diff options
author | zotlabs <mike@macgirvin.com> | 2018-02-19 15:44:18 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2018-02-19 15:44:18 -0800 |
commit | b6b4827680d14bcb0062bba4a272f661bbb33d8c (patch) | |
tree | 146c0a1bbd526101438bd47803328fdb26b10f85 | |
parent | a310cb2fbb35ca8445a395513c88e09db17516d4 (diff) | |
download | volse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.tar.gz volse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.tar.bz2 volse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.zip |
OAEP padding mismatch on some newer encryption methods
-rw-r--r-- | include/crypto.php | 13 | ||||
-rw-r--r-- | include/zot.php | 3 |
2 files changed, 7 insertions, 9 deletions
diff --git a/include/crypto.php b/include/crypto.php index b732b17ad..f9cf20deb 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -126,11 +126,11 @@ function other_encapsulate($data,$pubkey,$alg) { if(strpos($alg,'.oaep')) { $oaep = true; - $alg = substr($alg,0,-5); + $subalg = substr($alg,0,-5); } - $fn = strtoupper($alg) . '_encrypt'; + $fn = strtoupper($subalg) . '_encrypt'; if(function_exists($fn)) { // A bit hesitant to use openssl_random_pseudo_bytes() as we know @@ -160,7 +160,7 @@ function other_encapsulate($data,$pubkey,$alg) { return $result; } else { - $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ]; + $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $subalg, 'result' => $data ]; call_hooks('other_encapsulate', $x); return $x['result']; } @@ -215,6 +215,7 @@ function aes_encapsulate($data,$pubkey) { function crypto_unencapsulate($data,$prvkey) { if(! $data) return; + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); @@ -229,18 +230,18 @@ function other_unencapsulate($data,$prvkey,$alg) { if(strpos($alg,'.oaep')) { $oaep = true; - $alg = substr($alg,0,-5); + $subalg = substr($alg,0,-5); } - $fn = strtoupper($alg) . '_decrypt'; + $fn = strtoupper($subalg) . '_decrypt'; if(function_exists($fn)) { openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); return $fn(base64url_decode($data['data']),$k,$i); } else { - $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data ]; + $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $subalg, 'result' => $data ]; call_hooks('other_unencapsulate',$x); return $x['result']; } diff --git a/include/zot.php b/include/zot.php index b88b7495e..1042f09d9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1235,8 +1235,6 @@ function zot_fetch($arr) { */ function zot_import($arr, $sender_url) { - logger('arr: ' . print_r($arr,true)); - $data = json_decode($arr['body'], true); if(! $data) { @@ -5080,7 +5078,6 @@ function zot6_check_sig() { if($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); - logger('verified: ' . print_r($verified,true)); if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) { $ret['hubloc'] = $hubloc; $ret['success'] = true; |