.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/src/version.c 2024-04-24 09:07:39.000000000 +0200
@@ -7,4 +7,4 @@
#include <cjose/version.h>
-const char *cjose_version() { return CJOSE_VERSION; }
+const char *cjose_version(void) { return CJOSE_VERSION; }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_base64.c new/cjose-0.6.2.3/test/check_base64.c
--- old/cjose-0.6.2.2/test/check_base64.c 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_base64.c 2024-04-24 09:07:39.000000000
+0200
@@ -429,7 +429,7 @@
}
END_TEST
-Suite *cjose_base64_suite()
+Suite *cjose_base64_suite(void)
{
Suite *suite = suite_create("base64");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_cjose.c new/cjose-0.6.2.3/test/check_cjose.c
--- old/cjose-0.6.2.2/test/check_cjose.c 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_cjose.c 2024-04-24 09:07:39.000000000
+0200
@@ -8,14 +8,14 @@
#include <openssl/err.h>
#include <openssl/evp.h>
-Suite *cjose_suite()
+Suite *cjose_suite(void)
{
Suite *suite = suite_create("CJOSE");
return suite;
}
-int main()
+int main(void)
{
// initialize "OpenSSL" crypto
ERR_load_crypto_strings();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_cjose.h new/cjose-0.6.2.3/test/check_cjose.h
--- old/cjose-0.6.2.2/test/check_cjose.h 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_cjose.h 2024-04-24 09:07:39.000000000
+0200
@@ -9,24 +9,24 @@
#include <check.h>
-Suite *cjose_version_suite();
-Suite *cjose_util_suite();
-Suite *cjose_base64_suite();
-Suite *cjose_jwk_suite();
-Suite *cjose_jwe_suite();
-Suite *cjose_jws_suite();
-Suite *cjose_header_suite();
-Suite *cjose_utils_suite();
-Suite *cjose_concatkdf_suite();
+Suite *cjose_version_suite(void);
+Suite *cjose_util_suite(void);
+Suite *cjose_base64_suite(void);
+Suite *cjose_jwk_suite(void);
+Suite *cjose_jwe_suite(void);
+Suite *cjose_jws_suite(void);
+Suite *cjose_header_suite(void);
+Suite *cjose_utils_suite(void);
+Suite *cjose_concatkdf_suite(void);
-#define _ck_assert_bin(X, OP, Y, LEN)
\
- do
\
- {
\
- const uint8_t *_chk_x = (X);
\
- const uint8_t *_chk_y = (Y);
\
- const size_t _chk_len = (LEN);
\
- ck_assert_msg(0 OP memcmp(_chk_x, _chk_y, _chk_len),
\
- "Assertion '" #X #OP #Y "' failed: " #LEN "==%z, " #X
"==0x%zx, " #Y "==0x%zx", _chk_len, _chk_x, _chk_y); \
+#define _ck_assert_bin(X, OP, Y, LEN)
\
+ do
\
+ {
\
+ const void *_chk_x = (X);
\
+ const void *_chk_y = (Y);
\
+ const unsigned int _chk_len = (LEN);
\
+ ck_assert_msg(0 OP memcmp(_chk_x, _chk_y, _chk_len),
\
+ "Assertion '" #X #OP #Y "' failed: " #LEN "==%u, " #X
"==0x%p, " #Y "==0x%p", _chk_len, _chk_x, _chk_y); \
} while (0);
#define ck_assert_bin_eq(X, Y, LEN) _ck_assert_bin(X, ==, Y, LEN)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_concatkdf.c
new/cjose-0.6.2.3/test/check_concatkdf.c
--- old/cjose-0.6.2.2/test/check_concatkdf.c 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_concatkdf.c 2024-04-24 09:07:39.000000000
+0200
@@ -194,7 +194,7 @@
ck_assert_bin_eq(derived, expected, keylen);
}
END_TEST
-Suite *cjose_concatkdf_suite()
+Suite *cjose_concatkdf_suite(void)
{
Suite *suite = suite_create("concatkdf");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_header.c new/cjose-0.6.2.3/test/check_header.c
--- old/cjose-0.6.2.2/test/check_header.c 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_header.c 2024-04-24 09:07:39.000000000
+0200
@@ -106,7 +106,7 @@
}
END_TEST
