octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-06-01 08:00:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.0'

Browse Source
This commit is contained in:
terrafrost 2019-03-08 08:02:54 -06:00
commit 37df27a4af
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
phpseclib/Common/Functions/Strings.php
View File

@ -80,12 +80,13 @@ abstract class Strings
return false;
}
$result = 0;
$result = "\0";
$x^= $y;
for ($i = 0; $i < strlen($x); $i++) {
$result |= ord($x[$i]) ^ ord($y[$i]);
$result|= $x[$i];
}
return $result == 0;
return $result === "\0";
}
/**

21
phpseclib/Crypt/RSA.php
View File

@ -434,8 +434,7 @@ class RSA extends AsymmetricKey
* @return bool
* @access public
* @param string|RSA|array $key
* @param bool|int $type optional
* @return bool
* @param int|bool $type optional
*/
public function load($key, $type = false)
{
@ -1237,17 +1236,25 @@ class RSA extends AsymmetricKey
$db = $maskedDB ^ $dbMask;
$lHash2 = substr($db, 0, $this->hLen);
$m = substr($db, $this->hLen);
if (!Strings::equals($lHash, $lHash2)) {
return false;
$hashesMatch = Strings::equals($lHash, $lHash2);
$leadingZeros = 1;
$patternMatch = 0;
$offset = 0;
for ($i = 0; $i < strlen($m); $i++) {
$patternMatch|= $leadingZeros & ($m[$i] === "\1");
$leadingZeros&= $m[$i] === "\0";
$offset+= $patternMatch ? 0 : 1;
}
$m = ltrim($m, chr(0));
if (ord($m[0]) != 1) {
// we do & instead of && to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
// to protect against timing attacks
if (!$hashesMatch & !$patternMatch) {
return false;
}
// Output the message M
return substr($m, 1);
return substr($m, $offset + 1);
}
/**