Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency jsrsasign to v10 [SECURITY] #426

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency jsrsasign to v10 [SECURITY] #426

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jan 19, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jsrsasign (source) ^8.0.0 -> ^10.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-14966

Impact

Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as:

  • wrong multi-byte ASN.1 length of TLV (ex. 0x820045 even though 0x45 is correct)
  • prepending zeros with ASN.1 INTEGER value (ex. 0x00000123 even though 0x0123 is correct)
  • appending zeros to signature of ASN.1 TLV (ex. 0x3082....1fbc000000 even though 0x3082....1fbc, appending zeros are ignored.)

This vulnerability was fixed by strict ASN.1 DER checking.

Here is an assessment of this vulnerability:

  • If you are not use ECDSA signature validation, this vulnerability is not affected.
  • Not ASN.1 format signature like just concatenation of R and S value is not affected such as Bitcoin.
  • This vulnerability is affected to all ECC curve parameters.
  • Risk to accept a forged or crafted message to be signed is low.
  • Risk to raise memory corruption is low since jsrsasign uses BigInteger class.
  • ECDSA signatures semantically the same to valid one may be accepted as valid. There are many malleable variants.

As discussed here, there is no standards like X9.62 which requires ASN.1 DER. So ASN.1 BER can be applied to ECDSA however most of implementations like OpenSSL do strict ASN.1 DER checking.

Patches

Users using ECDSA signature validation should upgrade to 8.0.19.

Workarounds

Do strict ASN.1 DER checking for ASN.1 encoded ECDSA signature value.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14966
https://vuldb.com/?id.157123
https://github.com/kjur/jsrsasign/issues/437
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.ECDSA.html
https://kjur.github.io/jsrsasign/api/symbols/ASN1HEX.html#.checkStrictDER
https://www.itu.int/rec/T-REC-X.690

GHSA-g753-jx37-7xwh

Impact

ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign.

Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits of scalar. In jsrsasign 8.0.13 or later, execution time of EC point and scalar multiplication is almost constant and fixed for the issue.

  • Minerva is one of timing attack or side channel attack for EC.
  • If you don't use ECDSA class, you are not affected the vulnerability.
  • The vulnerability is that attacker may guess private key by checking processing time of EC key generation or ECDSA signing.
  • The cause issue is that point multiplication processing time in ECDSA signing is depends on private key value.
  • After 8.0.13, processing time of point multiplication in ECDSA signing have become constant for key value in theory.

Patches

Users using ECDSA signature generation should upgrade to 8.0.13 or later.

Workarounds

There is no workarounds in jsrsasign. Update jsrsasign or use other ECDSA library.

ACKNOWLEDGEMENT

Thanks to Jan Jancar @​J08nY, Petr Svenda and Vladimir Sedlacek of Masaryk University in Czech Republic to find and report this vulnerability.

References

https://minerva.crocs.fi.muni.cz/
https://www.npmjs.com/advisories/1505
https://github.com/kjur/jsrsasign/issues/411

CVE-2020-14968

Impact

Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature.

  • If you are not use RSA-PSS signature validation, this vulnerability is not affected.
  • Risk to accept a forged or crafted message to be signed is low.
  • Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA-PSS signature validation should upgrade to 8.0.17.

Workarounds

Reject RSA-PSS signatures with unnecessary prepending zeros.

References

GHSA-q3gh-5r98-j4h3
https://github.com/kjur/jsrsasign/issues/438
https://nvd.nist.gov/vuln/detail/CVE-2020-14968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14968
https://vuldb.com/?id.157125
https://kjur.github.io/jsrsasign/api/symbols/RSAKey.html#.verifyWithMessageHashPSS

CVE-2020-14967

Impact

Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.

  • If you don't use RSA PKCS1-v1_5 or RSA-OAEP decryption, this vulnerability is not affected.
  • Risk to forge contents of encrypted message is very low.
  • Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.

Workarounds

Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
https://github.com/kjur/jsrsasign/issues/439

CVE-2021-30246

Impact

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding.
Decoded RSA signature value consists following form:
01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo]
Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Patches

Users validating RSA signature should upgrade to 10.2.0 or later.

Workarounds

There is no workaround. Not to use RSA signature validation in jsrsasign.

ACKNOWLEDGEMENT

Thanks to Daniel Yahyazadeh @​yahyazadeh for reporting and analyzing this vulnerability.

Release Notes

kjur/jsrsasign (jsrsasign)

v10.2.0: CVE-2021-30246 RSAKey.verify issue fix

Compare Source

  • Changes from 10.1.13 to 10.2.0 (2021-04-14)
    • src/rsasign.js
    • src/asn1cms.js
      • IssuerSerial, IsseruAndSerialNumber API document update
    • sample_node/asn1extract2
      • change to "/usr/bin/env node"

v10.1.13: add non-ascii BMPString support

Compare Source

  • Changes from 10.1.12 to 10.1.13 (2021-03-08)
    • src/base64x.js
      • add ucs2hextoutf8 function
    • src/x509.js
      • X509.getAttrTypeAndValue supports non-ascii BMPString (#​474)
    • src/asn1hex.js
      • ASN1HEX.dump supports non-ascii BMPString
    • test/qunit-do-{asn1hex-dump,x509-ext,base64x}.html
      • updated to follow above

v10.1.12: fix for wrong UTF-8 encoding in distinguished name parser

Compare Source

  • Changes from 10.1.11 to 10.1.12 (2021-02-25)
    • src/x509.js
      • fix X509.getAttrTypeValue (#​473)
        • attribute value is converted by hextoutf8 not hextorstr
      • X509.getIssuerString update to use getIssuer
      • X509.getSubjectString update to use getSubject
      • X509.dnarraytostr fix to escape "+" and "/"
      • X509.hex2dn update to use getX500Name
    • test/qunit-do-x509-ext.html
      • updated to follow above

v10.1.11: update X509.getVersion and add jsrsasign-util saveFileJSON

Compare Source

  • Changes from 10.1.10 to 10.1.11 (2021-02-19)
    • src/x509.js
      • X509.getVersion supports other than
        empty(DEFAULT =v1) and [0] {INTEGER 2} (=v3).
        Thus version checking is relaxed. (#​471)
    • src/nodeutil.js (jsrsasign-util 1.0.4)
      • add saveFileUTF8
      • saveFileJSON API document fix

v10.1.10: extend support for distinguished name

Compare Source

  • Changes from 10.1.9 to 10.1.10 release (2021-02-14)
    • src/asn1x509.js
      • AttributeTypeAndValue
        • add support for OID and oid name constructor
          AttributeTypeAndValue({str: "/streetAddress=foo"})
          AttributeTypeAndValue({str: "/2.5.4.9=foo"})
      • OID.name2oidList
        • add givenName
    • test/qunit-do-asn1x509.html
      • updated to follow above

v10.1.9: Add SubjectDirectoryAttributes extension support

Compare Source

  • Changes from 10.1.8 to 10.1.9 release (2021-02-12)
    • src/asn1x509.js
      • SubjectDirectoryAttributes class added
      • Extensions class updated to support
        SubjectDirectoryAttributes
      • OID class update to support OIDs
        such as gender, placeOfBirth et.al. for
        SubjectDirectoryAttributes.
      • SubjectDirectoryAttributes parser is
        needed to be implemented in X509.js future.
    • test/qunit-do-asn1x509.html
      • updated to follow above

v10.1.8: KEYUTIL supports PKCS8 private key with extension

  • Changes from 10.1.5 to 10.1.8 release (2021-02-08)
    • src/keyutil.js
      • KEYUTIL.parsePlainPrivatePKCS8Hex now supports
        private key extsion and and issue #​454 fixed.
    • test/qunit-do-keyutil-eprv.html
      • updated to follow above

v10.1.5: CAdES-T support update and fix

Compare Source

  • Changes from 10.1.4 to 10.1.5 release (2021-01-17)
    • tool/tool_cades.html fix (#​465)
      • now works fine again for CAdES-T demo
    • src/asn1cms.js
      • SignerInfo class
        • unsigned attribute support again
      • Attribute class
        • add signaturePolicyIdentifier support
        • add signatureTimeStamp support
      • CMSParser class
        • add signaturePolicyIdentifier support
        • add setSignaturePolicyIdentifier method
    • src/asn1cades.js
      • CAdESUtil class
        • parseSignedDataForAddingUnsigned modified to use CMSParser
        • addSigTS removed since it was empty method
        • parseSignerInfoForAddingUnsigned is deprecated since
          parseSignedDataForAddingUnsigned will not call it.
    • src/crypto.js

v10.1.4: TSPParser.getPKIStatusInfo bugfix

Compare Source

  • Changes from 10.1.3 to 10.1.4 release (2020-11-23)
    • asn1tsp.js
      • TSPParser class
        • getPKIStatusInfo out parameter name bugfix
    • test/qunit-do-asn1hex.html
      • updated to follow above

v10.1.3: TSPParser.getPKIStatusInfo update

Compare Source

  • Changes from 10.1.2 to 10.1.3 release (2020-11-22)
    • asn1tsp.js
      • TSPParser class
        • getPKIStatusInfo updated to
          supports PKIFreeText and PKIFailureInfo
        • getPKIFreeText added
        • getPKIFailureInfo added
    • asn1hex.js
      • ASN1HEX class
        • getString added
        • getInt method updated to supports ASN.1 BitString
    • base64x.js
      • function bitstrtoint, inttobitstr added
    • test/qunit-do-{asn1hex,asn1tsp,base64x}.html
      • updated to follow above

