octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-06-02 00:20:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.0'

Browse Source
This commit is contained in:
terrafrost 2024-04-10 04:46:02 -05:00
commit 1d9a6bf8b0
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog # Changelog
## 3.0.37 - 2024-03-02
- SSH2: don't set stream timeout if timeout is 0 (#1986)
## 3.0.36 - 2024-02-25 ## 3.0.36 - 2024-02-25
- BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354) - BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)

8
phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php
View File

@ -20,6 +20,7 @@ namespace phpseclib3\Crypt\Common\Formats\Keys;
use phpseclib3\Common\Functions\Strings; use phpseclib3\Common\Functions\Strings;
use phpseclib3\Crypt\AES; use phpseclib3\Crypt\AES;
use phpseclib3\Crypt\Random; use phpseclib3\Crypt\Random;
use phpseclib3\Exception\BadDecryptionException;
use phpseclib3\Exception\RuntimeException; use phpseclib3\Exception\RuntimeException;
use phpseclib3\Exception\UnexpectedValueException; use phpseclib3\Exception\UnexpectedValueException;
@ -97,7 +98,7 @@ abstract class OpenSSH
$crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32);
break; break;
default: default:
throw new RuntimeException('The only supported cipherse are: none, aes256-ctr (' . $ciphername . ' is being used)'); throw new RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)');
} }
[$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key); [$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key);
@ -108,7 +109,10 @@ abstract class OpenSSH
[$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey); [$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey);
// any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc. // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc.
if ($checkint1 != $checkint2) { if ($checkint1 != $checkint2) {
throw new RuntimeException('The two checkints do not match'); if (isset($crypto)) {
throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using');
}
throw new RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)");
} }
self::checkType($type); self::checkType($type);