Comparing version 3.2.0 to 3.2.1
{ | ||
"name": "crypto-js", | ||
"version": "3.2.0", | ||
"version": "3.2.1", | ||
"description": "JavaScript library of crypto standards.", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
60
core.js
@@ -16,2 +16,4 @@ ;(function (root, factory) { | ||
/*globals window, global, require*/ | ||
/** | ||
@@ -22,2 +24,26 @@ * CryptoJS core components. | ||
var crypto; | ||
// Native crypto from window (Browser) | ||
if (typeof window !== 'undefined' && window.crypto) { | ||
crypto = window.crypto; | ||
} | ||
// Native (experimental IE 11) crypto from window (Browser) | ||
if (!crypto && typeof window !== 'undefined' && window.msCrypto) { | ||
crypto = window.msCrypto; | ||
} | ||
// Native crypto from global (NodeJS) | ||
if (!crypto && typeof global !== 'undefined' && global.crypto) { | ||
crypto = global.crypto; | ||
} | ||
// Native crypto import via require (NodeJS) | ||
if (!crypto && typeof require === 'function') { | ||
try { | ||
crypto = require('crypto'); | ||
} catch (err) {} | ||
} | ||
/* | ||
@@ -28,21 +54,19 @@ * Cryptographically secure pseudorandom number generator | ||
*/ | ||
var secureRandom = function () { | ||
// Native crypto module on NodeJS environment | ||
try { | ||
// Crypto from global object | ||
var crypto = global.crypto; | ||
var cryptoSecureRandomInt = function () { | ||
if (crypto) { | ||
// Use getRandomValues method (Browser) | ||
if (typeof crypto.getRandomValues === 'function') { | ||
try { | ||
return crypto.getRandomValues(new Uint32Array(1))[0]; | ||
} catch (err) {} | ||
} | ||
// Create a random float number between 0 and 1 | ||
return Number('0.' + crypto.randomBytes(3).readUIntBE(0, 3)); | ||
} catch (err) {} | ||
// Use randomBytes method (NodeJS) | ||
if (typeof crypto.randomBytes === 'function') { | ||
try { | ||
return crypto.randomBytes(4).readInt32LE(); | ||
} catch (err) {} | ||
} | ||
} | ||
// Native crypto module in Browser environment | ||
try { | ||
// Support experimental crypto module in IE 11 | ||
var crypto = window.crypto || window.msCrypto; | ||
// Create a random float number between 0 and 1 | ||
return Number('0.' + window.crypto.getRandomValues(new Uint32Array(1))[0]); | ||
} catch (err) {} | ||
throw new Error('Native crypto module could not be used to get secure random number.'); | ||
@@ -340,3 +364,3 @@ }; | ||
for (var i = 0; i < nBytes; i += 4) { | ||
words.push((secureRandom() * 0x100000000) | 0); | ||
words.push(cryptoSecureRandomInt()); | ||
} | ||
@@ -343,0 +367,0 @@ |
{ | ||
"name": "crypto-js", | ||
"version": "3.2.0", | ||
"version": "3.2.1", | ||
"description": "JavaScript library of crypto standards.", | ||
@@ -5,0 +5,0 @@ "license": "MIT", |
@@ -211,1 +211,26 @@ # crypto-js [![Build Status](https://travis-ci.org/brix/crypto-js.svg?branch=develop)](https://travis-ci.org/brix/crypto-js) | ||
- ```crypto-js/pad-nopadding``` | ||
## Release notes | ||
### 3.2.1 | ||
The usage of the native crypto module has been fixed. The import and access of the native crypto module has been improved. | ||
### 3.2.0 | ||
In this version `Math.random()` has been replaced by the random methods of the native crypto module. | ||
For this reason CryptoJS might does not run in some JavaScript environments without native crypto module. Such as IE 10 or before. | ||
If it's absolute required to run CryptoJS in such an environment, stay with `3.1.x` version. Encrypting and decrypting stays compatible. But keep in mind `3.1.x` versions still use `Math.random()` which is cryptographically not secure, as it's not random enough. | ||
This version came along with `CRITICAL` `BUG`. | ||
DO NOT USE THIS VERSION! Please, go for a newer version! | ||
### 3.1.x | ||
The `3.1.x` are based on the original CryptoJS, wrapped in CommonJS modules. | ||
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
433777
11304
0
236