v10.1.2: add SigningCertificateV2 for CMSParser and issue fix

Compare Source

  • Changes from 10.1.1 to 10.1.2 release (2020-11-21)
    • src/asn1cms.js
      • CMSParser
        • getAttribute updated to support
          SigningCertificateV2
        • add setSigningCertificateV2 method
        • add getESSCertIDv2 method
        • change sortflag of result parameter to true in
          CMSParser.getCertificateSet
    • test/qunit-do-asn1cms.html
      • updated to follow above

v10.1.1: CMSSignedData and TimeStamp parser bugfix

Compare Source

  • Changes from 10.1.0 to 10.1.1 release (2020-11-20)
    • src/asn1tsp.js
      • "serialNumber" parameter was changed to
        "serial" in TSTInfo class and TSPParser.getTSTInfo
        method.
    • src/asn1cms.js
      • change method name CMSParser.getAttributeArray to
        CMSParser.getAttributeList to align to the name
        AttributeList class.
      • getAttributeList returns JSON parameter which
        can be accepted by AttributeList constructor.
      • wrong sighex value for signature value
        by getSignerInfo method was fixed.
    • test/qunit-do-asn1tsp.html
      • updated to follow above

v10.1.0: add new CMSSignedData and TimeStamp parser and X500Name update

Compare Source

  • Changes from 10.0.5 to 10.1.0 release
    • add new CMSSignedData and TimeStamp parser
    • X500.get{X500Name,GeneralName,GeneralNames} result change
    • src/asn1cms.js
      • new CMSParser class for CMS SignedData
        • get{CMSSignedData,SignedData,HashAlgArray,
          EContent,SignerInfos,SignerInfo,SignerIdentifier,
          IssuerAndSerialNumber,AttributeArray,
          Attribute,ESSCertID,IssuerSerial,CertificateSet}
        • set{ContentType,SigningTime,MessageDigest,
          SigningCertificate}
    • src/asn1tsp.js
      • new TSPParser class to parser RFC 3161 TSP protocol
      • get{Response,Token,TSTInfo,Accuracy,MessageImprint,
        PKIStatusInfo}
      • setTSTInfo
    • src/asn1.js
      • DERObjectIdentifier class update to use new oidtohex
    • src/asn1hex.js
      • add ASN1HEX.{getInt,getOID,getOIDName}
    • src/asn1csr.js
      • CSRUtil.getParam result "subject" parameter result is changed
        because of X509.getX500Name update.
    • src/asn1x509.js
      • small update for Time class
      • small update for Certificate.sign method
      • document fix (issue #​463)
    • src/base64x.js
      • function "oidtohex" and "hextooid" added.
      • function "ishex" added
      • KJUR.lang.String.isHex now DEPRECATED. Please use "ishex".
    • src/x509.js
      • X509.getX500Name update
        • X509.get{Issuer,Subject,GeneralNames,GeneralName}
      • add X509.{getX500NameArray,dnarraytostr}
    • src/x509crl.js
      • X509CRL.getIssuer update for X509.getX500Name update
    • test/qunit-do-{asn1tsp,asn1cms,asn1hex,asn1x509-newcert-veri,
      base64x,x509-ext,x509crl}.html
      • updated to follow above

v10.0.5: small issue fixes and updates

Compare Source

  • Changes from 10.0.4 to 10.0.5 release
    • src/base64x.js
      • utf8tob64u, b64utoutf8
        replace new Buffer() to Buffer.from() for
        Node.JS deprecation (issue #​460)
    • src/asn1x509.js
    • src/x509.js
      • document fix
    • tool/tool_csr.html
      • update to show ASN.1 dump of CSR
    • test/qunit-do-base64x.html, npm/test/t_base64x.js
      • update test code to follow above

v10.0.4: add methods to modify some extension parameters

Compare Source

  • Changes from 10.0.3 to 10.0.4 (2020-Oct-23)
    • src/x509.js
      • add X509.updateExt{CDPFullURI,AIAOCSP,AIACAIssuer} method
    • src/nodeutil.js
      • add read{JSON,JSONC},saveJSON,printJSON method added
      • jrsasign-util npm package updated
    • test/qunit-do-x509-param.html
      • updated to follow above

v10.0.3: add findExt method in X509 class

Compare Source

  • Changes from 10.0.2 to 10.0.3 (2020-Oct-21)
    • src/x509.js
      • add X509.findExt method
    • test/qunit-do-x509-param.html
      • updated to follow above

v10.0.2: AdobeTimeStamp X.509v3 extension parser bugfix

Compare Source

  • Changes from 10.0.1 to 10.0.2 (2020-Oct-14)
    • src/x509.js
      • X509.getExtAdobeTimeStamp method bugfix

v10.0.1: AdobeTimeStamp X.509v3 certificate extension added

Compare Source

  • Changes from 10.0.0 to 10.0.1 (2020-Oct-13)
    • src/asn1x509.js
      • AdobeTimeStamp class added
      • add AdobeTimeStamp support in Extension class
      • add "adobeTimeStamp" OID in OID class
    • src/x509.js
      • add getExtAdobeTimeStamp method to X509 class
      • add "adobeTimeStamp" support in getExtParam
    • src/asn1.js
      • DERBoolean add support for "false" value.
    • test/qunit-do-{asn1,asn1x509,x509}.html
      • updated to follow above

v10.0.0: Major update for CMS SigneData TimeStamp and CAdES

Compare Source

  • Changes from 9.1.9 to 10.0.0 (2020-Sep-24)
    • major update for CMS SignedData related classes
      to allow more simple ASN.1 generation
    • src/asn1cms.js
      • new architecture updates in
        SignedData, Attribute
        • all implemented Attributes such as
          ContentType, SigningTime are also
          updated.
      • new class added
        • ESSCertID
        • ESSCertIDv2
        • SignerIdentifier
        • SubjectKeyIdentifier
        • CertificateSet
        • RevocationInfoChoices
        • RevocationInfoChoice
        • OtherRevocationFormat
      • following class/methods are now deprecated
        • CMSUtil.newSignedData
    • src/asn1tsp.js
      • aligned to new architecture:
        • TSTInfo, Accuracy, PKIStatusInfo,
          PKIStatus, PKIFreeText, PKIFailureInfo,
      • new class added
        • TimeStampToken
      • following class/methods are now deprecated
        • SimpleTSAAdapter, FixedTSAAdapter,
          TSPUtil.newTimeStampToken
    • src/asn1cades.js
      • aligned to new architecture
      • SignaturePolicyIdentifier, OtherHashAlgAndValue,
        SignatureTimeStamp, CompleteCertificateRefs,
        OtherCertID, OtherHash
      • new class added
      • SignaturePolicyId, OtherHashValue
    • src/asn1.js
      • DERTaggedObject add support for simple
        argument for explicit "tage" and implicit "tagi"
      • newObject add support for "asn1" property
      • DERObjectIdentifier constructor argument
        now accepts name and OID. method
        setValueNameOrOid added.
    • src/x509.js
      • X509(certPemOrHex)
        X509 class constructor add support for
        PEM or hex string of certificate as
        argument.
    • src/asn1x509.js
      • OID class: signaturePolicyIdentifier attribute
        OID added.

v9.1.9: wrong encoding in CRLReason in OCSP CertStatus fixed

Compare Source

  • Changes from 9.1.8 to 9.1.9 (2020-Sep-08)
    • src/asn1ocsp.js
      • BUGFIX: wrong encoding in CRLeason in OCSP CertStatus fixed
    • test/qunit-do-asn1ocsp.html
      • follow to above update

v9.1.8: wrong encoding in byKey of OCSP ResponderID fixed

Compare Source

  • Changes from 9.1.7 to 9.1.8 (2020-Sep-08)
    • src/asn1ocsp.js
      • BUGFIX: wrong encoding in byKey of OCSP ResponderID fixed
    • test/qunit-do-asn1ocsp.html
      • follow to above update

v9.1.7: nextUpdate encoding bugfix in ocsp SingleResponse

Compare Source

  • Changes from 9.1.6 to 9.1.7 (2020-Sep-08)
    • src/asn1ocsp.js
      • BUGFIX: nextUpdate encoding fix in SingleResponse
      • CertStatus document fix
    • test/qunit-do-asn1ocsp.html
      • follow to above update

v9.1.6: add OCSP response and request encoder

Compare Source

  • Changes from 9.1.5 to 9.1.6 (2020-Sep-05)
    • src/asn1ocsp.js
      • OCSPResponse class added
      • ResponseBytes class added
      • BasicOCSPResponse class added
      • ResponseData class added
      • ResponderID class added
      • SingleResponseList class added
      • SingleResponse class added
      • CertID class updated
        • changed properties to specify
          isserNameHash, issuerKeyHash and serialNumber
          without backward compatibility
      • CertStatus class added
      • OCSPParser class added
        • only OCSP request parser methods are available
    • src/asn1x509.js
      • OCSPNonce class OCSP extension added
      • OCSPNoCheck class certificate extension added
      • Extensios class supports OCSPNonce and OCSPNoCheck
      • OID clas supports ocspNonce, ocspNoCheck and ocspBasic
    • src/x509.js
      • X509.getExtParam supports OCSPNonce and OCSPNoCheck
      • X509.getExtOCSPNoCheck added
      • X509.getExtOCSPNonce added
    • src/asn1.js
      • ASN1Object class: add tlv parameter support
    • src/asn1hex.js
      • ASN1HEX.dump: enable to show tagged primitive

v9.1.5: ASN1HEX getChildIdx bug for too many children

Compare Source

  • Changes from 9.1.4 to 9.1.5 (2020-Aug-29)
    • src/asn1hex.js
      • BUGFIX: ASN1HEX.getChildIdx didn't returns
        proper result when too many child items
        such as over 200 children.
      • add ASN1HEX.getTLVblen method
      • DEPRECATED: getNextSiblingIdx. Please
        use getTLVblen instead.

