json-jwt 1.6.4 → 1.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of json-jwt might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/json/jwe.rb +2 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c9eaaadc2d5b284f093def37ce0cd9011c9fa77f
4
- data.tar.gz: b86f15824f4bd1c6bc7fd96b4dc8eb045f0b8e28
3
+ metadata.gz: d7e756e4a3637cbcd2c1b84e74793ab3c1d4e4cc
4
+ data.tar.gz: 272c01171561942b5cfb9dbecc0dcfa62d72741b
5
5
  SHA512:
6
- metadata.gz: f1a22bf9ba1a68f2d07abfb522b175ebb7d135a6e839484d50018c07f6bba4a69d7be7d3606314acb327a4cfc696f81d95ed35ab6aa7df7e351c975bf39eb71b
7
- data.tar.gz: 9a56462a3090504d2fd4ad5f5b567f8d0ad2691438a419171b12e0f3d503e5a62fb526aeacce12cb8b561abdcfefbce84475d727faee095cff2054cd4cec8411
6
+ metadata.gz: f37bdefb9acc1ad253ea9599c320f7cbd13c00e636806ea0b44d33a177d25b4248857834c23a8f9b53fd97b78a1793200f0242c12175ebded3f6d0e765596a8f
7
+ data.tar.gz: 03dccfe00452b6c1b67737e89be965db978bdb0c3ee26d5f7a67ab9429a6e05aacdb5aa6277d9b6f2b54a36581b6787ad774ab47d99227d65b69251ed516a08e
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.6.4
1
+ 1.6.5
data/lib/json/jwe.rb CHANGED
@@ -213,6 +213,7 @@ module JSON
213
213
  # decryption
214
214
 
215
215
  def decrypt_content_encryption_key
216
+ fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
216
217
  case algorithm.try(:to_sym)
217
218
  when :RSA1_5
218
219
  private_key_or_secret.private_decrypt jwe_encrypted_key
@@ -234,7 +235,7 @@ module JSON
234
235
  raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
235
236
  end
236
237
  rescue OpenSSL::PKey::PKeyError
237
- generate_content_encryption_key
238
+ fake_content_encryption_key
238
239
  end
239
240
 
240
241
  def verify_cbc_authentication_tag!
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: json-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.4
4
+ version: 1.6.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake