{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":35793118,"defaultBranch":"master","name":"libjwt","ownerLogin":"benmcollins","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2015-05-18T02:42:43.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/320303?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1715863265.0","currentOid":""},"activityList":{"items":[{"before":"8ade7d8ae1ea8e341085a93c6749ae79942ea621","after":"625c2c2522226c199769de8f62c71631e8f2acba","ref":"refs/heads/master","pushedAt":"2024-05-16T12:40:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"v1.17.1\n\nSigned-off-by: Ben Collins <bcollins@swissdisk.com>","shortMessageHtmlLink":"v1.17.1"}},{"before":"43b640c5076e2166287710fa5c3d7054f0228f97","after":"8ade7d8ae1ea8e341085a93c6749ae79942ea621","ref":"refs/heads/master","pushedAt":"2024-05-14T12:23:32.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Use correct check functions\n\nck_assert_ptr_null\nck_assert_ptr_nonnull\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Use correct check functions"}},{"before":"1476ec1595ec9e8e5ce97a49d1cc00d667e7cc03","after":"43b640c5076e2166287710fa5c3d7054f0228f97","ref":"refs/heads/master","pushedAt":"2024-04-11T11:38:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Implement dump grants as string","shortMessageHtmlLink":"Implement dump grants as string"}},{"before":"15d6362c73c5d5705d20ffa96bffd4818d08c6bb","after":"1476ec1595ec9e8e5ce97a49d1cc00d667e7cc03","ref":"refs/heads/master","pushedAt":"2024-03-10T20:17:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix compilation\n\njwt-openssl.c:192:27: error: ‘RSA_PKCS1_PSS_PADDING’ undeclared (first use in this function)\n  192 |                 padding = RSA_PKCS1_PSS_PADDING;\n      |                           ^~~~~~~~~~~~~~~~~~~~~\n\njwt.c:1620: error: 'for' loop initial declaration used outside C99 mode\n\nSigned-off-by: Orgad Shaneh <orgad.shaneh@audiocodes.com>","shortMessageHtmlLink":"Fix compilation"}},{"before":"321f616518d1229b866b4b38df4ff451758961e6","after":"15d6362c73c5d5705d20ffa96bffd4818d08c6bb","ref":"refs/heads/master","pushedAt":"2024-02-10T13:29:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Rework the disabling of RSA-PSS on OpenSSL builds\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Rework the disabling of RSA-PSS on OpenSSL builds"}},{"before":"7c91b8b85e99fbc41b855ac56599299880f55514","after":"321f616518d1229b866b4b38df4ff451758961e6","ref":"refs/heads/master","pushedAt":"2024-02-10T13:21:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Update travis build env to Jammy\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Update travis build env to Jammy"}},{"before":"774f499d591ba20faf4c47809d0a4eba935975eb","after":"7c91b8b85e99fbc41b855ac56599299880f55514","ref":"refs/heads/master","pushedAt":"2024-02-09T16:37:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Bump Ubuntu version to get GnuTLS build working\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Bump Ubuntu version to get GnuTLS build working"}},{"before":"d12a0f6a2e55024fa13c560a23bfca761206602f","after":"774f499d591ba20faf4c47809d0a4eba935975eb","ref":"refs/heads/master","pushedAt":"2024-02-09T16:34:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Disable GnuTLS build on CI for now.\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Disable GnuTLS build on CI for now."}},{"before":"e42b1ada9a50ea7134c7f8be51debaf85904beea","after":"796285d03f223f9be9cfd29a61cced9cc92892bc","ref":"refs/heads/gh-pages","pushedAt":"2024-02-09T16:19:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"v1.17.0\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"v1.17.0"}},{"before":"43dde348283ec6ba0050f2da3184594d1650d657","after":"d12a0f6a2e55024fa13c560a23bfca761206602f","ref":"refs/heads/master","pushedAt":"2024-02-09T16:18:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix link in README.md\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Fix link in README.md"}},{"before":"ba9b9706124d38dac1f2b731c1b066731446c130","after":"43dde348283ec6ba0050f2da3184594d1650d657","ref":"refs/heads/master","pushedAt":"2024-02-09T16:08:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"v1.17.0\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"v1.17.0"}},{"before":"a5d61ef4f1b383876e0a78534383f38159471fd6","after":"ba9b9706124d38dac1f2b731c1b066731446c130","ref":"refs/heads/master","pushedAt":"2024-02-09T16:03:53.