Skip to content

RSA decryption and RSA signature validation maleability fix

Compare
Choose a tag to compare
@kjur kjur released this 20 Jun 13:28
· 165 commits to master since this release

JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14967 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros

  • Changes from 8.0.17 to 8.0.18
    • ext/rsa2.js
      • RSADecrypt fixed for zero prepending maleability (#439)
      • RSADecryptOAEP fixed for zero prepending maleability
    • src/rsasign.js
      • verifyWithMessageHash fixed for zero prepending maleability
    • test
      • qunit-do-crypto-cipher.html: some test case added for above