diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index a9b6c675..6bc11261 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -39,7 +39,7 @@ use phpseclib3\Exception\BadConfigurationException; * @author Jim Wigginton * @access public */ -class BigInteger implements \Serializable +class BigInteger { /** * Main Engine @@ -69,6 +69,24 @@ class BigInteger implements \Serializable */ private $value; + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + private $hex; + + /** + * Precision (used only for serialization) + * + * @see self::__sleep() + * @see self::__wakeup() + * @var int + */ + private $precision; + /** * Sets engine type. * @@ -390,39 +408,38 @@ class BigInteger implements \Serializable * * Will be called, automatically, when serialize() is called on a BigInteger object. * - * phpseclib 1.0 serialized strings look like this: - * O:15:"Math_BigInteger":1:{s:3:"hex";s:18:"00ab54a98ceb1f0ad2";} + * __sleep() / __wakeup() have been around since PHP 4.0 * - * phpseclib 3.0 serialized strings look like this: - * C:25:"phpseclib\Math\BigInteger":42:{a:1:{s:3:"hex";s:18:"00ab54a98ceb1f0ad2";}} + * \Serializable was introduced in PHP 5.1 and deprecated in PHP 8.1: + * https://wiki.php.net/rfc/phase_out_serializable + * + * __serialize() / __unserialize() were introduced in PHP 7.4: + * https://wiki.php.net/rfc/custom_object_serialization * * @return string */ - public function serialize() + public function __sleep() { - $val = ['hex' => $this->toHex(true)]; - $precision = $this->value->getPrecision(); - if ($precision > 0) { - $val['precision'] = $precision; + $this->hex = $this->toHex(true); + $vars = ['hex']; + if ($this->getPrecision() > 0) { + $vars[] = 'precision'; } - return serialize($val); + return $vars; } /** * Serialize * * Will be called, automatically, when unserialize() is called on a BigInteger object. - * - * @param string $serialized */ - public function unserialize($serialized) + public function __wakeup() { - $r = unserialize($serialized); - $temp = new static($r['hex'], -16); + $temp = new static($this->hex, -16); $this->value = $temp->value; - if (isset($r['precision'])) { + if ($this->precision > 0) { // recalculate $this->bitmask - $this->setPrecision($r['precision']); + $this->setPrecision($this->precision); } } diff --git a/phpseclib/Math/BigInteger/Engines/Engine.php b/phpseclib/Math/BigInteger/Engines/Engine.php index 10dd994b..17b1996c 100644 --- a/phpseclib/Math/BigInteger/Engines/Engine.php +++ b/phpseclib/Math/BigInteger/Engines/Engine.php @@ -28,7 +28,7 @@ use phpseclib3\Common\Functions\Strings; * @author Jim Wigginton * @access public */ -abstract class Engine implements \Serializable +abstract class Engine { /** * Holds the BigInteger's value @@ -65,6 +65,15 @@ abstract class Engine implements \Serializable */ protected $reduce; + /** + * Mode independent value used for serialization. + * + * @see self::__sleep() + * @see self::__wakeup() + * @var string + */ + protected $hex; + /** * Default constructor * @@ -295,31 +304,29 @@ abstract class Engine implements \Serializable * * @return string */ - public function serialize() + public function __sleep() { - $val = ['hex' => $this->toHex(true)]; + $this->hex = $this->toHex(true); + $vars = ['hex']; if ($this->precision > 0) { - $val['precision'] = $this->precision; + $vars[] = 'precision'; } - return serialize($val); + return $vars; } /** * Serialize * * Will be called, automatically, when unserialize() is called on a BigInteger object. - * - * @param string $serialized */ - public function unserialize($serialized) + public function __wakeup() { - $r = unserialize($serialized); - $temp = new static($r['hex'], -16); + $temp = new static($this->hex, -16); $this->value = $temp->value; $this->is_negative = $temp->is_negative; - if (isset($r['precision'])) { + if ($this->precision > 0) { // recalculate $this->bitmask - $this->setPrecision($r['precision']); + $this->setPrecision($this->precision); } }