Skip to content

Jd/sec ssl truncation #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jdwyah merged 2 commits into from
Oct 7, 2025
Merged

Jd/sec ssl truncation #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8223185
fix vulnerability to SSL truncation attack
jdwyah Oct 7, 2025
b0ad318
1.11.2
jdwyah Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 1.11.2 - 2025-10-07

- Address OpenSSL issue with vulnerability to truncation attack

## 1.11.1 - 2025-10-06

- quiet logging for SSE reconnections
Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.11.1
1.11.2
21 changes: 15 additions & 6 deletions lib/reforge/encryption.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ module Reforge
class Encryption
CIPHER_TYPE = "aes-256-gcm" # 32/12
SEPARATOR = "--"
AUTH_TAG_LENGTH = 16

# Hexadecimal format ensures that generated keys are representable with
# plain text
Expand Down Expand Up @@ -32,22 +33,30 @@ def encrypt(clear_text)
encrypted = cipher.update(clear_text)
encrypted << cipher.final
tag = cipher.auth_tag

# pack and join
[encrypted, iv, tag].map { |p| p.unpack("H*")[0] }.join(SEPARATOR)
end

def decrypt(encrypted_string)
unpacked_parts = encrypted_string.split(SEPARATOR).map { |p| [p].pack("H*") }
encrypted_data, iv, auth_tag = encrypted_string.split(SEPARATOR).map { |p| [p].pack("H*") }

# Currently the OpenSSL bindings do not raise an error if auth_tag is
# truncated, which would allow an attacker to easily forge it. See
# https://github.com/ruby/openssl/issues/63
if auth_tag.bytesize != AUTH_TAG_LENGTH
raise "truncated auth_tag"
end

cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
cipher.decrypt
cipher.key = @key
cipher.iv = unpacked_parts[1]
cipher.auth_tag = unpacked_parts[2]

cipher.iv = iv

cipher.auth_tag = auth_tag

# and decrypt it
decrypted = cipher.update(unpacked_parts[0])
decrypted = cipher.update(encrypted_data)
decrypted << cipher.final
decrypted
end
Expand Down
6 changes: 3 additions & 3 deletions sdk-reforge.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@
# DO NOT EDIT THIS FILE DIRECTLY
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
# -*- encoding: utf-8 -*-
# stub: sdk-reforge 1.11.1 ruby lib
# stub: sdk-reforge 1.11.2 ruby lib

Gem::Specification.new do |s|
s.name = "sdk-reforge".freeze
s.version = "1.11.1"
s.version = "1.11.2"

s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib".freeze]
s.authors = ["Jeff Dwyer".freeze]
s.date = "2025-10-06"
s.date = "2025-10-07"
s.description = "Feature Flags, Live Config as a service".freeze
s.email = "jeff.dwyer@reforge.com.cloud".freeze
s.extra_rdoc_files = [
Expand Down