aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php6
-rw-r--r--include/conversation.php2
-rw-r--r--include/crypto.php2
-rw-r--r--include/dir_fns.php10
-rw-r--r--include/queue_fn.php2
-rw-r--r--include/zot.php23
-rw-r--r--install/schema_mysql.sql1
-rw-r--r--install/schema_postgres.sql1
-rw-r--r--install/update.php11
9 files changed, 40 insertions, 18 deletions
diff --git a/boot.php b/boot.php
index aa1da5fdc..6c19d420c 100755
--- a/boot.php
+++ b/boot.php
@@ -51,7 +51,7 @@ define ( 'PLATFORM_NAME', 'hubzilla' );
define ( 'STD_VERSION', '1.15.1' );
define ( 'ZOT_REVISION', '1.1' );
-define ( 'DB_UPDATE_VERSION', 1184 );
+define ( 'DB_UPDATE_VERSION', 1185 );
/**
@@ -640,6 +640,10 @@ function sys_boot() {
define( 'DEFAULT_NOTIFY_ICON', '/images/hz-white-32.png' );
}
+ if(! defined('CRYPTO_ALGORITHM')) {
+ define( 'CRYPTO_ALGORITHM', 'aes256cbc' );
+ }
+
/*
* Try to open the database;
*/
diff --git a/include/conversation.php b/include/conversation.php
index f04fa89a0..16eacd73e 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -363,7 +363,7 @@ function localize_item(&$item){
if(intval($item['item_obscured'])
&& strlen($item['body']) && (! strpos($item['body'],'data'))) {
- $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey')));
+ $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey'), CRYPTO_ALGORITHM));
}
}
diff --git a/include/crypto.php b/include/crypto.php
index bc798d919..c67c4a1ef 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -315,7 +315,7 @@ function convert_salmon_key($key) {
function z_obscure($s) {
- return json_encode(crypto_encapsulate($s,get_config('system','pubkey')));
+ return json_encode(crypto_encapsulate($s,get_config('system','pubkey'),CRYPTO_ALGORITHM));
}
function z_unobscure($s) {
diff --git a/include/dir_fns.php b/include/dir_fns.php
index 03cc2706a..3922730fc 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -192,17 +192,19 @@ function sync_directories($dirmode) {
'site_update' => NULL_DATE,
'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
'site_realm' => DIRECTORY_REALM,
- 'site_valid' => 1
+ 'site_valid' => 1,
+ 'site_crypto' => 'aes256cbc'
);
- $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid )
- values ( '%s', %d, '%s', '%s', '%s', %d ) ",
+ $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid, site_crypto )
+ values ( '%s', %d, '%s', '%s', '%s', %d, '%s' ) ",
dbesc($r[0]['site_url']),
intval($r[0]['site_flags']),
dbesc($r[0]['site_update']),
dbesc($r[0]['site_directory']),
dbesc($r[0]['site_realm']),
- intval($r[0]['site_valid'])
+ intval($r[0]['site_valid']),
+ dbesc($r[0]['site_crypto'])
);
$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ",
diff --git a/include/queue_fn.php b/include/queue_fn.php
index 1e3126f77..0950faf85 100644
--- a/include/queue_fn.php
+++ b/include/queue_fn.php
@@ -93,7 +93,7 @@ function queue_deliver($outq, $immediate = false) {
// your site has existed. Since we don't know for sure what these sites are,
// call them unknown
- q("insert into site (site_url, site_update, site_dead, site_type) values ('%s','%s',0,%d) ",
+ q("insert into site (site_url, site_update, site_dead, site_type, site_crypto) values ('%s','%s',0,%d,'') ",
dbesc($base),
dbesc(datetime_convert()),
intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN)
diff --git a/include/zot.php b/include/zot.php
index 5c9fb4e82..565c9dce3 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -147,7 +147,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
// Hush-hush ultra top-secret mode
if ($remote_key) {
- $data = crypto_encapsulate(json_encode($data),$remote_key);
+ $data = crypto_encapsulate(json_encode($data),$remote_key, CRYPTO_ALGORITHM);
}
return json_encode($data);
@@ -398,7 +398,8 @@ function zot_refresh($them, $channel = null, $force = false) {
$permissions = crypto_unencapsulate(array(
'data' => $j['permissions']['data'],
'key' => $j['permissions']['key'],
- 'iv' => $j['permissions']['iv']),
+ 'iv' => $j['permissions']['iv'],
+ 'alg' => $j['permissions']['alg']),
$channel['channel_prvkey']);
if($permissions)
$permissions = json_decode($permissions,true);
@@ -1091,7 +1092,7 @@ function zot_fetch($arr) {
'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey')))
);
- $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey']));
+ $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], CRYPTO_ALGORITHM));
$fetch = zot_zot($url,$datatosend);
@@ -2851,6 +2852,7 @@ function import_site($arr, $pubkey) {
$site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false);
$site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false);
$site_project = htmlspecialchars($arr['project'],ENT_COMPAT,'UTF-8',false);
+ $site_crypto = ((array_key_exists('encryption',$arr)) ? implode(',', htmlspecialchars($arr['encryption'],ENT_COMPAT,'UTF-8',false)) : '');
$site_version = ((array_key_exists('version',$arr)) ? htmlspecialchars($arr['version'],ENT_COMPAT,'UTF-8',false) : '');
// You can have one and only one primary directory per realm.
