[Debian-iot-maintainers] Bug#993866: librhonabwy0.9: jwe cbc tag computation error and jws alg:none signature verification issue

Tue Sep 7 15:01:18 BST 2021

Package: librhonabwy0.9
Version: 0.9.13-3
Severity: important
Tags: patch




-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages librhonabwy0.9 depends on:
ii  libc6          2.31-13
ii  libgnutls30    3.7.1-5
ii  libjansson4    2.13.1-1.1
pn  liborcania2.1  <none>
pn  libulfius2.7   <none>
pn  libyder2.0     <none>
ii  zlib1g         1:1.2.11.dfsg-2

librhonabwy0.9 recommends no packages.
-------------- next part --------------

--- a/src/jwe.c
+++ b/src/jwe.c
@@ -450,7 +450,7 @@
     memcpy(compute_hmac+hmac_size, al, 8);
     hmac_size += 8;
     
-    if (!(res = gnutls_hmac_fast(mac, jwe->key, 16, compute_hmac, hmac_size, tag))) {
+    if (!(res = gnutls_hmac_fast(mac, jwe->key, jwe->key_len/2, compute_hmac, hmac_size, tag))) {
       *tag_len = gnutls_hmac_get_len(mac)/2;
       ret = RHN_OK;
     } else {
--- a/src/jws.c
+++ b/src/jws.c
@@ -1268,9 +1268,6 @@
         case R_JWA_ALG_ES256K:
           ret = RHN_ERROR_UNSUPPORTED;
           break;
-        case R_JWA_ALG_NONE:
-          ret = RHN_OK;
-          break;
         default:
           ret = RHN_ERROR_INVALID;
           break;
--- a/test/jws_core.c
+++ b/test/jws_core.c
@@ -496,7 +496,7 @@
   ck_assert_ptr_ne((token = r_jws_serialize(jws_sign, NULL, 0)), NULL);
   
   ck_assert_int_eq(r_jws_parse(jws_verify, token, 0), RHN_OK);
-  ck_assert_int_eq(r_jws_verify_signature(jws_verify, NULL, 0), RHN_OK);
+  ck_assert_int_eq(r_jws_verify_signature(jws_verify, NULL, 0), RHN_ERROR_INVALID);
   o_free(token);
   
   r_jws_free(jws_sign);