-Suite *cjose_header_suite()
+Suite *cjose_header_suite(void)
{
Suite *suite = suite_create("header");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_jwe.c new/cjose-0.6.2.3/test/check_jwe.c
--- old/cjose-0.6.2.2/test/check_jwe.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/test/check_jwe.c 2024-04-24 09:07:39.000000000 +0200
@@ -210,19 +210,25 @@
{
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA_OAEP,
CJOSE_HDR_ENC_A128GCM, JWK_RSA, plain1);
+#ifdef HAVE_RSA_PKCS1_PADDING
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA1_5,
CJOSE_HDR_ENC_A128GCM, JWK_RSA, plain1);
+#endif
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_DIR,
CJOSE_HDR_ENC_A128GCM, JWK_OCT_16, plain1);
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA_OAEP,
CJOSE_HDR_ENC_A192GCM, JWK_RSA, plain1);
+#ifdef HAVE_RSA_PKCS1_PADDING
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA1_5,
CJOSE_HDR_ENC_A192GCM, JWK_RSA, plain1);
+#endif
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_DIR,
CJOSE_HDR_ENC_A192GCM, JWK_OCT_24, plain1);
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA_OAEP,
CJOSE_HDR_ENC_A256GCM, JWK_RSA, plain1);
+#ifdef HAVE_RSA_PKCS1_PADDING
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_RSA1_5,
CJOSE_HDR_ENC_A256GCM, JWK_RSA, plain1);
+#endif
_self_encrypt_self_decrypt_with_key(CJOSE_HDR_ALG_DIR,
CJOSE_HDR_ENC_A256GCM, JWK_OCT_32, plain1);
@@ -358,7 +364,9 @@
_self_encrypt_self_decrypt_with_key_iv(CJOSE_HDR_ALG_RSA_OAEP,
CJOSE_HDR_ENC_A256GCM, JWK_RSA, 12, plain1);
+#ifdef HAVE_RSA_PKCS1_PADDING
_self_encrypt_self_decrypt_with_key_iv(CJOSE_HDR_ALG_RSA1_5,
CJOSE_HDR_ENC_A256GCM, JWK_RSA, 12, plain1);
+#endif
_self_encrypt_self_decrypt_with_key_iv(CJOSE_HDR_ALG_DIR,
CJOSE_HDR_ENC_A256GCM, JWK_OCT_32, 12, plain1);
@@ -973,7 +981,8 @@
const char *key = JWK_OCT_32;
const char *plain1 = "Live long and prosper.";
- char *compact1 =
"eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA";
+ char *compact1
+ =
"eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.GpeKGEqd8KQ0v6JNea5aSA";
char *compact2 =
"eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..Du_9fxxV-zrReaWC.aS_rpokeuxkaPc2sykcQDCQuJCYoww.Gp";
cjose_jwk_t *jwk = cjose_jwk_import(key, strlen(key), &err);
@@ -1007,17 +1016,17 @@
cjose_jwe_t *jwe2 = cjose_jwe_import(compact2, strlen(compact2), &err);
ck_assert_msg(NULL != jwe2,
- "cjose_jwe_import failed: "
- "%s, file: %s, function: %s, line: %ld",
- err.message, err.file, err.function, err.line);
+ "cjose_jwe_import failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
uint8_t *plain3 = NULL;
size_t plain3_len = 0;
plain3 = cjose_jwe_decrypt(jwe2, jwk, &plain3_len, &err);
ck_assert_msg(NULL == plain3,
- "cjose_jwe_decrypt succeeded where it should have failed: "
- "%s, file: %s, function: %s, line: %ld",
- err.message, err.file, err.function, err.line);
+ "cjose_jwe_decrypt succeeded where it should have failed: "
+ "%s, file: %s, function: %s, line: %ld",
+ err.message, err.file, err.function, err.line);
cjose_jwe_release(jwe2);
cjose_jwk_release(jwk);
@@ -1081,6 +1090,7 @@
"AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3"
"eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\" }" },
+#ifdef HAVE_RSA_PKCS1_PADDING
// https://tools.ietf.org/html/rfc7516#appendix-A.2
// JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
{ "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0."