v9.1.4: X509CRL parser revokedCertificate bugfix

X509CRL parser revokedCertificate bugfix

  • Changes from 9.1.3 to 9.1.4 (2020-Aug-28)
    • src/asn1hex.js
      • get{Idx,V,TLV}byList return value aligned to
        get{Idx,V,TLV}byListEx.
    • src/x509crl.js
      • BUGFIX: error when nextUpdate exists and
        no revokedCertificates

missed to export X509CRL in npm package

  • Changes from 9.1.2 to 9.1.3 (2020-Aug-28)
    • npm/lib/footer.js
      • export X509CRL
    • NOTE: only npm package released

v9.1.2: add private extension support for Cert CRL and CSR

Compare Source

  • Changes from 9.1.1 to 9.1.2 (2020-Aug-27)
    • undefined extension regarded as private extesion
      in extension parser X509.getExtParam.
      Thus certificate, CRL and CSR parser will
      not raise error when undefined extension
      is parsed.
    • src/x509.js
      • unknown extension is parsed as
        private extension.
    • test/qunit-do-{x509-param}.html
      • add test case to follow above update

v9.1.1: new CRL parser and private extension encoder support

Compare Source

  • Changes from 9.1.0 to 9.1.1 (2020-Aug-27)
    • add new X509CRL class for CRL parser
    • add Certificate, CSR and CRL private extension support
    • src/x509crl.js (new)
      • X509CRL class
    • src/x509.js
      • new X509.getExtCRLNumber method for extension parser
      • new X509.getExtCRLReason method for extension parser
      • new X509.getExtParam method for parsing one extension
        • NOTE: not yet support for private extension
    • src/asn1x509.js
      • Extensions class: add support for private extension
      • PrivateExtension class added
      • OID.name2oid: add support OID (ex. "1.2.3.4") as argument
    • src/asn1csr.js
      • CSRUtil.getParam update to support X509.getExtParamArray and
        not using X509.parseExt
    • src/asn1.js
      • getLengthHexFromValue small update for exception
    • test/qunit-do-{asn1x509,asn1x509-tbscert,x509}.html
      • update to follow above updates
    • test/x509csr.html (new)

v9.1.0: new CRL APIs and other updates

Compare Source

  • Changes from 9.0.3 to 9.1.0 (2020-Aug-24)
    • CRL constructor update to align Certificate
      class without backward compatibility.
    • BUGFIX: SigningCertificate{,V2} encoding bugifx
    • src/asn1cms.js
      • BUGFIX: SigningCertificate{,V2} encoding have been
        missign SEQUENCE. (#​448)
    • src/asn1csr.js
      • CertificationRequestInfo class updated to
        new KJUR.asn1.x509.Extension class.
    • src/asn1x509.js
      • CRL and TBSCertList class constructor have
        been updated to align Certificate and
        CertificationRequestInfo style in 9.0.0
        without backward compatibility.
        • this update makes more extension and
          entry extension support in the future.
        • CRLEntry class is deprecated since
          no more used in updated TBSCertList.
      • new CRLNumber extension class added
      • new CRLReason entry extension class added
      • OID class updated to support
        cRLNumber and cRLReason oids
      • TBSCertificate.getExtDERSequence method
        was moved to new Extensions class.
      • ASN1HEX.dump updated to support ENUMERATED
    • test/qunit-do-{asn1cms,asn1tsp,asn1x509-tbscert,
      asn1x509} updated to follow above updates.

v9.0.3: TimeStampToken ASN.1 encoding error fix

Compare Source

  • Changes from 9.0.2 to 9.0.3 (2020-Aug-22)
    • BUGFIX: tsa field of TSTInfo was not encoded properly. (#​450)
    • BUGFIX: CMSSignedData version of TimestampToken was not 3. (#​448)
    • src/asn1tsp.js
      • TSTInfo tsa field fix
      • TSTUtil.newTimeStampToken method to set
        CMSVersion 3.

v9.0.2: PolicyInformation named policy OID bug fix

Compare Source

  • Changes from 9.0.1 to 9.0.2 (2020-Aug-22)
    • BUGFIX: KJUR.asn1.tsp.PolicyInformation class constructor
      have not been accepted named policy OID such as "anyPolicy".
      The issue was fixed.
    • src/asn1x509.js
      • PolicyInformation bugfix for above.
    • test/qunit-do-asn1x509.html
      • updated to follow above.

v9.0.1: TimeStampToken contentType attribute bug fix

Compare Source

  • Changes from 9.0.0 to 9.0.1 (2020-Aug-21)
    • BUGFIX: KJUR.asn1.tsp.TimeStampToken class generates have
      generated with wrong contentType attribute
      with value "data". (#​448)
    • src/asn1tsp.js
      • TimeStampToken class constructor will add
        contentType attribute with "tstinfo" for bugfix. (#​448).
    • src/asn1cms.js
      • SignerInfo.setForContentAndHash class constructor
        parameter can have "contentType" property additionaly
        to set "tstinfo" as above.
    • src/asn1x509.js
      • some attribute type oids for CMS signedData are
        added to OID.name2oidList.

