Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.

Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
2010-03-22 12:17:45 -07:00 · 2010-03-22 12:17:45 -07:00 · 27bfd1211d
parent 4168b9cec1
commit 27bfd1211d
3 changed files with 42 additions and 6 deletions
--- a/plugins/OStatus/classes/Magicsig.php
+++ b/plugins/OStatus/classes/Magicsig.php
@ -27,8 +27,6 @@
 * @link      http://status.net/
 */

-require_once 'Crypt/RSA.php';
-
 class Magicsig extends Memcached_DataObject
 {

@ -102,16 +100,16 @@ class Magicsig extends Memcached_DataObject

    public function generate($user_id)
    {
-        $rsa = new Crypt_RSA();
+        $rsa = new SafeCrypt_RSA();
        
        $keypair = $rsa->createKey();

        $rsa->loadKey($keypair['privatekey']);

-        $this->privateKey = new Crypt_RSA();
+        $this->privateKey = new SafeCrypt_RSA();
        $this->privateKey->loadKey($keypair['privatekey']);

-        $this->publicKey = new Crypt_RSA();
+        $this->publicKey = new SafeCrypt_RSA();
        $this->publicKey->loadKey($keypair['publickey']);
        
        $this->user_id = $user_id;
@ -163,7 +161,7 @@ class Magicsig extends Memcached_DataObject
    {
        common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")");

-        $rsa = new Crypt_RSA();
+        $rsa = new SafeCrypt_RSA();
        $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
        $rsa->setHash('sha256');
        $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256);
--- a/plugins/OStatus/lib/safecrypt_rsa.php
+++ b/plugins/OStatus/lib/safecrypt_rsa.php
@ -0,0 +1,18 @@
+<?php
+
+require_once 'Crypt/RSA.php';
+
+/**
+ * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
+ * in Math_BigInteger's wakeup function which spews notices to log or output.
+ * This wrapper replaces it with a version that survives serialization.
+ */
+class SafeCrypt_RSA extends Crypt_RSA
+{
+    function __construct()
+    {
+        parent::__construct();
+        $this->zero = new SafeMath_BigInteger();
+    }
+}
+
--- a/plugins/OStatus/lib/safemath_biginteger.php
+++ b/plugins/OStatus/lib/safemath_biginteger.php
@ -0,0 +1,20 @@
+<?php
+
+require_once 'Math/BigInteger.php';
+
+/**
+ * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
+ * in Math_BigInteger's wakeup function which spews notices to log or output.
+ * This wrapper replaces it with a version that survives serialization.
+ */
+class SafeMath_BigInteger extends Math_BigInteger
+{
+    function __wakeup()
+    {
+        if ($this->hex == '') {
+            $this->hex = '0';
+        }
+        parent::__wakeup();
+    }
+}
+