@@ -1125,6 +1135,7 @@
"\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC"
"tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ"
"B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\" }" },
+#endif // HAVE_RSA_PKCS1_PADDING
{ NULL, NULL, NULL }
};
@@ -1257,6 +1268,7 @@
START_TEST(test_cjose_jwe_multiple_recipients)
{
+#ifdef HAVE_RSA_PKCS1_PADDING
char *rsa[] = {
"{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"pXldOFJS1PKXlkkkcCKtBt6efl84jkZinEzVF1HcksvO_b"
"QUFJbUPcZwyzKk8fYnGbu0LwnY3hhCSDk-Ki8S2h_8VOiR7AY2ptI_TjeGp0DDqSnmJEdDrwIbw0yGTgOHZ63xms0aE4"
"fv9tdrw5U4v_A3AfOwUtCyxuyZP_7WlNj0sMsWwiyp0BGvCUB4xuhVtsEsbSWvSAO8CYHEy3fVGZ6bLXh7DbF7WlbfZ9K"
@@ -1413,10 +1425,11 @@
}
cjose_header_release(protected_header);
+#endif // HAVE_RSA_PKCS1_PADDING
}
END_TEST
-Suite *cjose_jwe_suite()
+Suite *cjose_jwe_suite(void)
{
Suite *suite = suite_create("jwe");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_jwk.c new/cjose-0.6.2.3/test/check_jwk.c
--- old/cjose-0.6.2.2/test/check_jwk.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/test/check_jwk.c 2024-04-24 09:07:39.000000000 +0200
@@ -1423,7 +1423,7 @@
}
END_TEST
-Suite *cjose_jwk_suite()
+Suite *cjose_jwk_suite(void)
{
Suite *suite = suite_create("jwk");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_jws.c new/cjose-0.6.2.3/test/check_jws.c
--- old/cjose-0.6.2.2/test/check_jws.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/test/check_jws.c 2024-04-24 09:07:39.000000000 +0200
@@ -975,7 +975,7 @@
}
END_TEST
-Suite *cjose_jws_suite()
+Suite *cjose_jws_suite(void)
{
Suite *suite = suite_create("jws");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_util.c new/cjose-0.6.2.3/test/check_util.c
--- old/cjose-0.6.2.2/test/check_util.c 2023-07-12 11:00:43.000000000 +0200
+++ new/cjose-0.6.2.3/test/check_util.c 2024-04-24 09:07:39.000000000 +0200
@@ -30,7 +30,7 @@
free(ptr);
}
-static void test_alloc_reset()
+static void test_alloc_reset(void)
{
_test_alloc_in_amt = 0;
_test_alloc_in_ptr = _test_alloc_out_ptr = NULL;
@@ -110,7 +110,7 @@
static const char *_test_alloc3_in_file;
static int _test_alloc3_in_line;
static void *_test_alloc3_out_ptr;
-static void test_alloc3_reset()
+static void test_alloc3_reset(void)
{
test_alloc_reset();
_test_alloc3_in_amt = 0;
@@ -238,7 +238,7 @@
}
END_TEST
-Suite *cjose_util_suite()
+Suite *cjose_util_suite(void)
{
Suite *suite = suite_create("util");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/cjose-0.6.2.2/test/check_version.c new/cjose-0.6.2.3/test/check_version.c
--- old/cjose-0.6.2.2/test/check_version.c 2023-07-12 11:00:43.000000000
+0200
+++ new/cjose-0.6.2.3/test/check_version.c 2024-04-24 09:07:39.000000000
+0200
@@ -19,7 +19,7 @@
}
END_TEST
-Suite *cjose_version_suite()
+Suite *cjose_version_suite(void)
{
Suite *suite = suite_create("version");
