Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #44081 Internal symmetric cryptographic API should be resistant against Invisible Salamanders / Confused Deputies attacks
    Infos
    #44081
    Thomas Gerbet (tgerbet)
    2026-01-26 17:52
    2025-08-05 17:33
    45816
    Details
    Internal symmetric cryptographic API should be resistant against Invisible Salamanders / Confused Deputies attacks

    In it's current form the our internal API does not make possible to prevent this sort of attack from happening, it should.

    References:
    https://eprint.iacr.org/2019/016
    https://soatok.blog/2023/03/01/database-cryptography-fur-the-rest-of-us/

    Other
    All
    Empty
    • [ ] enhancement
    • [x] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2026-01-26
    Attachments
    Empty
    References
    Referencing request #44081

    Git commit

    tuleap/tuleap/stable

    chore: Move current symmetric crypto implementation to a legacy namespace 2cc4163f8e
    User avatar Thomas Gerbet (tgerbet) , 2025-08-06 09:34
    feat: Introduce a new symmetric crypto API b123f8514c
    User avatar Thomas Gerbet (tgerbet) , 2025-09-18 12:15
    chore: Re-encrypt the Git Jenkins tokens with the new cryptography API a1d954ca8f
    User avatar Thomas Gerbet (tgerbet) , 2025-12-04 16:20
    fix: Re-encrypting Git Jenkins token must not always set an empty string 7c68c0125d
    User avatar Thomas Gerbet (tgerbet) , 2025-12-09 14:12
    chore: Re-encrypt the TTM job campaign tokens with the new cryptography API 8da7c07fce
    User avatar Thomas Gerbet (tgerbet) , 2026-01-07 10:50
    chore: Re-encrypt OAuth2 keys with the new cryptography API 6ac3b2551d
    User avatar Thomas Gerbet (tgerbet) , 2026-01-07 17:10
    chore: Re-encrypt Bugzilla API keys with the new cryptography API ab62457d4b
    User avatar Thomas Gerbet (tgerbet) , 2026-01-12 11:45
    chore: Do not display newly created SVN tokens 9e6ceb8161
    User avatar Thomas Gerbet (tgerbet) , 2026-01-13 12:44
    chore: Re-encrypt ForgeConfig secret values with the new cryptography API f4ffc3094a
    User avatar Thomas Gerbet (tgerbet) , 2026-01-12 18:08
    chore: Re-encrypt GitLab webhook secret with the new cryptography API 2ef222f2c1
    User avatar Thomas Gerbet (tgerbet) , 2026-01-13 16:30
    chore: Re-encrypt GitLab group/repository secrets with the new cryptography API 33cdae2c66
    User avatar Thomas Gerbet (tgerbet) , 2026-01-14 18:28
    fix: Move DB migration of the ForgeConfig secrets to the new crypto API into Tuleap core 098c4ef04b
    User avatar Thomas Gerbet (tgerbet) , 2026-01-16 17:49
    chore: Re-encrypt JIRA token with the new cryptography API ce37d62826
    User avatar Thomas Gerbet (tgerbet) , 2026-01-15 19:18
    chore: Re-encrypt OO Document Server token with the new cryptography API 9cc64aec8d
    User avatar Thomas Gerbet (tgerbet) , 2026-01-26 09:08
    chore: Remove legacy cryptography API 1f9ed394cf
    User avatar Thomas Gerbet (tgerbet) , 2026-01-26 11:02
    Referenced by request #44081

    Artifact

    rel #46324 17.3
    Display settings

    Follow-ups