RSAPSS verification maleability fix and others
JSRSASIGN SECURITY ADVISORY : 2020.06.22 CVE-2020-14968 RSA-PSS signature validation vulnerability by prepending zeros
- Changes from 8.0.16 to 8.0.17
- src/rsasign.js
- verifyWithMessageHashPSS fixed for prepending zeros maleability (#438)
- src/asn1x509.js
- allow alternative algorithms to sign CRLs (#440)
- src/asn1cms.js
- improve CMSUtil.newSignedData helper with detached signatures (#441)
- ext/rsa2.js
- RSAGenerate fixed for not having requesting key length (#442)
- sample_node
- pemtobin was fixed for pemtohex function
- test
- src/rsasign.js