From 71e84a3b514b6a2630dfd7f658f4e7597424d6e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Wed, 9 Nov 2011 19:48:56 -0200
Subject: Deprecated ActiveSupport::MessageEncryptor#encrypt and decrypt.

---
 .../lib/active_support/message_encryptor.rb        | 49 ++++++++++++++--------
 1 file changed, 32 insertions(+), 17 deletions(-)

(limited to 'activesupport/lib/active_support/message_encryptor.rb')

diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index e14386a85d..5ab0cc83a7 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -18,13 +18,39 @@ module ActiveSupport
         ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to specify the cipher algorithm."
         options = { :cipher => options }
       end
-      
+
       @secret = secret
       @cipher = options[:cipher] || 'aes-256-cbc'
       @serializer = options[:serializer] || Marshal
     end
 
     def encrypt(value)
+      ActiveSupport::Deprecation.warn "MessageEncryptor#encrypt is deprecated as it is not safe without a signature. " \
+        "Please use MessageEncryptor#encrypt_and_sign instead."
+      _encrypt(value)
+    end
+
+    def decrypt(value)
+      ActiveSupport::Deprecation.warn "MessageEncryptor#decrypt is deprecated as it is not safe without a signature. " \
+        "Please use MessageEncryptor#decrypt_and_verify instead."
+      _decrypt(value)
+    end
+
+    # Encrypt and sign a message. We need to sign the message in order to avoid padding attacks.
+    # Reference: http://www.limited-entropy.com/padding-oracle-attacks
+    def encrypt_and_sign(value)
+      verifier.generate(_encrypt(value))
+    end
+
+    # Decrypt and verify a message. We need to verify the message in order to avoid padding attacks.
+    # Reference: http://www.limited-entropy.com/padding-oracle-attacks
+    def decrypt_and_verify(value)
+      _decrypt(verifier.verify(value))
+    end
+
+    private
+
+    def _encrypt(value)
       cipher = new_cipher
       # Rely on OpenSSL for the initialization vector
       iv = cipher.random_iv
@@ -39,7 +65,7 @@ module ActiveSupport
       [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
     end
 
-    def decrypt(encrypted_message)
+    def _decrypt(encrypted_message)
       cipher = new_cipher
       encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)}
 
@@ -55,23 +81,12 @@ module ActiveSupport
       raise InvalidMessage
     end
 
-    def encrypt_and_sign(value)
-      verifier.generate(encrypt(value))
+    def new_cipher
+      OpenSSL::Cipher::Cipher.new(@cipher)
     end
 
-    def decrypt_and_verify(value)
-      decrypt(verifier.verify(value))
+    def verifier
+      MessageVerifier.new(@secret)
     end
-
-
-
-    private
-      def new_cipher
-        OpenSSL::Cipher::Cipher.new(@cipher)
-      end
-
-      def verifier
-        MessageVerifier.new(@secret)
-      end
   end
 end
-- 
cgit v1.2.3


From a625523e755421b0f96fe5b0a885462ef51582b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Wed, 9 Nov 2011 20:11:46 -0200
Subject: Don't marshal dump twice when using encryptor.

---
 activesupport/lib/active_support/message_encryptor.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'activesupport/lib/active_support/message_encryptor.rb')

diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index 5ab0cc83a7..9ef2b29580 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -10,6 +10,16 @@ module ActiveSupport
   # This can be used in situations similar to the <tt>MessageVerifier</tt>, but where you don't
   # want users to be able to determine the value of the payload.
   class MessageEncryptor
+    module NullSerializer #:nodoc:
+      def self.load(value)
+        value
+      end
+
+      def self.dump(value)
+        value
+      end
+    end
+
     class InvalidMessage < StandardError; end
     OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
 
@@ -21,6 +31,7 @@ module ActiveSupport
 
       @secret = secret
       @cipher = options[:cipher] || 'aes-256-cbc'
+      @verifier = MessageVerifier.new(@secret, :serializer => NullSerializer)
       @serializer = options[:serializer] || Marshal
     end
 
@@ -86,7 +97,7 @@ module ActiveSupport
     end
 
     def verifier
-      MessageVerifier.new(@secret)
+      @verifier
     end
   end
 end
-- 
cgit v1.2.3