harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Protocol: now set data['alg'] on all encapsulated encrypted packets, so that we can more easily retire 'aes256cbc' once it is no longer viable.

Browse Source
This commit is contained in:
friendica
2013-11-20 15:20:12 -08:00
parent f6c41e61ac
commit d7ee552c57
12 changed files with 62 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mod/post.php
View File

@@ -172,7 +172,7 @@ function post_post(&$a) {
*/
if(array_key_exists('iv',$data)) {
$data = aes_unencapsulate($data,get_config('system','prvkey'));
$data = crypto_unencapsulate($data,get_config('system','prvkey'));
logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA);
// susceptible to Bleichenbacher's attack
@@ -312,7 +312,7 @@ function post_post(&$a) {
);
}
}
$encrypted = aes_encapsulate(json_encode($ret),$sitekey);
$encrypted = crypto_encapsulate(json_encode($ret),$sitekey);
json_return_and_die($encrypted);
/** pickup: end */