json-jwt 1.6.4 → 1.6.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jwe.rb +2 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d7e756e4a3637cbcd2c1b84e74793ab3c1d4e4cc
|
|
4
|
+
data.tar.gz: 272c01171561942b5cfb9dbecc0dcfa62d72741b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f37bdefb9acc1ad253ea9599c320f7cbd13c00e636806ea0b44d33a177d25b4248857834c23a8f9b53fd97b78a1793200f0242c12175ebded3f6d0e765596a8f
|
|
7
|
+
data.tar.gz: 03dccfe00452b6c1b67737e89be965db978bdb0c3ee26d5f7a67ab9429a6e05aacdb5aa6277d9b6f2b54a36581b6787ad774ab47d99227d65b69251ed516a08e
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.6.
|
|
1
|
+
1.6.5
|
data/lib/json/jwe.rb
CHANGED
|
@@ -213,6 +213,7 @@ module JSON
|
|
|
213
213
|
# decryption
|
|
214
214
|
|
|
215
215
|
def decrypt_content_encryption_key
|
|
216
|
+
fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
|
|
216
217
|
case algorithm.try(:to_sym)
|
|
217
218
|
when :RSA1_5
|
|
218
219
|
private_key_or_secret.private_decrypt jwe_encrypted_key
|
|
@@ -234,7 +235,7 @@ module JSON
|
|
|
234
235
|
raise UnexpectedAlgorithm.new('Unknown Encryption Algorithm')
|
|
235
236
|
end
|
|
236
237
|
rescue OpenSSL::PKey::PKeyError
|
|
237
|
-
|
|
238
|
+
fake_content_encryption_key
|
|
238
239
|
end
|
|
239
240
|
|
|
240
241
|
def verify_cbc_authentication_tag!
|