use aes-ctr which is slightly/arguably better than a poke in the eye and don't restrict the crypto algorithm by server role.
This commit is contained in:
zotlabs
parent
7256579c16
commit
810d9e21bc
7
boot.php
7
boot.php
@ -604,10 +604,6 @@ function sys_boot() {
|
||||
define( 'DEFAULT_NOTIFY_ICON', '/images/rm-32.png' );
|
||||
}
|
||||
|
||||
if(! defined('CRYPTO_ALGORITHM')) {
|
||||
define( 'CRYPTO_ALGORITHM', 'aes256cbc' );
|
||||
}
|
||||
|
||||
/*
|
||||
* Try to open the database;
|
||||
*/
|
||||
@ -2300,10 +2296,7 @@ function cert_bad_email() {
|
||||
)
|
||||
]
|
||||
);
|
||||
<<<<<<< HEAD
|
||||
|
||||
=======
|
||||
>>>>>>> 95f4f14dca1ea982f67cccb31d860f7b8ed9055c
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -79,16 +79,16 @@ function STD_decrypt($data,$key,$iv) {
|
||||
return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
|
||||
}
|
||||
|
||||
function AES256GCM_encrypt($data,$key,$iv) {
|
||||
function AES256CTR_encrypt($data,$key,$iv) {
|
||||
$key = substr($key,0,32);
|
||||
$iv = substr($iv,0,12);
|
||||
return openssl_encrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
|
||||
$iv = substr($iv,0,16);
|
||||
return openssl_encrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
|
||||
}
|
||||
|
||||
function AES256GCM_decrypt($data,$key,$iv) {
|
||||
function AES256CTR_decrypt($data,$key,$iv) {
|
||||
$key = substr($key,0,32);
|
||||
$iv = substr($iv,0,12);
|
||||
return openssl_decrypt($data,'aes-256-gcm',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,12,"\0"));
|
||||
$iv = substr($iv,0,16);
|
||||
return openssl_decrypt($data,'aes-256-ctr',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0"));
|
||||
}
|
||||
|
||||
|
||||
@ -155,9 +155,6 @@ function other_encapsulate($data,$pubkey,$alg) {
|
||||
|
||||
function crypto_methods() {
|
||||
|
||||
if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
|
||||
return [ 'aes256cbc' ];
|
||||
|
||||
// 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv.
|
||||
// aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv.
|
||||
// other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a
|
||||
@ -165,7 +162,7 @@ function crypto_methods() {
|
||||
// The actual methods are responsible for deriving the actual key/iv from the provided parameters;
|
||||
// possibly by truncation or segmentation - though many other methods could be used.
|
||||
|
||||
$r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
|
||||
$r = [ 'aes256ctr', 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ];
|
||||
call_hooks('crypto_methods',$r);
|
||||
return $r;
|
||||
|
||||
|
||||
@ -165,9 +165,6 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
|
||||
|
||||
function zot_best_algorithm($methods) {
|
||||
|
||||
if(\Zotlabs\Lib\System::get_server_role() !== 'pro')
|
||||
return 'aes256cbc';
|
||||
|
||||
$x = [ 'methods' => $methods, 'result' => '' ];
|
||||
call_hooks('zot_best_algorithm',$x);
|
||||
if($x['result'])
|
||||
|
||||
Reference in New Issue
Block a user