change not to raise error when subject name is empty in CSR
src/x509.js
X509.parseExt
add support for CSR extension request field
src/asn1hex.js
ASN1HEX.getIdxbyList
small update for exception
test/
qunit-do-{asn1csr, x509}.html to add tests for above.
ECDSA signature validation maleability fix and others
Changes from 8.0.18 to 8.0.19
src/ecdsa-mod.js
ECDSA.verifyHex fixed for some types of maleability (#437)
src/asn1hex.js
ASN1HEX.checkStrictDER added
src/asn1x509.js
It's founded that OpenSSL's DN representation like
"/C=US/O=test" is "compat" format. So those methods
are added and existing method is now deprecated.
X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
X500Name.{ldapToCompat, compatToLdap} are added.
src/x509.js
update for compatToLdap and ldapToCompat
src/crypto.js
document update
RSA decryption and RSA signature validation maleability fix
Changes from 8.0.17 to 8.0.18
ext/rsa2.js
RSADecrypt fixed for zero prepending maleability (#439)
RSADecryptOAEP fixed for zero prepending maleability
src/rsasign.js
verifyWithMessageHash fixed for zero prepending maleability
test
qunit-do-crypto-cipher.html: some test case added for above
RSAPSS verification maleability fix and others
Changes from 8.0.16 to 8.0.17
src/rsasign.js
verifyWithMessageHashPSS fixed for prepending zeros maleability (#438)
change not to raise error when subject name is empty in CSR
src/x509.js
X509.parseExt
add support for CSR extension request field
src/asn1hex.js
ASN1HEX.getIdxbyList
small update for exception
test/
qunit-do-{asn1csr, x509}.html to add tests for above.
ECDSA signature validation maleability fix and others
Changes from 8.0.18 to 8.0.19
src/ecdsa-mod.js
ECDSA.verifyHex fixed for some types of maleability (#437)
src/asn1hex.js
ASN1HEX.checkStrictDER added
src/asn1x509.js
It's founded that OpenSSL's DN representation like
"/C=US/O=test" is "compat" format. So those methods
are added and existing method is now deprecated.
X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
X500Name.{ldapToCompat, compatToLdap} are added.
src/x509.js
update for compatToLdap and ldapToCompat
src/crypto.js
document update
RSA decryption and RSA signature validation maleability fix
Changes from 8.0.17 to 8.0.18
ext/rsa2.js
CVE-2020-14967 RSADecrypt fixed for zero prepending maleability (#439)
RSADecryptOAEP fixed for zero prepending maleability
src/rsasign.js
verifyWithMessageHash fixed for zero prepending maleability
test
qunit-do-crypto-cipher.html: some test case added for above
Changes from 8.0.16 to 8.0.17
src/rsasign.js
CVE-2020-14968
verifyWithMessageHashPSS fixed for prepending zeros maleability (#438)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/oauthinaction/oauth-in-action-code/network/alerts).
Bumps jsrsasign from 5.1.0 to 8.0.20.
Release notes
Sourced from jsrsasign's releases.
Changelog
Sourced from jsrsasign's changelog.
Commits
adc64c8
8.0.20 release6ef0205
Update README.md59cc1cc
8.0.19 release6efc23a
8.0.18 release6087412
8.0.18 release861ab27
8.0.17 release3bcc088
#442 RSAGenerate key length issue fix108c7df
comment update12fdf1b
Merge pull request #441 from ilmesi/master6fa9716
Merge pull request #440 from augjoh/masterDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/oauthinaction/oauth-in-action-code/network/alerts).