You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MAJOR SECURITY FIX: Signature verification methods now return v8::Boolean values instead of v8::BooleanObject. A BooleanObject, being an object, is evaluated as such and does not comply with deep equality with a boolean value in JavaScript, even if the BooleanObject holds the same value. And unless an explicit equality test is written (isValid == true or isValid == false),
it leads to the wrong result. Taking JS development habits into account, this can rapidly leads to validating invalid signatures, as shown by this gist. I deeply apologize for that.
Moving to Crypto++ 5.6.3 (hence simplifying the build process on latest versions of Mac OS X)
Better testing scripts
Added fuzzing tests (can be ran by executing node test.js fuzzing). It turns out that Crypto++ doesn't play nice with randomized inputs.
Better error handling. Catches CryptoPP::Exception and throws their message in a JS Error. Note however than not all exceptions that happen in Crypto++ are thrown as such (some just print out an error message, without being catch-able), so it's not perfect
