Remove unnecessary top-level MD5 digester functions that cause an exception on FIPS-enabled systems when the www-authenticate module is loaded via require. The MD5 digester functions are already created on demand when using DIGEST authentication.

stevebio · stevebio · commit ab1162959f18 · 2025-09-22T11:12:36.000-07:00
Use Buffer.from rather than deprecated new Buffer constructor form.
Move the Parser_Authenticate_Info prototype statement to after the definition of the function.
Add copyright to www-authenticate.
diff --git a/lib/www-authenticate-patched/md5.js b/lib/www-authenticate-patched/md5.js
@@ -1,6 +1,4 @@
-var crypto= require('crypto')
-  , md5sum = crypto.createHash('md5')
-  ;
+var crypto= require('crypto');
 
 function md5(s) {
   return crypto.createHash('md5').update(s).digest('hex');
diff --git a/lib/www-authenticate-patched/parsers.js b/lib/www-authenticate-patched/parsers.js
@@ -88,8 +88,6 @@ function Parse_WWW_Authenticate(to_parse)
   }
 }
 
-Parse_Authentication_Info.prototype.parse_params= parse_params;
-
 function Parse_Authentication_Info(to_parse)
 {
   this.scheme= 'Digest';
@@ -102,6 +100,7 @@ function Parse_Authentication_Info(to_parse)
   }
 }
 
+Parse_Authentication_Info.prototype.parse_params= parse_params;
 Parse_WWW_Authenticate.prototype.parse_params= parse_params;
 
 module.exports = {
diff --git a/lib/www-authenticate-patched/user-credentials.js b/lib/www-authenticate-patched/user-credentials.js
@@ -16,9 +16,9 @@ function user_credentials(username,password,options) {
     ''
     :
       (!password && password !== '' ?
-        new Buffer(username, "ascii").toString("base64")
+        Buffer.from(username, "ascii").toString("base64")
       :
-        new Buffer(username+':'+password, "ascii").toString("base64")
+        Buffer.from(username+':'+password, "ascii").toString("base64")
       )
   function Credentials()
   {
diff --git a/lib/www-authenticate-patched/www-authenticate.js b/lib/www-authenticate-patched/www-authenticate.js
@@ -1,4 +1,3 @@
-
 /*
  * www-authenticate
  * https://github.com/randymized/www-authenticate
@@ -7,10 +6,12 @@
  * Licensed under the MIT license.
  */
 
+/*
+* Copyright © 2015-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+*/
 'use strict';
 
 var crypto= require('crypto')
-  , md5sum = crypto.createHash('md5')
   , parsers= require('./parsers')
   , md5= require('./md5')
   , user_credentials= require('./user-credentials')

Original file line number	Diff line number	Diff line change
`@@ -88,8 +88,6 @@ function Parse_WWW_Authenticate(to_parse)`
`88`	`88`	`}`
`89`	`89`	`}`
`90`	`90`
`91`		`-Parse_Authentication_Info.prototype.parse_params= parse_params;`
`92`		`-`
`93`	`91`	`function Parse_Authentication_Info(to_parse)`
`94`	`92`	`{`
`95`	`93`	`this.scheme= 'Digest';`
`@@ -102,6 +100,7 @@ function Parse_Authentication_Info(to_parse)`
`102`	`100`	`}`
`103`	`101`	`}`
`104`	`102`
	`103`	`+Parse_Authentication_Info.prototype.parse_params= parse_params;`
`105`	`104`	`Parse_WWW_Authenticate.prototype.parse_params= parse_params;`
`106`	`105`
`107`	`106`	`module.exports = {`
Original file line number	Diff line number	Diff line change
`@@ -16,9 +16,9 @@ function user_credentials(username,password,options) {`
`16`	`16`	`''`
`17`	`17`	`:`
`18`	`18`	`(!password && password !== '' ?`
`19`		`- new Buffer(username, "ascii").toString("base64")`
	`19`	`+ Buffer.from(username, "ascii").toString("base64")`
`20`	`20`	`:`
`21`		`- new Buffer(username+':'+password, "ascii").toString("base64")`
	`21`	`+ Buffer.from(username+':'+password, "ascii").toString("base64")`
`22`	`22`	`)`
`23`	`23`	`function Credentials()`
`24`	`24`	`{`