New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

node-forge

Package Overview
Dependencies
Maintainers
3
Versions
131
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-forge - npm Package Compare versions

Comparing version 0.6.32 to 0.6.33

2

bower.json
{
"name": "forge",
"version": "0.6.32",
"version": "0.6.33",
"description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",

@@ -5,0 +5,0 @@ "moduleType": ["amd"],

40

js/aesCipherSuites.js

@@ -6,3 +6,3 @@ /**

*
* Copyright (c) 2009-2014 Digital Bazaar, Inc.
* Copyright (c) 2009-2015 Digital Bazaar, Inc.
*

@@ -236,7 +236,5 @@ */

// create a zero'd out mac
var mac = '';
for(var i = 0; i < macLen; ++i) {
mac += String.fromCharCode(0);
}
// create a random MAC to check against should the mac length check fail
// Note: do this regardless of the failure to keep timing consistent
var mac = forge.random.getBytesSync(macLen);

@@ -258,6 +256,34 @@ // get fragment and mac

s.updateSequenceNumber();
rval = (mac2 === mac) && rval;
rval = compareMacs(s.macKey, mac, mac2) && rval;
return rval;
}
/**
* Safely compare two MACs. This function will compare two MACs in a way
* that protects against timing attacks.
*
* TODO: Expose elsewhere as a utility API.
*
* See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
*
* @param key the MAC key to use.
* @param mac1 as a binary-encoded string of bytes.
* @param mac2 as a binary-encoded string of bytes.
*
* @return true if the MACs are the same, false if not.
*/
function compareMacs(key, mac1, mac2) {
var hmac = forge.hmac.create();
hmac.start('SHA1', key);
hmac.update(mac1);
mac1 = hmac.digest().getBytes();
hmac.start(null, null);
hmac.update(mac2);
mac2 = hmac.digest().getBytes();
return mac1 === mac2;
}
} // end module implementation

@@ -264,0 +290,0 @@

2

package.json
{
"name": "node-forge",
"version": "0.6.32",
"version": "0.6.33",
"description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",

@@ -5,0 +5,0 @@ "homepage": "http://github.com/digitalbazaar/forge",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc