json-jwt 1.6.4 → 1.6.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/json/jwe.rb +2 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c9eaaadc2d5b284f093def37ce0cd9011c9fa77f
4
- data.tar.gz: b86f15824f4bd1c6bc7fd96b4dc8eb045f0b8e28
3
+ metadata.gz: d7e756e4a3637cbcd2c1b84e74793ab3c1d4e4cc
4
+ data.tar.gz: 272c01171561942b5cfb9dbecc0dcfa62d72741b
5
5
  SHA512:
6
- metadata.gz: f1a22bf9ba1a68f2d07abfb522b175ebb7d135a6e839484d50018c07f6bba4a69d7be7d3606314acb327a4cfc696f81d95ed35ab6aa7df7e351c975bf39eb71b
7
- data.tar.gz: 9a56462a3090504d2fd4ad5f5b567f8d0ad2691438a419171b12e0f3d503e5a62fb526aeacce12cb8b561abdcfefbce84475d727faee095cff2054cd4cec8411
6
+ metadata.gz: f37bdefb9acc1ad253ea9599c320f7cbd13c00e636806ea0b44d33a177d25b4248857834c23a8f9b53fd97b78a1793200f0242c12175ebded3f6d0e765596a8f
7
+ data.tar.gz: 03dccfe00452b6c1b67737e89be965db978bdb0c3ee26d5f7a67ab9429a6e05aacdb5aa6277d9b6f2b54a36581b6787ad774ab47d99227d65b69251ed516a08e
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.6.4
1
+ 1.6.5
data/lib/json/jwe.rb CHANGED
@@ -213,6 +213,7 @@ module JSON
213
213
  # decryption
214
214
 
215
215
  def decrypt_content_encryption_key
216
+ fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
216
217
  case algorithm.try(:to_sym)
217
218
  when :RSA1_5
218
219
  private_key_or_secret.private_decrypt jwe_encrypted_key
@@ -234,7 +235,7 @@ module JSON
234
235
  raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
235
236
  end
236
237
  rescue OpenSSL::PKey::PKeyError
237
- generate_content_encryption_key
238
+ fake_content_encryption_key
238
239
  end
239
240
 
240
241
  def verify_cbc_authentication_tag!
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.4
4
+ version: 1.6.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake