Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix - Raise Descriptive Error for hmac_secret empty and OpenSSL 3.0 Issue #530

Merged
merged 5 commits into from
Oct 24, 2022
Merged

Bugfix - Raise Descriptive Error for hmac_secret empty and OpenSSL 3.0 Issue #530

merged 5 commits into from
Oct 24, 2022

Conversation

jonmchan
Copy link
Contributor

Fixes #526.

Changes error when utilizing empty hmac_secret from cryptic:

irb(main):017:0> JWT::Algos::Hmac.sign('HS256','test','')
...
OpenSSL::HMACError (EVP_PKEY_new_mac_key: malloc failure)

to clearer error:

irb(main):017:0> JWT::Algos::Hmac.sign('HS256','test','')
...
JWT::DecodeError (OpenSSL 3.0 does not support nil or empty hmac_secret)

@jonmchan jonmchan force-pushed the bugfix/blank-hmac-secrets branch from e0a035a to 8819fd1 Compare October 22, 2022 14:20
anakinj
anakinj reviewed Oct 24, 2022
View reviewed changes
README.md Outdated
@@ -77,7 +77,7 @@ puts decoded_token
* HS512 - HMAC using SHA-512 hash algorithm

```ruby
# The secret must be a string. A JWT::DecodeError will be raised if it isn't provided.
# The secret must be a string. With OpenSSL 3.0, JWT::DecodeError will be raised if it isn't provided.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the combination of OpenSSL 3.0 and the openssl gem prior to 3.0.1. So this comment will become less significant when time moves forward.

@jonmchan jonmchan force-pushed the bugfix/blank-hmac-secrets branch from 8819fd1 to 6382ac7 Compare October 24, 2022 14:44
@anakinj
Copy link
Member

anakinj commented Oct 24, 2022
edited
Loading

Looks great @jonmchan. Today I also learned about about the skip keyword in rspec, thank you for that:). I think that could be utilized in other places in this gem also.

Could I still bother you be so kind and add a little something into the CHANGELOG.md related to this change?

@anakinj anakinj merged commit 538c3c6 into jwt:main Oct 24, 2022
@anakinj
Copy link
Member

anakinj commented Oct 24, 2022

Thank you for your effort on this. Highly appreciated!

@jonmchan jonmchan deleted the bugfix/blank-hmac-secrets branch October 24, 2022 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anakinj anakinj anakinj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing HMAC_SECRET When HMAC Encoding Not Raising Proper Error
2 participants
@jonmchan @anakinj