Releases: lestrrat-go/jwx
Releases · lestrrat-go/jwx
[SECURITY] v1.2.26
v1.2.26 - 14 Jun 2023
[Security]
* Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
@shogo82148.
Please note that v0 versions will NOT receive fixes.
This release fixes these vulnerabilities for the v1 series.
v2.0.10
v2.0.10 - 12 Jun 2023
[New Features]
* [jwe] (EXPERIMENTAL) Added `jwe.KeyEncrypter` and `jwe.KeyDecrypter` interfaces
that works in similar ways as how `crypto.Signer` works for signature
generation and verification. It can act as the interface for your encryption/decryption
keys that are for example stored in an hardware device.
This feature is labeled experimental because the API for the above interfaces have not
been battle tested, and may need to changed yet. Please be aware that until the API
is deemed stable, you may have to adapat our code to these possible changes,
_even_ during minor version upgrades of this library.
[Bug fixes]
* Registering JWS signers/verifiers did not work since v2.0.0, because the
way we handle algorithm names changed in 2aa98ce6884187180a7145b73da78c859dd46c84.
(We previously thought that this would be checked by the example code, but it
apparently failed to flag us properly)
The logic behind managing the internal database has been fixed, and
`jws.RegisterSigner` and `jws.RegisterVerifier` now properly hooks into the new
`jwa.RegisterSignatureAlgorithm` to automatically register new algorithm names
(#910, #911)
[Miscellaneous]
* Added limited support for github.com/segmentio/asm/base64. Compile your code
with the `jwx_asmbase64` build tag. This feature is EXPERIMENTAL.
Through limited testing, the use of a faster base64 library provide 1~5% increase
in throughput on average. It might make more difference if the input/output is large.
If you care about this performance improvement, you should probably enable
`goccy` JSON parser as well, by specifying `jwx_goccy,jwx_asmbase64` in your build call.
* Slightly changed the way global variables underneath `jwk.Fetch` are initialized and
configured. `jwk.Fetch` creates an object that spawns wokers to fetch JWKS when it's
first called.
You can now also use `jwk.SetGlobalFetcher()` to set a fetcher object which you can
control.
v2.0.9
v2.0.9 - 21 Mar 2023
[Security Fixes]
* Updated use of golang.org/x/crypto to v0.7.0
[Bug fixes]
* Emitted PEM file for EC private key types used the wrong PEM armor (#875)
[Miscellaneous]
* Banners for generated files have been modified to allow tools to pick them up (#867)
* Remove unused variables around ReadFileOption (#866)
* Fix test failures
* Support bazel out of the box
* Now you can create JWS messages using `{"alg":"none"}`, by calling `jws.Sign()`
with `jws.WithInsecureNoSignature()` option. (#888, #890).
Note that there is no way to call
`jws.Verify()` while allowing `{"alg":"none"}` as you wouldn't be _verifying_
the message if we allowed the "none" algorithm. `jws.Parse()` will parse such
messages witout verification.
`jwt` also allows you to sign using alg="none", but there's no symmetrical
way to verify such messages.
v2.0.8
v2.0.8 - 25 Nov 2022
[Security Fixes]
* [jws][jwe] Starting from go 1.19, code related to elliptic algorithms
panics (instead of returning an error) when certain methods
such as `ScalarMult` are called using points that are not on the
elliptic curve being used.
Using inputs that cause this condition, and you accept unverified JWK
from the outside it may be possible for a third-party to cause panics
in your program.
This has been fixed by verifying that the point being used is actually
on the curve before such computations (#840)
[Miscellaneous]
* `jwx.GuessFormat` now returns `jwx.InvalidFormat` when the heuristics
is sure that the buffer format is invalid.
v2.0.7
v2.0.7 - 15 Nov 2022
[New features]
* [jwt] Each `jwt.Token` now has an `Options()` method
* [jwt] `jwt.Settings(jwt.WithFlattenedAudience(true))` has a slightly
different semantic than before. Instead of changing a global variable,
it now specifies that the default value of each per-token option for
`jwt.FlattenAudience` is true.