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix errors from lcov\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Fix errors from lcov"}},{"before":"f73bac57c5bece16ac24f1a70022aa34355fc1bf","after":"a5d61ef4f1b383876e0a78534383f38159471fd6","ref":"refs/heads/master","pushedAt":"2024-02-09T14:52:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Rework jwt_strcmp() to use less branching\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Rework jwt_strcmp() to use less branching"}},{"before":"c3b9296399ef0e2db15d80747cfeb91b3b8f9f0b","after":"f73bac57c5bece16ac24f1a70022aa34355fc1bf","ref":"refs/heads/master","pushedAt":"2024-02-09T14:18:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Implement a safer strcmp() function\n\nAs noted, the strcmp() function can be used for time-based side attacks.\n\nI tried to test this and could not find a reasonable way to implement\nthis attack for several reasons:\n\n1) strcmp() is optimized to compare 4 and 8 bytes at a time when possible\n   on almost every modern system, making the attack almost impossible.\n2) Running 128 million iterations of strcmp() for a single byte attack\n   gave sub-nanosecond average differences (locally on same excution stack)\n   and almost as often as the comparison was correct, it was also wrong in\n   the reverse sense (i.e. two byte strcmp() took less time than single\n   byte).\n3) Adding noise from network, application stack, web server, etc. would\n   only add to the failure rate of guessing the differences above.\n\nErwan noted that there are proofs out there showing that signal noise\nreduction can make this guessing more \"accurate\", but this proof also\nnoted it would take up to 4 billion guesses to completely cover this\nattack surface. The claim was that 50k attempts per second would break\na 256-bit hmac in 22 hours. While this isn't impossible, it's very\nimplausible.\n\nHowever, for the sake of cryptographic correctness, I implemented\njwt_strcmp() which always compares all bytes, and does so up to the\nlongest string in the 2-string set, without passing string boundaries.\n\nThis makes it time-consistent for len(max(a,b)) comparisons. I proofed\nthis using a 128 million interation average for various scenarious.\n\nReported-by: Erwan Legrand <moi@erwanlegrand.com>\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Implement a safer strcmp() function"}},{"before":"323fb1c76f435b2d0d57f992ffa2a6cdc0d9f397","after":"c3b9296399ef0e2db15d80747cfeb91b3b8f9f0b","ref":"refs/heads/master","pushedAt":"2024-02-09T14:15:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Implement a safer strcmp() function\n\nAs noted, the strcmp() function can be used for time-based side attacks.\n\nI tried to test this and could not find a reasonable way to implement\nthis attack for several reasons:\n\n1) strcmp() is optimized to compare 4 and 8 bytes at a time when possible\n   on almost every modern system, making the attack almost impossible.\n2) Running 128 million iterations of strcmp() for a single byte attack\n   gave sub-nanosecond average differences (locally on same excution stack)\n   and almost as often as the comparison was correct, it was also wrong in\n   the reverse sense (i.e. two byte strcmp() took less time than single\n   byte).\n3) Adding noise from network, application stack, web server, etc. would\n   only add to the failure rate of guessing the differences above.\n\nErwan noted that there are proofs out there showing that signal noise\nreduction can make this guessing more \"accurate\", but this proof also\nnoted it would take up to 4 billion guesses to completely cover this\nattack surface. The claim was that 50k attempts per second would break\na 256-bit hmac. While this isn't impossible, it's very implausible.\n\nHowever, for the sake of cryptographic correctness, I implemented\njwt_strcmp() which always compares all bytes, and does so up to the\nlongest string in the 2-string set, without passing string boundaries.\n\nThis makes it time-consistent for len(max(a,b)) comparisons. I proofed\nthis using a 128 million interation average for various scenarious.\n\nReported-by: Erwan Legrand <moi@erwanlegrand.com>\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Implement a safer strcmp() function"}},{"before":"97336f4d980bd4b6400f046e64e261c68e50bed2","after":"323fb1c76f435b2d0d57f992ffa2a6cdc0d9f397","ref":"refs/heads/master","pushedAt":"2023-11-15T11:55:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix error when using provided jansson\n\nUnknown CMake command \"PKG_SEARCH_MODULE\".","shortMessageHtmlLink":"Fix error when using provided jansson"}},{"before":"11b69a8c1388d13a17fae30e77c5a9674447979e","after":"97336f4d980bd4b6400f046e64e261c68e50bed2","ref":"refs/heads/master","pushedAt":"2023-09-26T15:48:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Proper format for command line examples\n\nSigned-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>","shortMessageHtmlLink":"Proper format for command line examples"}},{"before":"2f80fb5e3fb4ef5f20b4e6e5ca20715681c3328a","after":"11b69a8c1388d13a17fae30e77c5a9674447979e","ref":"refs/heads/master","pushedAt":"2023-09-26T15:36:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix more typos - not found by codespell!