v9.0.0: Certificate and CSR generator and parser API major updates

Compare Source

  • Changes from 8.0.24 to 9.0.0 (2020-Aug-19)
    • Please see migration notes in wiki:
      https://github.com/kjur/jsrsasign/wiki/NOTE-jsrsasign-8.0.x-to-9.0.0-Certificate-and-CSR-API-migration-guide
    • CAUTION: some certificate and CSR APIs are missing
      backward compatibility so you may need to change your code
      to upgrade jsrsasign 9.0.0.
    • src/asn1x509.js
      • JSON argument format of Certificate and all certificate
        extension class were changed without backward compatibility.
        • They can accept JSON objects from ASN.1 parser methods
          in X509 class as an parameter arguments.
        • Certificate class constructor can automatically
          generate TBSCertificate and sign by params argument.
          So no need to call sign method or TBSCertificate
          constructor.
        • JSON argument format are aligned to the same manner
          among all certificate extension class.
        • For CRLDistributionPoints class, JSON argument format
          of DistributionPoint and DistributionPointName
          was changed.
      • Extension.appendByNameToArray method was removed.
      • "array" key was added to X500Name class constructor
        JSON argument.
        • AttributeTypeAndValue constructor argument also
          extended to support {type:"CN",value:"Test",ds:"prn"}
          style JSON object.
      • X509Util.newCertPEM argument format is updated to
        align Certificate class and is deprecated.
    • src/x509.js
      • returned JSON object format by all "get*" parser method
        was changed to accept by related class defined in asn1x509.js
        without backward compatibility.
      • all certificate extension parsing methods are
        changed to have "hExtV" and "critical" as arguments.
      • following methods are added:
        getAlgorithmIdentifierName, getIssuer, getSubject,
        getGeneralNames, getGeneralName, getDistributionPoint,
        getDistributionPointName, getExtAuthorityInfoAccess,
        getPolicyInformation, getPolicyQualifierInfo,
        getUserNotice, getDisplayText, getX500NameRule,
        getX500Name, getRDN, getAttrTypeAndValue, getParam,
        getExtParamArray
      • following methods are deprecated:
        getExtSubjectAltName2, getExtAIAInfo,
        getExtCRLDistributionPointsURI.
      • X509Util.newCertPEM bugfix.
        Got error when cakey is PKCS#5 plain PEM key string
    • src/asn1csr.js
      • JSON argument format was changed in CertificationRequest,
        CertificationRequestInfo, CSRUtil.netCSRPEM without
        backward compatibility.
      • CSRUtil.getInfo was renamed to CSRUtil.getParam
      • CSRUtil.netCSRPEM is now deprecated
    • src/asn1.js
      • ASN1Util.newObject can also conclude ASN1Object
        as well as JSON parameter.
    • tool/tool_{ca,ca2}.html
      • changed to follow above updates.
    • test/*.html
      • following test pages are updated to follow above:
        qunit-do-{asn1csr,asn1tsp,asn1x509-newcrt,asn1x509,base64x,
        ecdsmod-s,keyutil-getpem,package-jwths,x509-ext,
        x509-key,x509-kid,x509}.html
      • following test pages are added:
        qunit-do-{asn1x509-tbscert,x509-param}.html

v8.0.24: fix SigningCertificate v1 v2 attribute ASN.1 encoding

Compare Source

  • Changes from 8.0.23 to 8.0.24 (2020-Aug-18)
    • KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2}
      wrong ASN.1 encoding issue was fixed (#​448)
    • src/asn1cms.js
      • KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2}
        ASN.1 encoding issue fixed (#​448)
      • added KJUR.asn1.cms.IssuerSerial
    • test/qunit-do-asn1{cms,tsp}.html
      • updated for above issue

v8.0.23: add CertificatePolicies BMPString and VisibleString support

Compare Source

  • Changes from 8.0.22 to 8.0.23 (2020-Aug-06)
    • src/asn1x509.js
      • CertificatePolicies class added
      • update Extension.appendByNameToArray for
        CertificatePolicies
      • PolicyInformation, PolicyQualifierInfo, UserNotice,
        NoticeReference and DisplayText class added
    • src/asn1.js
      • BMPString and VisibleString class added
      • update ASN1Util.newObject for {BMP,Visible}String
    • src/asn1hex.js
      • update ASN1HEX.dump for {BMP,Visible}String
    • test qunit-do-{asn1,asn1-newobj,asn1x509,asn1hex-dump}.html

v8.0.22: ASN1HEX and X509 class minior bug fix

Compare Source

  • Changes from 8.0.21 to 8.0.22 (2020-Aug-05)
    • src/asn1hex.js
      • dump method update for BitString encapsulated
    • src/x509.js
      • getKeyUsageBin bugfix for such keyCertSign and cRLSign only
      • fix to stop raising error when X509 constructor called and
        asn1x509 doesn't loaded
      • TODO: getKeyUsageBin still has bug when decipherOnly(8) bit exists
    • test
      • qunit-do-{asn1hex-dump,x509-{ext,key}}.html to follow above updates

v8.0.21: Donation program started, more RSA-PSS support and add ASN1HEX.get{Idx,TLV,V}byListEx

