sshpk - npm Package Compare versions

Comparing version 1.17.0 to 1.18.0

lib/formats/pkcs8.js

@@ -388,9 +388,13 @@ // Copyright 2018 Joyent, Inc.
 
-	var A;
-	if (der.peek() === asn1.Ber.BitString) {
-		A = utils.readBitString(der);
-		A = utils.zeroPadToLength(A, 32);
-	} else {
+	var A, tag;
+	while ((tag = der.peek()) !== null) {
+		if (tag === (asn1.Ber.Context | 1)) {
+			A = utils.readBitString(der, tag);
+		} else {
+			der.readSequence(tag);
+			der._offset += der.length;
+		}
+	}
+	if (A === undefined)
 		A = utils.calculateED25519Public(k);
-	}
 
@@ -439,4 +443,7 @@ var key = {
 	if (PrivateKey.isPrivateKey(key)) {
-		var sillyInt = Buffer.from([0]);
-		der.writeBuffer(sillyInt, asn1.Ber.Integer);
+		var version = 0;
+		if (key.type === 'ed25519')
+			version = 1;
+		var vbuf = Buffer.from([version]);
+		der.writeBuffer(vbuf, asn1.Ber.Integer);
 	}
@@ -470,5 +477,5 @@
 		if (PrivateKey.isPrivateKey(key))
-			throw (new Error('Ed25519 private keys in pkcs8 ' +
-			    'format are not supported'));
-		writePkcs8EdDSAPublic(key, der);
+			writePkcs8EdDSAPrivate(key, der);
+		else
+			writePkcs8EdDSAPublic(key, der);
 		break;
@@ -630,6 +637,11 @@ default:
 
-	var k = utils.mpNormalize(key.part.k.data, true);
 	der.startSequence(asn1.Ber.OctetString);
+	var k = utils.mpNormalize(key.part.k.data);
+	/* RFCs call for storing exactly 32 bytes, so strip any leading zeros */
+	while (k.length > 32 && k[0] === 0x00)
+		k = k.slice(1);
 	der.writeBuffer(k, asn1.Ber.OctetString);
 	der.endSequence();
+
+	utils.writeBitString(der, key.part.A.data, asn1.Ber.Context | 1);
 }

package.json

 {
   "name": "sshpk",
-  "version": "1.17.0",
+  "version": "1.18.0",
   "description": "A library for finding and using SSH public keys",
@@ -52,4 +52,3 @@ "main": "lib/index.js",
   },
-  "optionalDependencies": {
-  },
+  "optionalDependencies": {},
   "devDependencies": {
@@ -56,0 +55,0 @@ "tape": "^3.5.0",

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

230846

increased by0.15%

Lines of code

5958

increased by0.18%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes