Add OAEP notification encryption#4103
Conversation
Signed-off-by: Milen Pivchev <milen.pivchev@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR updates push-notification payload decryption to support RSA OAEP in addition to the existing RSA PKCS#1 v1.5 scheme, aligning the iOS client with the “OAEP notification encryption” feature request.
Changes:
- Attempt RSA PKCS#1 v1.5 decryption first, then fall back to RSA OAEP decryption.
- Treat non-UTF8 decrypted bytes as a decryption failure and retry with OAEP.
Comments suppressed due to low confidence (1)
iOSClient/PushNotification/NCPushNotificationEncryption.m:135
- The cleanup at the end uses
free(bio)andfree(rsa), but these are OpenSSL-allocated types that should be released with the matching OpenSSL APIs (e.g.,BIO_freeandRSA_free/EVP_PKEY_free). Usingfree()here can leak internal allocations and can be unsafe across OpenSSL builds. Also consider freeing theEVP_PKEY *pkeyyou created earlier to avoid leaking it on success.
if (decrypted)
free(decrypted);
free(bio);
free(rsa);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if(decrypted_length == -1) { | ||
| NSString *decryptString = decrypted_length == -1 ? nil : [[NSString alloc] initWithBytes:decrypted length:decrypted_length encoding:NSUTF8StringEncoding]; | ||
|
|
||
| // Try decrypting with RSA OAEP padding |
There was a problem hiding this comment.
Since oaep will be the future, please switch it around.
There was a problem hiding this comment.
Will do. Just FYI talk also checks PKCS first: https://github.com/nextcloud/talk-ios/pull/2491/changes
There was a problem hiding this comment.
But Android not.
And since the new will be soon the default, it is better.
Signed-off-by: Milen Pivchev <milen.pivchev@gmail.com>
Implements: nextcloud/files-clients#124
First tries to decrypt with RSA PKCS#1 v1.5, then OAEP.
Tested on local instance with both encryption methods.