Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.

Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
This commit is contained in:
Brion Vibber 2010-03-22 12:17:45 -07:00
parent 4168b9cec1
commit 27bfd1211d
3 changed files with 42 additions and 6 deletions

View File

@ -27,8 +27,6 @@
* @link http://status.net/ * @link http://status.net/
*/ */
require_once 'Crypt/RSA.php';
class Magicsig extends Memcached_DataObject class Magicsig extends Memcached_DataObject
{ {
@ -102,16 +100,16 @@ class Magicsig extends Memcached_DataObject
public function generate($user_id) public function generate($user_id)
{ {
$rsa = new Crypt_RSA(); $rsa = new SafeCrypt_RSA();
$keypair = $rsa->createKey(); $keypair = $rsa->createKey();
$rsa->loadKey($keypair['privatekey']); $rsa->loadKey($keypair['privatekey']);
$this->privateKey = new Crypt_RSA(); $this->privateKey = new SafeCrypt_RSA();
$this->privateKey->loadKey($keypair['privatekey']); $this->privateKey->loadKey($keypair['privatekey']);
$this->publicKey = new Crypt_RSA(); $this->publicKey = new SafeCrypt_RSA();
$this->publicKey->loadKey($keypair['publickey']); $this->publicKey->loadKey($keypair['publickey']);
$this->user_id = $user_id; $this->user_id = $user_id;
@ -163,7 +161,7 @@ class Magicsig extends Memcached_DataObject
{ {
common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")"); common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")");
$rsa = new Crypt_RSA(); $rsa = new SafeCrypt_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256'); $rsa->setHash('sha256');
$rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256); $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256);

View File

@ -0,0 +1,18 @@
<?php
require_once 'Crypt/RSA.php';
/**
* Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
* in Math_BigInteger's wakeup function which spews notices to log or output.
* This wrapper replaces it with a version that survives serialization.
*/
class SafeCrypt_RSA extends Crypt_RSA
{
function __construct()
{
parent::__construct();
$this->zero = new SafeMath_BigInteger();
}
}

View File

@ -0,0 +1,20 @@
<?php
require_once 'Math/BigInteger.php';
/**
* Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
* in Math_BigInteger's wakeup function which spews notices to log or output.
* This wrapper replaces it with a version that survives serialization.
*/
class SafeMath_BigInteger extends Math_BigInteger
{
function __wakeup()
{
if ($this->hex == '') {
$this->hex = '0';
}
parent::__wakeup();
}
}