diff options
author | Brion Vibber <brion@pobox.com> | 2010-03-22 12:17:45 -0700 |
---|---|---|
committer | Brion Vibber <brion@pobox.com> | 2010-03-22 12:17:45 -0700 |
commit | 27bfd1211d64298ee3c3b2d82d7b38ca1e1167ad (patch) | |
tree | 487110ff5e0d85e185e842d2d9d1c23087029844 /plugins | |
parent | 4168b9cec1f7b2e6421c018e56e3b9a13c14d581 (diff) |
Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.
Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/OStatus/classes/Magicsig.php | 10 | ||||
-rw-r--r-- | plugins/OStatus/lib/safecrypt_rsa.php | 18 | ||||
-rw-r--r-- | plugins/OStatus/lib/safemath_biginteger.php | 20 |
3 files changed, 42 insertions, 6 deletions
diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php index 5705ecc11..87c684c93 100644 --- a/plugins/OStatus/classes/Magicsig.php +++ b/plugins/OStatus/classes/Magicsig.php @@ -27,8 +27,6 @@ * @link http://status.net/ */ -require_once 'Crypt/RSA.php'; - class Magicsig extends Memcached_DataObject { @@ -102,16 +100,16 @@ class Magicsig extends Memcached_DataObject public function generate($user_id) { - $rsa = new Crypt_RSA(); + $rsa = new SafeCrypt_RSA(); $keypair = $rsa->createKey(); $rsa->loadKey($keypair['privatekey']); - $this->privateKey = new Crypt_RSA(); + $this->privateKey = new SafeCrypt_RSA(); $this->privateKey->loadKey($keypair['privatekey']); - $this->publicKey = new Crypt_RSA(); + $this->publicKey = new SafeCrypt_RSA(); $this->publicKey->loadKey($keypair['publickey']); $this->user_id = $user_id; @@ -163,7 +161,7 @@ class Magicsig extends Memcached_DataObject { common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")"); - $rsa = new Crypt_RSA(); + $rsa = new SafeCrypt_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; $rsa->setHash('sha256'); $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256); diff --git a/plugins/OStatus/lib/safecrypt_rsa.php b/plugins/OStatus/lib/safecrypt_rsa.php new file mode 100644 index 000000000..f3aa2c928 --- /dev/null +++ b/plugins/OStatus/lib/safecrypt_rsa.php @@ -0,0 +1,18 @@ +<?php + +require_once 'Crypt/RSA.php'; + +/** + * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug + * in Math_BigInteger's wakeup function which spews notices to log or output. + * This wrapper replaces it with a version that survives serialization. + */ +class SafeCrypt_RSA extends Crypt_RSA +{ + function __construct() + { + parent::__construct(); + $this->zero = new SafeMath_BigInteger(); + } +} + diff --git a/plugins/OStatus/lib/safemath_biginteger.php b/plugins/OStatus/lib/safemath_biginteger.php new file mode 100644 index 000000000..c05e24d1e --- /dev/null +++ b/plugins/OStatus/lib/safemath_biginteger.php @@ -0,0 +1,20 @@ +<?php + +require_once 'Math/BigInteger.php'; + +/** + * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug + * in Math_BigInteger's wakeup function which spews notices to log or output. + * This wrapper replaces it with a version that survives serialization. + */ +class SafeMath_BigInteger extends Math_BigInteger +{ + function __wakeup() + { + if ($this->hex == '') { + $this->hex = '0'; + } + parent::__wakeup(); + } +} + |