Conversation
Signed-off-by: Milen Pivchev <milen.pivchev@gmail.com>
5 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates push-notification payload decryption to support RSA OAEP in addition to the existing RSA PKCS#1 v1.5 scheme, aligning the iOS client with the “OAEP notification encryption” feature request.
Changes:
- Attempt RSA PKCS#1 v1.5 decryption first, then fall back to RSA OAEP decryption.
- Treat non-UTF8 decrypted bytes as a decryption failure and retry with OAEP.
Comments suppressed due to low confidence (1)
iOSClient/PushNotification/NCPushNotificationEncryption.m:135
- The cleanup at the end uses
free(bio)andfree(rsa), but these are OpenSSL-allocated types that should be released with the matching OpenSSL APIs (e.g.,BIO_freeandRSA_free/EVP_PKEY_free). Usingfree()here can leak internal allocations and can be unsafe across OpenSSL builds. Also consider freeing theEVP_PKEY *pkeyyou created earlier to avoid leaking it on success.
if (decrypted)
free(decrypted);
free(bio);
free(rsa);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tobiasKaminsky
requested changes
May 8, 2026
| if(decrypted_length == -1) { | ||
| NSString *decryptString = decrypted_length == -1 ? nil : [[NSString alloc] initWithBytes:decrypted length:decrypted_length encoding:NSUTF8StringEncoding]; | ||
|
|
||
| // Try decrypting with RSA OAEP padding |
Member
There was a problem hiding this comment.
Since oaep will be the future, please switch it around.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements: nextcloud/files-clients#124
First tries to decrypt with RSA PKCS#1 v1.5, then OAEP.
Tested on local instance with both encryption methods.