Merge branch '2.0'

2025-01-14 18:59:51 +00:00 · 2019-03-23 20:22:34 -05:00 · 2019-03-23 20:22:34 -05:00 · 34e065fec8
commit 34e065fec8
parent 539fc1a9b0 337d115179
3 changed files with 5 additions and 34 deletions
--- a/phpseclib/Common/Functions/Strings.php
+++ b/phpseclib/Common/Functions/Strings.php
@ -60,35 +60,6 @@ abstract class Strings
        return $substr;
    }

-    /**
-     * Performs blinded equality testing on strings
-     *
-     * Protects against a particular type of timing attack described.
-     *
-     * See {@link http://codahale.com/a-lesson-in-timing-attacks/ A Lesson In Timing Attacks (or, Don't use MessageDigest.isEquals)}
-     *
-     * Thanks for the heads up singpolyma!
-     *
-     * @access public
-     * @param string $x
-     * @param string $y
-     * @return bool
-     */
-    public static function equals($x, $y)
-    {
-        if (strlen($x) != strlen($y)) {
-            return false;
-        }
-
-        $result = "\0";
-        $x^= $y;
-        for ($i = 0; $i < strlen($x); $i++) {
-            $result|= $x[$i];
-        }
-
-        return $result === "\0";
-    }
-
    /**
     * Parse SSH2-style string
     *
--- a/phpseclib/Crypt/Common/Keys/PuTTY.php
+++ b/phpseclib/Crypt/Common/Keys/PuTTY.php
@ -155,7 +155,7 @@ abstract class PuTTY
        $hmac = trim(preg_replace('#Private-MAC: (.+)#', '$1', $key[$publicLength + $privateLength + 5]));
        $hmac = Hex::decode($hmac);

-        if (!Strings::equals($hash->hash($source), $hmac)) {
+        if (!hash_equals($hash->hash($source), $hmac)) {
            throw new \UnexpectedValueException('MAC validation error');
        }

--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -1236,7 +1236,7 @@ class RSA extends AsymmetricKey
        $db = $maskedDB ^ $dbMask;
        $lHash2 = substr($db, 0, $this->hLen);
        $m = substr($db, $this->hLen);
-        $hashesMatch = Strings::equals($lHash, $lHash2);
+        $hashesMatch = hash_equals($lHash, $lHash2);
        $leadingZeros = 1;
        $patternMatch = 0;
        $offset = 0;
@ -1463,7 +1463,7 @@ class RSA extends AsymmetricKey
        $salt = substr($db, $temp + 1); // should be $sLen long
        $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt;
        $h2 = $this->hash->hash($m2);
-        return Strings::equals($h, $h2);
+        return hash_equals($h, $h2);
    }

    /**
@ -1657,7 +1657,7 @@ class RSA extends AsymmetricKey
        }

        // Compare
-        return Strings::equals($em, $em2);
+        return hash_equals($em, $em2);
    }

    /**
@ -1747,7 +1747,7 @@ class RSA extends AsymmetricKey
        $em = $hash->hash($m);
        $em2 = $decoded['digest'];

-        return Strings::equals($em, $em2);
+        return hash_equals($em, $em2);
    }

    /**