Skip to content
Snippets Groups Projects
Commit 9d5ab789 authored by Kristof De Jaeger's avatar Kristof De Jaeger
Browse files

Issue #3347454 by jurgenhaas, swentel: The new dependency PHPSecLib has a published CVE

parent 010ca9de
No related branches found
No related tags found
No related merge requests found
......@@ -21,7 +21,6 @@
"drupal/webfinger": "~1.0",
"drupal/nodeinfo": "~1.0",
"landrok/activitypub": "~0.5",
"phpseclib/phpseclib": "3.0.18",
"ext-json": "*"
},
"require-dev": {
......
......@@ -74,8 +74,7 @@ class ActivityPubSignature implements ActivityPubSignatureInterface {
try {
$plaintext = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: $digest";
$rsa = RSA::createKey()
->loadPrivateKey($this->getPrivateKey($private_key_path)
$rsa = RSA::loadPrivateKey($this->getPrivateKey($private_key_path)
)->withHash("sha256")->withPadding(RSA::SIGNATURE_PKCS1);
return $rsa->sign($plaintext);
......@@ -186,8 +185,7 @@ class ActivityPubSignature implements ActivityPubSignatureInterface {
//$plaintext = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: $digest";
if (!empty($data) && !empty($signature)) {
$rsa = RSA::createKey()
->loadPublicKey($publicKeyPem)
$rsa = RSA::loadPublicKey($publicKeyPem)
->withHash('sha256')
->withPadding(RSA::SIGNATURE_PKCS1);
$verified = $rsa->verify($data, base64_decode($signature, true));
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment