diaspora sign/verify requires SHA0 hash algorithm

diff --git a/include/crypto.php b/include/crypto.php
index a75a9aa744130206b0630065879644f75ee6227c..a20606db540a5313b67b7dcb67e147df74e33a62 100644 (file)
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -9,7 +9,7 @@ function rsa_sign($data,$key,$alg = 'sha256') {
 
        $sig = '';
        if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
-               openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256'));
+               openssl_sign($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
     }
     else {
                if(strlen($key) < 1024 || extension_loaded('gmp')) {
@@ -31,7 +31,7 @@ function rsa_sign($data,$key,$alg = 'sha256') {
 function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 
        if (version_compare(PHP_VERSION, '5.3.0', '>=') || $alg === 'sha1') {
-               $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : 'sha256'));
+               $verify = openssl_verify($data,$sig,$key,(($alg == 'sha1') ? OPENSSL_ALGO_SHA1 : $alg));
     }
     else {
                if(strlen($key) <= 300 || extension_loaded('gmp')) {

diff --git a/include/diaspora.php b/include/diaspora.php
index d75a91b6d9496aa47e2630f05553f0af06c07b84..5ee10901c6f6bd6dd8908f76f6a40d89d36bfab1 100644 (file)
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -508,10 +508,9 @@ function diaspora_comment($importer,$xml,$msg) {
                }
        }
 
-       if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) {
+       if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
                logger('diaspora_comment: verification failed.');
-// until we figure out what is different about their signing algorithm, accept it
-//             return;
+               return;
        }
 
 
@@ -522,9 +521,9 @@ function diaspora_comment($importer,$xml,$msg) {
 
                $key = $msg['key'];
 
-               if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) {
+               if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
                        logger('diaspora_comment: owner verification failed.');
-//                     return;
+                       return;
                }
        }
 
@@ -677,9 +676,9 @@ function diaspora_like($importer,$xml,$msg) {
                }
        }
 
-       if(! rsa_verify($author_signed_data,$author_signature,$key,'sha1')) {
+       if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) {
                logger('diaspora_like: verification failed.');
-//             return;
+               return;
        }
 
        if($parent_author_signature) {
@@ -689,9 +688,9 @@ function diaspora_like($importer,$xml,$msg) {
 
                $key = $msg['key'];
 
-               if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha1')) {
+               if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) {
                        logger('diaspora_like: owner verification failed.');
-//                     return;
+                       return;
                }
        }
 
@@ -871,7 +870,7 @@ function diaspora_send_followup($item,$owner,$contact) {
        else
                $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr;
 
-       $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha1');
+       $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey']),'sha');
 
        $msg = replace_macros($tpl,array(
                '$guid' => xmlify($item['guid']),
@@ -939,7 +938,7 @@ function diaspora_send_relay($item,$owner,$contact) {
        else
                $parent_signed_text = $orig_sign['signed_text'];
 
-       $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha1'));
+       $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha'));
 
        $msg = replace_macros($tpl,array(
                '$guid' => xmlify($item['guid']),