Updates for 0.11

- Fixes realloc bug
- Fixes pkgconfig bug.

Author: jbdatko

NEWS

@@ -1,7 +1,13 @@
 jose-c NEWS -- history of user-visible changes
 Copyright (C) 2014-2015 Cryptotronix, LLC.
 
-Noteworthy changes in version 0.10.0 (TBD)
+Noteworthy changes in version 0.11.0 (Friday, 16 Oct 2015)
+----------------------------------------------------
+  * Fixes realloc bug in jwe_encrypt
+  * Fixes pkg-config template for missing directory
+
+
+Noteworthy changes in version 0.10.0 (Thursday, 8 Oct 2015)
 ----------------------------------------------------
   * Adds JWE support for alg=A256KW, enc=A256GCM if compiled
   --with-openssl.

configure.ac

@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU Lesser General Public License
 # along with libcryptoauth.  If not, see <http://www.gnu.org/licenses/>.
 
-AC_INIT([libjose-c], [0.10.0], [bugs@cryptotronix.com], [josec],
+AC_INIT([libjose-c], [0.11.0], [bugs@cryptotronix.com], [josec],
                      [https://github.com/cryptotronix/jose-c])
 AC_PREREQ([2.59])
 AC_USE_SYSTEM_EXTENSIONS
@@ -59,7 +59,7 @@ AC_DEFINE([JOSEC_HAVE_OPENSSL], [1], [Use OpenSSL backend])
 # For information on how to properly maintain the library version information,
 # refer to the libtool manual, section "Updating library version information":
 # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-AC_SUBST([JOSEC_SO_VERSION], [7:0:0])
+AC_SUBST([JOSEC_SO_VERSION], [7:1:0])
 AC_SUBST([JOSEC_API_VERSION], [0.10])
 
 # Override the template file name of the generated .pc file, so that there

josec.pc.in

@@ -8,4 +8,4 @@ Description: Library for produce JOSE messages
 Version: @PACKAGE_VERSION@
 URL: @PACKAGE_URL@
 Libs: -L${libdir} -ljosec
-Cflags: -I${includedir}/josec-@JOSEC_API_VERSION@ -I${libdir}/josec-@JOSEC_API_VERSION@/include
+Cflags: -I${includedir}/josec-@JOSEC_API_VERSION@

src/jwe.c

@@ -393,6 +393,20 @@ create_cek (const json_t *kek, const uint8_t key[JWE_AESKW_KEY_SIZE],
   return rc;
 }
 
+static char*
+_realloc_zero (char *orig, size_t nl)
+{
+  size_t ol = strlen(orig);
+  assert (nl > ol);
+  assert (NULL != orig);
+
+  char *out = realloc (orig, nl);
+  assert (out);
+  memset (out+ol, 0, nl-ol);
+
+  return out;
+}
+
 static const char *
 build_jwe (json_t *hdr, json_t *cek, json_t *iv,
            json_t *ciphertext, json_t *tag)
@@ -407,6 +421,7 @@ build_jwe (json_t *hdr, json_t *cek, json_t *iv,
   size_t l = json_string_length (hdr);
   size_t tot = l + 2;
   char *tmp = malloc (tot);
+  memset (tmp, 0, tot);
   assert (tmp);
 
   strncpy (tmp, json_string_value (hdr), l);
@@ -415,16 +430,16 @@ build_jwe (json_t *hdr, json_t *cek, json_t *iv,
   l = json_string_length (cek);
   tot = tot + l + 2;
 
-  tmp = realloc (tmp, tot);
-  assert (tmp);
+  tmp = _realloc_zero (tmp, tot);
+
   strncat (tmp, json_string_value (cek), l);
   strcat (tmp, ".");
 
   /* Add iv */
   l = json_string_length (iv);
   tot = tot + l + 2;
 
-  tmp = realloc (tmp, tot);
+  tmp = _realloc_zero (tmp, tot);
   assert (tmp);
   strncat (tmp, json_string_value (iv), l);
   strcat (tmp, ".");
@@ -433,7 +448,7 @@ build_jwe (json_t *hdr, json_t *cek, json_t *iv,
   l = json_string_length (ciphertext);
   tot = tot + l + 2;
 
-  tmp = realloc (tmp, tot);
+  tmp = _realloc_zero (tmp, tot);
   assert (tmp);
   strncat (tmp, json_string_value (ciphertext), l);
   strcat (tmp, ".");
@@ -442,7 +457,7 @@ build_jwe (json_t *hdr, json_t *cek, json_t *iv,
   l = json_string_length (tag);
   tot = tot + l + 1;
 
-  tmp = realloc (tmp, tot);
+  tmp = _realloc_zero (tmp, tot);
   assert (tmp);
   strncat (tmp, json_string_value (tag), l);
 

test/Makefile.am

@@ -31,7 +31,7 @@ check_libjosec_LDADD = $(LIBS_TO_ADD) $(CRYPTO_LIBS)
 
 check_jwe_SOURCES = test_jwe.c $(top_builddir)/libjosec.h
 check_jwe_CFLAGS = @CHECK_CFLAGS@ $(CFLAGS_TO_ADD)
-check_jwe_LDADD = $(LIBS_TO_ADD) $(CRYPTO_LIBS)
+check_jwe_LDADD = $(LIBS_TO_ADD) $(CRYPTO_LIBS) $(OPENSSL_LIBS)
 
 # jwtwrap_SOURCES = jwt_wrap.c $(top_builddir)/libjosec.h
 # jwtwrap_CFLAGS = $(CFLAGS_TO_ADD)

test/test_jwe.c

@@ -158,6 +158,35 @@ START_TEST(test_jwe_failures)
 }
 END_TEST
 
+START_TEST(t_loop)
+{
+  int i;
+  for (i=0; i<1000; i++)
+    {
+      json_t *alg = json_string ("A256KW");
+      uint8_t t[32];
+      memset (t, 0x61, 32);
+
+      json_t *jwk = jwk_build_symmetric_key (alg, t, 32);
+
+      uint8_t p[256];
+      memset (p, 0x62, 256);
+
+      const char *jwe;
+      int rc = jwe_encrypt (A256KW, A256GCM, p, 256, jwk, &jwe);
+
+      ck_assert_msg (0 == rc, "RC = %d", rc);
+      printf ("JWE: %s\n", jwe);
+
+      uint8_t *out;
+      size_t outl;
+      rc = jwe_decrypt (jwk, jwe, &out, &outl);
+
+      ck_assert_msg (0 == rc, "RC: %d", rc);
+    }
+}
+END_TEST
+
 static Suite *
 jwe_suite(void)
 {
@@ -169,9 +198,11 @@ jwe_suite(void)
     /* Core test case */
     tc_core = tcase_create("Core");
 
-    //tcase_add_test(tc_core, t_build_key);
-    //tcase_add_test(tc_core, test_jwe_encrypt);
+
+    tcase_add_test(tc_core, t_build_key);
+    tcase_add_test(tc_core, test_jwe_encrypt);
     tcase_add_test(tc_core, test_jwe_failures);
+    tcase_add_test(tc_core, t_loop);
 
     suite_add_tcase(s, tc_core);
 
@@ -188,6 +219,8 @@ int main(void)
     s = jwe_suite();
     sr = srunner_create(s);
 
+    init_ssl();
+    srunner_set_fork_status (sr, CK_NOFORK);
     srunner_run_all(sr, CK_NORMAL);
     number_failed = srunner_ntests_failed(sr);
     srunner_free(sr);