From 5d85d5eca11b1a0769d674b6a71d3c362a66452f Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 17 Jan 2016 09:45:13 -0600 Subject: [PATCH] RSA: error out when encrypting strings that are too long --- phpseclib/Crypt/RSA.php | 75 +++++-------------------------- tests/Unit/Crypt/RSA/ModeTest.php | 2 +- 2 files changed, 12 insertions(+), 65 deletions(-) diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 947ce1c9..ac94255a 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -1667,9 +1667,14 @@ class RSA * @access private * @param string $m * @return bool|string + * @throws \OutOfBoundsException if strlen($m) > $this->k */ function _raw_encrypt($m) { + if (strlen($m) > $this->k) { + throw new \OutOfBoundsException('Message too long'); + } + $temp = $this->_os2ip($m); $temp = $this->_rsaep($temp); return $this->_i2osp($temp, $this->k); @@ -2167,50 +2172,13 @@ class RSA { switch ($padding) { case self::PADDING_NONE: - $plaintext = str_split($plaintext, $this->k); - $ciphertext = ''; - foreach ($plaintext as $m) { - $temp = $this->_raw_encrypt($m); - if ($temp === false) { - return false; - } - $ciphertext.= $temp; - } - return $ciphertext; + return $this->_raw_encrypt($plaintext); case self::PADDING_PKCS15_COMPAT: case self::PADDING_PKCS1: - $length = $this->k - 11; - if ($length <= 0) { - throw new \LengthException('RSA modulus too short (' . $this->k . ' bytes long; should be more than 11 bytes with PKCS1)'); - } - - $plaintext = str_split($plaintext, $length); - $ciphertext = ''; - foreach ($plaintext as $m) { - $temp = $this->_rsaes_pkcs1_v1_5_encrypt($m, $padding == self::PADDING_PKCS15_COMPAT); - if ($temp === false) { - return false; - } - $ciphertext.= $temp; - } - return $ciphertext; + return $this->_rsaes_pkcs1_v1_5_encrypt($plaintext, $padding == self::PADDING_PKCS15_COMPAT); //case self::PADDING_OAEP: default: - $length = $this->k - 2 * $this->hLen - 2; - if ($length <= 0) { - throw new \LengthException('RSA modulus too short (' . $this->k . ' bytes long; should be more than ' . (2 * $this->hLen + 2) . ' bytes with OAEP / ' . $this->hashName . ')'); - } - - $plaintext = str_split($plaintext, $length); - $ciphertext = ''; - foreach ($plaintext as $m) { - $temp = $this->_rsaes_oaep_encrypt($m); - if ($temp === false) { - return false; - } - $ciphertext.= $temp; - } - return $ciphertext; + return $this->_rsaes_oaep_encrypt($plaintext); } } @@ -2225,36 +2193,15 @@ class RSA */ function decrypt($ciphertext, $padding = self::PADDING_OAEP) { - if ($this->k <= 0) { - return false; - } - - $ciphertext = str_split($ciphertext, $this->k); - $ciphertext[count($ciphertext) - 1] = str_pad($ciphertext[count($ciphertext) - 1], $this->k, chr(0), STR_PAD_LEFT); - - $plaintext = ''; - switch ($padding) { case self::PADDING_NONE: - $decrypt = '_raw_encrypt'; - break; + return $this->_raw_encrypt($ciphertext); case self::PADDING_PKCS1: - $decrypt = '_rsaes_pkcs1_v1_5_decrypt'; - break; + return $this->_rsaes_pkcs1_v1_5_decrypt($ciphertext); //case self::PADDING_OAEP: default: - $decrypt = '_rsaes_oaep_decrypt'; + return $this->_rsaes_oaep_decrypt($ciphertext); } - - foreach ($ciphertext as $c) { - $temp = $this->$decrypt($c); - if ($temp === false) { - return false; - } - $plaintext.= $temp; - } - - return $plaintext; } /** diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php index c335d78a..0dde29c7 100644 --- a/tests/Unit/Crypt/RSA/ModeTest.php +++ b/tests/Unit/Crypt/RSA/ModeTest.php @@ -67,7 +67,7 @@ p0GbMJDyR4e9T04ZZwIDAQAB } /** - * @expectedException \LengthException + * @expectedException \OutOfBoundsException */ public function testSmallModulo() {