aboutsummaryrefslogtreecommitdiffstats
path: root/include/crypto.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-02-19 15:44:18 -0800
committerzotlabs <mike@macgirvin.com>2018-02-19 15:44:18 -0800
commitb6b4827680d14bcb0062bba4a272f661bbb33d8c (patch)
tree146c0a1bbd526101438bd47803328fdb26b10f85 /include/crypto.php
parenta310cb2fbb35ca8445a395513c88e09db17516d4 (diff)
downloadvolse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.tar.gz
volse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.tar.bz2
volse-hubzilla-b6b4827680d14bcb0062bba4a272f661bbb33d8c.zip
OAEP padding mismatch on some newer encryption methods
Diffstat (limited to 'include/crypto.php')
-rw-r--r--include/crypto.php13
1 files changed, 7 insertions, 6 deletions
diff --git a/include/crypto.php b/include/crypto.php
index b732b17ad..f9cf20deb 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -126,11 +126,11 @@ function other_encapsulate($data,$pubkey,$alg) {
if(strpos($alg,'.oaep')) {
$oaep = true;
- $alg = substr($alg,0,-5);
+ $subalg = substr($alg,0,-5);
}
- $fn = strtoupper($alg) . '_encrypt';
+ $fn = strtoupper($subalg) . '_encrypt';
if(function_exists($fn)) {
// A bit hesitant to use openssl_random_pseudo_bytes() as we know
@@ -160,7 +160,7 @@ function other_encapsulate($data,$pubkey,$alg) {
return $result;
}
else {
- $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ];
+ $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $subalg, 'result' => $data ];
call_hooks('other_encapsulate', $x);
return $x['result'];
}
@@ -215,6 +215,7 @@ function aes_encapsulate($data,$pubkey) {
function crypto_unencapsulate($data,$prvkey) {
if(! $data)
return;
+
$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
if($alg === 'aes256cbc')
return aes_unencapsulate($data,$prvkey);
@@ -229,18 +230,18 @@ function other_unencapsulate($data,$prvkey,$alg) {
if(strpos($alg,'.oaep')) {
$oaep = true;
- $alg = substr($alg,0,-5);
+ $subalg = substr($alg,0,-5);
}
- $fn = strtoupper($alg) . '_decrypt';
+ $fn = strtoupper($subalg) . '_decrypt';
if(function_exists($fn)) {
openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING));
return $fn(base64url_decode($data['data']),$k,$i);
}
else {
- $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data ];
+ $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $subalg, 'result' => $data ];
call_hooks('other_unencapsulate',$x);
return $x['result'];
}