Compare Source

  • Changes from 8.0.20 to 8.0.21 (2020-Aug-01)
    • donation program have been started.
      Please consider donation to sustain this project
      https://github.com/kjur/jsrsasign#donations
    • RSA-PSS support in AlgorithmIdentifier, Signature,
      X509 and newCertPEM
    • new method to access ASN.1 decendant object
      ASN1HEX.get{Idx,TLV,V}byListEx added
      Its tutorial page will be provided by following URL near in future
      https://github.com/kjur/jsrsasign/wiki/Tutorial-for-accessing-deep-inside-of-ASN.1-structure-by-using-new-ASN1HEX.getIdxbyListEx
    • src/x509.js
      • update getSignatureAlgorithmField to support
        RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms
      • update verifySignature to support
        RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms
    • src/crypto.js
      • Signature class
        • SHAwithRSAandMGF1 supported (the same as SHA1withRSAandMGF1)
    • src/asn1hex.js
      • ASN1HEX.getIdxbyList
      • add get{Idx,TLV,V}byListEx for context specific tag
      • add ASN1HEX.isContextTag to check context
        specific tag
      • get{Idx,TLV,V} will be deprecated near in the future version
        Please consider to move get{Idx,TLV,V}byListEx.
    • src/{asn1csr,dsa,rsapem,ecdsa-modified}.js
      • replace to use get{Idx,TLV,V}byListEx
    • test/qunit-do-asn1x509.html
      • add Certificate class test for RSA-PSS
      • add TBSCertificate class test for RSA-PSS
      • add AlgorithmIdentifier class test for
        SHA{,256,384,512}withRSAandMGF1
    • test/qunit-do-crypto-pss.html
      • add Signature class test for
        SHAwithRSAandMGF1.
    • test/qunit-do-asn1x509-newcrt.html
      • add newCertPEM test for RSA-PSS
    • test/qunit-do-x509.html
      • add getSignatureAlgorithmField test for
        SHA{,256,384,512}withRSAandMGF1
    • sample_node/asn1extract2
      • bug fix for -v(--vonly) option
    • test/qunit-do-asn1hex.html
      • add test for ASN1HEX.isContextTag

v8.0.20: add CSR support for subjectAltName

Compare Source

  • Changes From 8.0.19 to 8.0.20
    • src/asn1csr.js
      • CSRUtil.getInfo
        • add ext parameter to show subjectAltName property
        • change not to raise error when subject name is empty in CSR
    • src/x509.js
      • X509.parseExt
        • add support for CSR extension request field
    • src/asn1hex.js
      • ASN1HEX.getIdxbyList
        • small update for exception
    • test/
      • qunit-do-{asn1csr, x509}.html to add tests for above.

v8.0.19: ECDSA signature validation maleability fix and others

Compare Source

JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14966 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding

  • Changes from 8.0.18 to 8.0.19
    • src/ecdsa-mod.js
      • ECDSA.verifyHex fixed for some types of maleability (#​437)
    • src/asn1hex.js
      • ASN1HEX.checkStrictDER added
    • src/asn1x509.js
      • It's founded that OpenSSL's DN representation like
        "/C=US/O=test" is "compat" format. So those methods
        are added and existing method is now deprecated.
        • X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
        • X500Name.{ldapToCompat, compatToLdap} are added.
    • src/x509.js
      • update for compatToLdap and ldapToCompat
    • src/crypto.js
      • document update

v8.0.18: RSA decryption and RSA signature validation maleability fix

Compare Source

JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14967 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros

  • Changes from 8.0.17 to 8.0.18
    • ext/rsa2.js
      • RSADecrypt fixed for zero prepending maleability (#​439)
      • RSADecryptOAEP fixed for zero prepending maleability
    • src/rsasign.js
      • verifyWithMessageHash fixed for zero prepending maleability
    • test
      • qunit-do-crypto-cipher.html: some test case added for above

v8.0.17: RSAPSS verification maleability fix and others

Compare Source

JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14968 RSA-PSS signature validation vulnerability by prepending zeros

