json-jwt 1.6.4 → 1.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jwe.rb +2 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d7e756e4a3637cbcd2c1b84e74793ab3c1d4e4cc
|
4
|
+
data.tar.gz: 272c01171561942b5cfb9dbecc0dcfa62d72741b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f37bdefb9acc1ad253ea9599c320f7cbd13c00e636806ea0b44d33a177d25b4248857834c23a8f9b53fd97b78a1793200f0242c12175ebded3f6d0e765596a8f
|
7
|
+
data.tar.gz: 03dccfe00452b6c1b67737e89be965db978bdb0c3ee26d5f7a67ab9429a6e05aacdb5aa6277d9b6f2b54a36581b6787ad774ab47d99227d65b69251ed516a08e
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.6.
|
1
|
+
1.6.5
|
data/lib/json/jwe.rb
CHANGED
@@ -213,6 +213,7 @@ module JSON
|
|
213
213
|
# decryption
|
214
214
|
|
215
215
|
def decrypt_content_encryption_key
|
216
|
+
fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
|
216
217
|
case algorithm.try(:to_sym)
|
217
218
|
when :RSA1_5
|
218
219
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
@@ -234,7 +235,7 @@ module JSON
|
|
234
235
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
235
236
|
end
|
236
237
|
rescue OpenSSL::PKey::PKeyError
|
237
|
-
|
238
|
+
fake_content_encryption_key
|
238
239
|
end
|
239
240
|
|
240
241
|
def verify_cbc_authentication_tag!
|