ECDSA.verifyHex fixed for some types of maleability (#437)
src/asn1hex.js
ASN1HEX.checkStrictDER added
src/asn1x509.js
It's founded that OpenSSL's DN representation like
"/C=US/O=test" is "compat" format. So those methods
are added and existing method is now deprecated.
X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
X500Name.{ldapToCompat, compatToLdap} are added.
src/x509.js
update for compatToLdap and ldapToCompat
src/crypto.js
document update
RSA decryption and RSA signature validation maleability fix
change not to raise error when subject name is empty in CSR
src/x509.js
X509.parseExt
add support for CSR extension request field
src/asn1hex.js
ASN1HEX.getIdxbyList
small update for exception
test/
qunit-do-{asn1csr, x509}.html to add tests for above.
ECDSA signature validation maleability fix and others
Changes from 8.0.18 to 8.0.19
src/ecdsa-mod.js
ECDSA.verifyHex fixed for some types of maleability (#437)
src/asn1hex.js
ASN1HEX.checkStrictDER added
src/asn1x509.js
It's founded that OpenSSL's DN representation like
"/C=US/O=test" is "compat" format. So those methods
are added and existing method is now deprecated.
X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
X500Name.{ldapToCompat, compatToLdap} are added.
src/x509.js
update for compatToLdap and ldapToCompat
src/crypto.js
document update
RSA decryption and RSA signature validation maleability fix
Changes from 8.0.17 to 8.0.18
ext/rsa2.js
CVE-2020-14967 RSADecrypt fixed for zero prepending maleability (#439)
RSADecryptOAEP fixed for zero prepending maleability
src/rsasign.js
verifyWithMessageHash fixed for zero prepending maleability
test
qunit-do-crypto-cipher.html: some test case added for above
Changes from 8.0.16 to 8.0.17
src/rsasign.js
CVE-2020-14968
verifyWithMessageHashPSS fixed for prepending zeros maleability (#438)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GuardianTheater/guardian-theater-indexeddb/network/alerts).
dependabot[bot]
commented
3 years ago
Bumps jsrsasign from 8.0.15 to 8.0.20.
Release notes
Sourced from jsrsasign's releases.
Changelog
Sourced from jsrsasign's changelog.
Commits
adc64c88.0.20 release6ef0205Update README.md59cc1cc8.0.19 release6efc23a8.0.18 release60874128.0.18 release861ab278.0.17 release3bcc088#442 RSAGenerate key length issue fix108c7dfcomment update12fdf1bMerge pull request #441 from ilmesi/master6fa9716Merge pull request #440 from augjoh/masterDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GuardianTheater/guardian-theater-indexeddb/network/alerts).