  • Changes from 8.0.16 to 8.0.17
    • src/rsasign.js
      • verifyWithMessageHashPSS fixed for prepending zeros maleability (#​438)
    • src/asn1x509.js
      • allow alternative algorithms to sign CRLs (#​440)
    • src/asn1cms.js
      • improve CMSUtil.newSignedData helper with detached signatures (#​441)
    • ext/rsa2.js
      • RSAGenerate fixed for not having requesting key length (#​442)
    • sample_node
      • pemtobin was fixed for pemtohex function
    • test
      • qunit-do-rsagenkeylen.html new test code for (#​442)
      • qunit-do-rsasign-pss.html add maleability test code (#​438)
      • index.html, qunit-do-x509.html link update

v8.0.16: extended Authority/SubjectKeyIdentifier support

Compare Source

  • Changes from 8.0.15 to 8.0.16 (2020-Mar-29)
    • src/asn1x509.js
      • AuthorityKeyIdentifier class
        • issuerDN ASN.1 encoding bug fixed
        • now keyIdentifier is automatically calculated
          by certificate or key
        • issuer dn and serial number can be set
          by certificate
      • SubjectKeyIdentifier class
        • now keyIdentifier is automatically calculated
          by certificate or key
      • X500Name class
        • certissuer and certsubject parameter is added
          to set value by issuer or subject of certificate.
      • GeneralName class
        • dn parameter support was updated.
    • src/keyutil.js
      • getKeyID method added to calcalate a key identifier
        for certificate.
    • crypto.js
      • Util.isKey static method added
      • Signature.{sign,verify} method bug fix for ECDSA
      • code refactoring
    • src/asn1csr.js
    • src/jws.js
    • src/jwsjs.js
    • sample_node/asn1extract2
      • sample added. more flexible use than asn1extract.
    • test/qunit-do-crypto.html
      • getRandom test fix
    • test/qunit-do-asn1x509-newcrt.html
      • test case expected value fix

v8.0.15: SHA384/512withECDSA wrong signature fix and add some curves support

Compare Source

  • src/ecdsa-modified.js
    • SHA384withECDSA, SHA512withECDSA signature
      wrong validation result issue was fixed (issue #​394)
    • secp192k1, secp224r1 curve are now supported
    • test/qunit-do-ecdsamod.html
      testcase added for SHA1/SHA384/SHA512 and
      secp192k1/secp224r1
    • sample_node command added
      • genkey: keypair generation
      • eckey2hex: show EC PKCS#1/8 private/public key in hex format

v8.0.14: SubjectKeyIdentifier and KEYUTIL update

Compare Source

  • Changes from 8.0.13 to 8.0.14 (2020-Apr-03)
    • src/asn1x509-1.0.js
      • add SubjectKeyIdentifier class (issue #​402)
        • add SubjectKeyIdentifier support in
          TBSCertificate.appendExtensionByName method
        • test/qunit-do-asn1x509.html
          SubjectKeyIdentifier test added
    • src/base64x.js
      • add multi section support for pemtohex
        such as EC PRIVATE KEY and EC PARAMETRS
      • test/qunit-do-base64x.html
        pemtohex testcase added
    • src/keyutil.js (pull #​415)
      • add support for multi section plain PKCS#5 EC PRIVATE KEY
      • test/qunit-do-keyutil-ec.html
        plain PKCS#5 EC PRIVATE KEY testcase added
    • src/asn1csr-1.0.js
      document fix (pull #​356)
    • npm_util/Makefile
      merged (pull #​216)
    • src/rsasign-1.2.js
      merged for RegExp (pull #​419)
    • src/asn1-1.0.js
      merged for strict fix (pull #​389)
    • src/crypto-1.0.js
      document fix in return of decrypt method (issue #​383)
    • src/x509-1.1.js
      onelineToLDAP sample added in document (issue #​428)

v8.0.13: mitigate minerva attack

Compare Source

  • Changes from 8.0.12 to 8.0.13 (2020-Mar-31)
    • LICENSE.txt
      • fixed wrong description from BSD to MIT License
    • ext/ec.js
    • test/qunit-do-crypto-ecdsa.html
      • testcase fix
    • sample_node/tsr2certs added
      • script to extract certificates from timestamp response or token
    • npm
      • ECPointFp, ECCurveFp and ECFieldElementFp are now exported.
SECURITY ADVISORY

jsrsasign from 4.0.0 to 8.0.12 affects Minerva timing attack vulnerability.
https://minerva.crocs.fi.muni.cz/

  • Minerva is one of timing attack or side channel attack for EC.
  • If you don't use ECDSA class, you are not affected the vulnerability.
  • The vulnerability is that attacker may guess private key
    by checking processing time of EC key generation or ECDSA signing.
  • The cause issue is that point multiplication processing time in ECDSA signing is depends on
    private key value.
  • After 8.0.13, processing time of point multiplication in ECDSA signing have become
    constant for key value in theory.
  • See also this security advisory in detail.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Author

renovate bot commented Jan 19, 2024

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: amp-update-cache/package-lock.json

@renovate renovate bot force-pushed the renovate/npm-jsrsasign-vulnerability branch from 664e36c to 1d3c6de Compare August 8, 2024 20:57
@renovate renovate bot changed the title Update dependency jsrsasign to v11 [SECURITY] Update dependency jsrsasign to v10 [SECURITY] Aug 8, 2024
@renovate Renovate
Copy link
Author

renovate bot commented Aug 8, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: amp-update-cache/package-lock.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants