1.3.0 - 2022-03-17
Security
Three RSA PKCS#1 v1.5 signature verification issues were reported by MoosaYahyazadeh (moosa-yahyazadeh@uiowa.edu).
HIGH: Leniency in checkingdigestAlgorithm structure can lead tosignature forgery.
The code is lenient in checking the digest algorithm structure. This canallow a crafted structure that steals padding bytes and uses uncheckedportion of the PKCS#1 encoded message to forge a signature when a lowpublic exponent is being used. For more information, please see"Bleichenbacher's RSA signature forgery based on implementationerror"by Hal Finney.
CVE ID:CVE-2022-24771
GHSA ID:GHSA-cfm4-qjh2-4765
HIGH: Failing to check tailing garbage bytes can lead to signatureforgery.
The code does not check for tailing garbage bytes after decoding aDigestInfo ASN.1 structure. This can allow padding bytes to be removedand garbage data added to forge a signature when a low public exponent isbeing used. For more information, please see"Bleichenbacher's RSAsignature forgery based on implementationerror"by Hal Finney.
CVE ID:CVE-2022-24772
GHSA ID:GHSA-x4jg-mjrx-434g
MEDIUM: Leniency in checking type octet.
DigestInfo is not properly checked for proper ASN.1 structure. This canlead to successful verification with signatures that contain invalidstructures but a valid digest.
CVE ID:CVE-2022-24773
GHSA ID:GHSA-2r2c-g63r-vccr
Fixed
[asn1] Add fallback to pretty print invalid UTF8 data.
[asn1]fromDer is now more strict and will default to ensuring all inputbytes are parsed or throw an error. A new optionparseAllBytes can disablethis behavior.
NOTE: The previous behavior is being changed since it can lead tosecurity issues with crafted inputs. It is possible that code doing customDER parsing may need to adapt to this new behavior and optional flag.
[rsa] Add and use a validator to check for proper structure of parsed ASN.1RSASSA-PKCS-v1_5DigestInfo data. Additionally check that the hashalgorithm identifier is a known value from RFC 8017PKCS1-v1-5DigestAlgorithms. An invalidDigestInfo or algorithm identifierwill now throw an error.
NOTE: The previous lenient behavior is being changed to be more strictsince it could lead to security issues with crafted inputs. It is possiblethat code may have to handle the errors from these stricter checks.

... (truncated)

Commits

6c5b901 Release 1.3.0.
0f3972a Update changelog.
dc77b39 Fix error checking.
bb822c0 Add advisory links.
d4395fe Update changelog.
a4405bb Improve signature verification tests.
aa9372d Add missing RFC 8017 algorithm identifiers.
3f0b49a Fix signature verification issues.
c20f309 Adjust remaining length.
e27f612 Remove unused option.
Additional commits viewable incompare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from theSecurity Alerts page.

chore(deps): bump node-forge from 0.10.0 to 1.3.0 in /ui/packages/ce

ef44572

Bumps [node-forge](https://github.com/digitalbazaar/forge) from 0.10.0 to 1.3.0.- [Release notes](https://github.com/digitalbazaar/forge/releases)- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)- [Commits](digitalbazaar/forge@0.10.0...v1.3.0)---updated-dependencies:- dependency-name: node-forge  dependency-type: indirect...Signed-off-by: dependabot[bot] <support@github.com>

dependabotbot added dependencies

Pull requests that update a dependency file

javascriptPull requests that update Javascript code labels

Mar 23, 2022

Copy link

CLAassistant commentedMar 23, 2022

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign ourContributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let usrecheck it.}