\n\nSigned-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>","shortMessageHtmlLink":"Fix more typos - not found by codespell!"}},{"before":"ca8984e357641fe996a8e71a723520e4f382c033","after":"2f80fb5e3fb4ef5f20b4e6e5ca20715681c3328a","ref":"refs/heads/master","pushedAt":"2023-09-26T14:37:20.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Update copyright year\n\nSigned-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>","shortMessageHtmlLink":"Update copyright year"}},{"before":"b5a9fa8abd9d060e2997bb58df890207cfd9d15f","after":"ca8984e357641fe996a8e71a723520e4f382c033","ref":"refs/heads/master","pushedAt":"2023-09-26T14:34:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Consistent C style\n\nFound by running the checkpatch.pl script from Linux.\n\nSigned-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>","shortMessageHtmlLink":"Consistent C style"}},{"before":"461298262157a5aea6d2e652c3cc3386ebab86a4","after":"b5a9fa8abd9d060e2997bb58df890207cfd9d15f","ref":"refs/heads/master","pushedAt":"2023-09-26T14:17:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Consistent indentation\n\n* tabs, not spaces\n* no trailing spaces\n* switch/case at the same column","shortMessageHtmlLink":"Consistent indentation"}},{"before":"c276dc7cdb759035e36a7854c5f0ec9ea5e1d76d","after":"461298262157a5aea6d2e652c3cc3386ebab86a4","ref":"refs/heads/master","pushedAt":"2023-09-26T11:20:47.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix typos found by codespell\n\nSigned-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>","shortMessageHtmlLink":"Fix typos found by codespell"}},{"before":"b309a4ff2c7e811f6020ed03eac94e55b00e17c3","after":"c276dc7cdb759035e36a7854c5f0ec9ea5e1d76d","ref":"refs/heads/master","pushedAt":"2023-07-14T12:50:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Remove debug fprintf\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Remove debug fprintf"}},{"before":"1780ce48c0736a37977e6ed202944ce7ee2b8a54","after":"b309a4ff2c7e811f6020ed03eac94e55b00e17c3","ref":"refs/heads/master","pushedAt":"2023-07-14T12:49:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Correct tests cases for rsa-pss\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Correct tests cases for rsa-pss"}},{"before":"ab80ff8d617042b105d7e535bf05406ba7b17fe6","after":"1780ce48c0736a37977e6ed202944ce7ee2b8a54","ref":"refs/heads/master","pushedAt":"2023-07-12T11:59:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Fix RSA-PSS test case.\n\nOpenSSL isn't working for PS* algos, but GnuTLS is (verified via JWT.io).\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Fix RSA-PSS test case."}},{"before":"7ef3075bb004470b38990794b64dc06fa9f3105c","after":"ab80ff8d617042b105d7e535bf05406ba7b17fe6","ref":"refs/heads/master","pushedAt":"2023-07-11T16:53:49.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Move jwt_exception_str() to validation section in jwt.h\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Move jwt_exception_str() to validation section in jwt.h"}},{"before":"b0790a803bb627fa250adf8eb4ebdb0e3600f505","after":"7ef3075bb004470b38990794b64dc06fa9f3105c","ref":"refs/heads/master","pushedAt":"2023-07-11T16:40:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Add jwt_exception_str()\n\nGive clients an easy way to tell users what went wrong.","shortMessageHtmlLink":"Add jwt_exception_str()"}},{"before":"9703fa4a974e1fe462b8af463e64e5777726f02a","after":"b0790a803bb627fa250adf8eb4ebdb0e3600f505","ref":"refs/heads/master","pushedAt":"2023-07-11T16:31:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"v1.16.0\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"v1.16.0"}},{"before":"ba02aad492abc2f981e49ab932d0a94f13c5c509","after":"9703fa4a974e1fe462b8af463e64e5777726f02a","ref":"refs/heads/master","pushedAt":"2023-07-11T16:04:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Separate RSA-PSS tests and add some more coverage\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Separate RSA-PSS tests and add some more coverage"}},{"before":"c2538b25064abea6f3ae8143f4e1f6db253b121e","after":"ba02aad492abc2f981e49ab932d0a94f13c5c509","ref":"refs/heads/master","pushedAt":"2023-07-11T13:05:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"benmcollins","name":"Ben Collins","path":"/benmcollins","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/320303?s=80&v=4"},"commit":{"message":"Get GnuTLS working with RSA-PSS algos\n\nSigned-off-by: Ben Collins <bcollins@maclara-llc.com>","shortMessageHtmlLink":"Get GnuTLS working with RSA-PSS algos"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAES5xjewA","startCursor":null,"endCursor":null}},"title":"Activity · benmcollins/libjwt"}