Therefore, this is what happens:
// No global settings
tok := jwt.New()
tok.Options.IsEnabled(jwt.FlattenAudience) // false
// With global settings
jwt.Settings(jwt.WithFlattenedAudience(true))
tok := jwt.New()
tok.Options.IsEnabled(jwt.FlattenAudience) // true
// But you can still turn FlattenAudience off for this
// token alone
tok.Options.Disable(jwt.FlattenAudience)
Note that while unlikely to happen for users relying on the old behavior,
this change DOES introduce timing issues: whereas old versions switched the
JSON marshaling for ALL tokens immediately after calling `jwt.Settings`,
the new behavior does NOT affect tokens that have been created before the
call to `jwt.Settings` (but marshaled afterwards).
So the following may happen:
// < v2.0.7
tok := jwt.New()
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten = on
// >= v2.0.7
tok := jwt.New() // flatten = off
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten = on
// >= v2.0.7
tok := jwt.New() // flatten = off
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten is still off
It is recommended that you only set the global setting once at the
very beginning of your program to avoid problems.
Also note that `Clone()` copies the settings as well.
v2.0.6
v2.0.6 - 25 Aug 2022
[Bug fixes][Security]
* [jwe] Agreement Party UInfo and VInfo (apv/apu) were not properly being
passed to the functions to compute the aad when encrypting using ECDH-ES
family of algorithms. Therefore, when using apu/apv, messages encrypted
via this module would have failed to be properly decrypted.
Please note that bogus encrypted messages would not have succeed being
decrypted (i.e. this problem does not allow spoofed messages to be decrypted).
Therefore this would not have caused unwanted data to to creep in --
however it did pose problems for data to be sent and decrypted from this module
when using ECDH-ES with apu/apv.
While not extensively tested, we believe this regression was introduced
with the v2 release.
v2.0.5
v2.0.4
v2.0.4 - 19 Jul 2022
[Bug Fixes]
* [jwk] github.com/lestrrat-go/httprc, which jwk.Cache depends on,
had a problem with inserting URLs to be re-fetched into its queue.
As a result it could have been the case that some JWKS were not
updated properly. Please upgrade if you use jwk.Cache.
* [jwk] cert.Get could fail with an out of bounds index look up
* [jwk] Fix doc buglet in `KeyType()` method
[New Features]
* [jws] Add `jws.WithMultipleKeysPerKeyID()` sub-option to allow non-unique
key IDs in a given JWK set. By default we assume that a key ID is unique
within a key set, but enabling this option allows you to handle JWK sets
that contain multiple keys that contain the same key ID.
* [jwt] Before v2.0.1, sub-second accuracy for time based fields
(i.e. `iat`, `exp`, `nbf`) were not respected. Because of this the code
to evaluate this code had always truncated any-subsecond portion
of these fields, and therefore no sub-second comparisons worked.
A new option for validation `jwt.WithTruncation()` has been added
to workaround this. This option controls the value used to truncate
the time fields. When set to 0, sub-second comparison would be
possible.
FIY, truncatation will still happen because we do not want to
use the monotonic clocks when making comparisons. It's just that
truncating using `0` as its argument effectively only strips out
the monotonic clock
v2.0.3
v2.0.2
v2.0.2 - 23 May 2022
[Bug Fixes][Security]
* [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
where the unpad operation might remove more bytes than necessary (#744)
This affects all jwx code that is available before v2.0.2 and v1.2.25.
[New Features]
* [jwt] RFC3339 timestamps are also accepted for Numeric Date types in JWT tokens.
This allows users to parse servers that errnously use RFC3339 timestamps in
some pre-defined fields. You can change this behavior by setting
`jwt.WithNumericDateParsePedantic` to `false`
* [jwt] `jwt.WithNumericDateParsePedantic` has been added. This is a global
option that is set using `jwt.Settings`