@@ -2872,6 +2874,7 @@ function import_site($arr, $pubkey) {
|| ($siterecord['site_register'] != $register_policy)
|| ($siterecord['site_project'] != $site_project)
|| ($siterecord['site_realm'] != $site_realm)
+ || ($siterecord['site_crypto'] != $site_crypto)
|| ($siterecord['site_version'] != $site_version) ) {
$update = true;
@@ -2880,7 +2883,7 @@ function import_site($arr, $pubkey) {
// logger('import_site: stored: ' . print_r($siterecord,true));
- $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s'
+ $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s'
where site_url = '%s'",
dbesc($site_location),
intval($site_directory),
@@ -2893,6 +2896,7 @@ function import_site($arr, $pubkey) {
intval(SITE_TYPE_ZOT),
dbesc($site_project),
dbesc($site_version),
+ dbesc($site_crypto),
dbesc($url)
);
if(! $r) {
@@ -2910,8 +2914,8 @@ function import_site($arr, $pubkey) {
else {
$update = true;
- $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version )
- values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s' )",
+ $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version, site_crypto )
+ values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s', '%s' )",
dbesc($site_location),
dbesc($url),
intval($access_policy),
@@ -2923,7 +2927,8 @@ function import_site($arr, $pubkey) {
dbesc($site_realm),
intval(SITE_TYPE_ZOT),
dbesc($site_project),
- dbesc($site_version)
+ dbesc($site_version),
+ dbesc($site_crypto)
);
if(! $r) {
logger('import_site: record create failed. ' . print_r($arr,true));
@@ -3913,7 +3918,7 @@ function zotinfo($arr) {
$permissions['connected'] = true;
}
- $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions);
+ $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey, CRYPTO_ALGORITHM) : $permissions);
if($permissions['view_profile'])
$ret['profile'] = $profile;
@@ -4317,7 +4322,7 @@ function zot_reply_pickup($data) {
}
}
- $encrypted = crypto_encapsulate(json_encode($ret),$sitekey);
+ $encrypted = crypto_encapsulate(json_encode($ret),$sitekey, CRYPTO_ALGORITHM);
json_return_and_die($encrypted);
/* pickup: end */
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index 4cbcfc64d..e143e252a 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -1153,6 +1153,7 @@ CREATE TABLE IF NOT EXISTS `site` (
`site_type` smallint NOT NULL DEFAULT '0',
`site_project` char(255) NOT NULL DEFAULT '',
`site_version` varchar(32) NOT NULL DEFAULT '',
+ `site_crypto` text NOT NULL DEFAULT '',
PRIMARY KEY (`site_url`),
KEY `site_flags` (`site_flags`),
KEY `site_update` (`site_update`),
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index a682aa49d..b1b1c8474 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -1134,6 +1134,7 @@ CREATE TABLE "site" (
"site_type" smallint NOT NULL DEFAULT '0',
"site_project" text NOT NULL DEFAULT '',
"site_version" text NOT NULL DEFAULT '',
+ "site_crypto" text NOT NULL DEFAULT '',
PRIMARY KEY ("site_url")
);
create index "site_flags" on site ("site_flags");
diff --git a/install/update.php b/install/update.php
index 7e7104b74..dbf3a08ca 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1184 );
+define( 'UPDATE_VERSION' , 1185 );
/**
*
@@ -2463,3 +2463,12 @@ function update_r1183() {
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}
+
+function update_r1184() {
+
+ $r1 = q("alter table site add site_crypto text not null default '' ");
+
+ if($r1)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}