RSA decryption and RSA signature validation maleability fix
JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14967 RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros
- Changes from 8.0.17 to 8.0.18
- ext/rsa2.js
- RSADecrypt fixed for zero prepending maleability (#439)
- RSADecryptOAEP fixed for zero prepending maleability
- src/rsasign.js
- verifyWithMessageHash fixed for zero prepending maleability
- test
- qunit-do-crypto-cipher.html: some test case added for above
- ext/rsa2.js