fallback sha256 openssl_verify code for php releases prior to 5.3

author Friendika <info@friendika.com>

Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)

committer Friendika <info@friendika.com>

Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)
author Friendika <info@friendika.com>
Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)
committer Friendika <info@friendika.com>
Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)
diff --git a/mod/receive.php b/mod/receive.php

index 188f55f21edf3cb98fabf8ef00a8d5f4311670a6..f5a2eb7b6e62032a3ea591095fe58db8ed2cf794 100644 (file)
--- a/mod/receive.php
+++ b/mod/receive.php
@@ -194,7 +194,7 @@ function receive_post(&$a) {
  
         logger('mod-diaspora: Fetching key for ' . $author_link );
  
-// Get diaspora public key (pkcs#1) and convert to pkcs#8
+       // Get diaspora public key (pkcs#1) and convert to pkcs#8
         $key = get_diaspora_key($author_link);
  
         if(! $key) {
@@ -202,14 +202,17 @@ function receive_post(&$a) {
                 receive_return(400);
         }
  
+       $verify = false;
  
         if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
         $verify = openssl_verify($signed_data,$signature,$key,'sha256');
         }
         else {
-               // FIXME
                 // fallback sha256 verify for PHP < 5.3
-
+               $rawsig = '';
+               $hash = hash('sha256',$signed_data,true);
+               openssl_public_decrypt($signature,$rawsig,$key);
+               $verify = (($rawsig && substr($rawsig,-32) === $hash) ? true : false);
         }
  
         if(! $verify) {
author	Friendika <info@friendika.com>
	Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)
committer	Friendika <info@friendika.com>
	Fri, 5 Aug 2011 12:37:42 +0000 (05:37 -0700)