From c3560c2d4d9eba9202714656b2ef303602583467 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@gmail.com>
Date: Fri, 11 Jun 2021 12:01:51 -0500
Subject: [PATCH 1/2] RSA: OAEP decryption didn't check labels correctly

---
 phpseclib/Crypt/RSA.php           |  4 +--
 tests/Unit/Crypt/RSA/ModeTest.php | 46 +++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index 49a61f3b..ce0ab64c 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -2664,9 +2664,9 @@ class Crypt_RSA
             $offset+= $patternMatch ? 0 : 1;
         }
 
-        // we do & instead of && to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
+        // we do | instead of || to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
         // to protect against timing attacks
-        if (!$hashesMatch & !$patternMatch) {
+        if (!$hashesMatch | !$patternMatch) {
             user_error('Decryption error');
             return false;
         }
diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php
index e900be3d..c7ecf534 100644
--- a/tests/Unit/Crypt/RSA/ModeTest.php
+++ b/tests/Unit/Crypt/RSA/ModeTest.php
@@ -137,4 +137,50 @@ E252896950917476ECE5E8FC27D5F053D6018D91B502C4787558A002B9283DA7', 16),
         $rsa->setHash('sha256');
         $this->assertTrue($rsa->verify($message, $signature));
     }
+
+    /**
+     * @group github1669
+     */
+    public function testOAEPWithLabel()
+    {
+        $publicKey = new Crypt_RSA();
+        $publicKey->loadKey('-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnkFHQbt801+kMnxn0VmMVljp8
+XdsbLEziLul3MwwckBDHwW6UDvYjN7vzJ/OM2RTxTbzilDcXJ37Zqz4qlDvXwSNm
+gIe+3dpuuRQRrJuJP6FD8zDTkRmg3QWOIIPBTzCqOtJKgWjFwMMxfCOBFEv6Ldn5
+Ac0i9ARl0/aNTWjvGwIDAQAB
+-----END PUBLIC KEY-----');
+
+        $privateKey = new Crypt_RSA();
+        $privateKey->loadKey('-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKeQUdBu3zTX6Qyf
+GfRWYxWWOnxd2xssTOIu6XczDByQEMfBbpQO9iM3u/Mn84zZFPFNvOKUNxcnftmr
+PiqUO9fBI2aAh77d2m65FBGsm4k/oUPzMNORGaDdBY4gg8FPMKo60kqBaMXAwzF8
+I4EUS/ot2fkBzSL0BGXT9o1NaO8bAgMBAAECgYAO2OPW8ywF86ervaFAHDN1YzVV
+db+HXdqGJB/9tuE42q8R9BrHNbgrkLGvrveOoGGRrBCzhuyGubIsuVat0SqoI6qE
+nB9uahaIBfF5FZ7+bNW5OfkgerUUYP1S1MGFxUqINnUY1YHITmo6pUKHsiJtP7si
+hnCT6uEx8LqVNf1quQJBANs+VCZVUDq6eMy3E/u03HiAB8cyqLVMVQ4cLyoiWmFl
+nEFzZwMd20ZMjtcxICiizW3dlDvyxWYKH93irL0JyM0CQQDDp/VFsh83vKICVvM9
+IZHwE/Z8vZA3eTkGbWmgnr6qaxqge3FU02kUvIHHlvLmXYIt30lTq0Rn+Lz+TGV/
+jDeHAkBHYSaSiGojhLx5og1+gKbbEIv3vbWRuTVj76cnZ6HXXfaelIzwRdMzMw+6
+XgMjV8XcRCzTy7ma/Cbd3cPxk/LtAkEAwkehMVexz/KrHI+icG1JMI9iDnNdJPhm
+O4+hdzCqOyanBfwNiSF0Encslze4ci8f+NTjRwWlo2hGomzRzFk7OQJAPPd/o0az
+kg9nF+JxLiz7hF+/6MLVZgIfw04u05ANtOSVVQP4UTmJ/tNAe3OBUQVlRQAJ1m3j
+zUlir0ACPypC1Q==
+-----END PRIVATE KEY-----');
+
+        $data = 'The quick brown fox jumps over the lazy dog';
+
+        $ciphertext = $publicKey->_rsaes_oaep_encrypt($data, 'whatever');
+
+        try {
+            $this->assertFalse($privateKey->decrypt($ciphertext));
+            $this->fail('Ciphertext should not have decrypted');
+        } catch (\Exception $e) {
+        }
+
+        $decrypted = $privateKey->_rsaes_oaep_decrypt($ciphertext, 'whatever');
+
+        $this->assertSame($data, $decrypted);
+    }
 }

From f5c4c19880d45d0be3e7d24ae8ac434844a898cd Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@gmail.com>
Date: Sat, 12 Jun 2021 07:12:59 -0500
Subject: [PATCH 2/2] Tests/RSA: update unit test for 2.0

---
 tests/Unit/Crypt/RSA/ModeTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php
index c3ea2603..43ad398d 100644
--- a/tests/Unit/Crypt/RSA/ModeTest.php
+++ b/tests/Unit/Crypt/RSA/ModeTest.php
@@ -144,7 +144,7 @@ E252896950917476ECE5E8FC27D5F053D6018D91B502C4787558A002B9283DA7', 16),
      */
     public function testOAEPWithLabel()
     {
-        $publicKey = new Crypt_RSA();
+        $publicKey = new RSA();
         $publicKey->loadKey('-----BEGIN PUBLIC KEY-----
 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnkFHQbt801+kMnxn0VmMVljp8
 XdsbLEziLul3MwwckBDHwW6UDvYjN7vzJ/OM2RTxTbzilDcXJ37Zqz4qlDvXwSNm
@@ -152,7 +152,7 @@ gIe+3dpuuRQRrJuJP6FD8zDTkRmg3QWOIIPBTzCqOtJKgWjFwMMxfCOBFEv6Ldn5
 Ac0i9ARl0/aNTWjvGwIDAQAB
 -----END PUBLIC KEY-----');
 
-        $privateKey = new Crypt_RSA();
+        $privateKey = new RSA();
         $privateKey->loadKey('-----BEGIN PRIVATE KEY-----
 MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKeQUdBu3zTX6Qyf
 GfRWYxWWOnxd2xssTOIu6XczDByQEMfBbpQO9iM3u/Mn84zZFPFNvOKUNxcnftmr