From 3f3e0cac98a479da04174c7805e4bcc390a27f0c Mon Sep 17 00:00:00 2001 From: terrafrost Date: Tue, 24 Feb 2015 00:05:00 -0600 Subject: [PATCH 1/4] setengine changes per bantu --- phpseclib/Crypt/Base.php | 33 ++++++++++++++++++--------------- phpseclib/Crypt/Blowfish.php | 4 ++-- phpseclib/Crypt/DES.php | 2 +- phpseclib/Crypt/RC2.php | 2 +- phpseclib/Crypt/Rijndael.php | 2 +- phpseclib/Crypt/Twofish.php | 2 +- 6 files changed, 24 insertions(+), 21 deletions(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 272193fb..4c5cbf99 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -53,7 +53,7 @@ */ /**#@+ - * @access private + * @access public * @see Crypt_Base::encrypt() * @see Crypt_Base::decrypt() * @internal This constants are for internal use only @@ -1587,6 +1587,8 @@ class Crypt_Base case CRYPT_ENGINE_INTERNAL: return true; } + + return false; } /** @@ -1640,18 +1642,21 @@ class Crypt_Base */ function _setEngine() { - switch (true) { - case $this->isValidEngine($this->preferredEngine): + $this->engine = null; + + $candidateEngines = array( + $this->preferredEngine, + CRYPT_ENGINE_MCRYPT, + CRYPT_ENGINE_OPENSSL + ); + foreach ($candidateEngines as $engine) { + if ($this->isValidEngine($engine)) { $this->engine = $this->preferredEngine; break; - case $this->isValidEngine(CRYPT_ENGINE_OPENSSL): - $this->engine = CRYPT_ENGINE_OPENSSL; - break; - case $this->isValidEngine(CRYPT_ENGINE_MCRYPT): - $this->engine = CRYPT_ENGINE_MCRYPT; - break; - default: - $this->engine = CRYPT_ENGINE_INTERNAL; + } + } + if (!$this->engine) { + $this->engine = CRYPT_ENGINE_INTERNAL; } if ($this->engine != CRYPT_ENGINE_MCRYPT && $this->enmcrypt) { @@ -1732,7 +1737,7 @@ class Crypt_Base * @see setIV() * @see disableContinuousBuffer() * @access private - * @internal _setup() is called always before(!) en/decryption. + * @internal _setup() is always called before en/decryption. * @internal Could, but not must, extend by the child Crypt_* class */ function _setup() @@ -2512,14 +2517,12 @@ class Crypt_Base * @param $bytes * @return String */ - function _trapdoor($bytes) + function _hashInlineCryptFunction($bytes) { if (!defined('CRYPT_BASE_WHIRLPOOL_AVAILABLE')) { define('CRYPT_BASE_WHIRLPOOL_AVAILABLE', (bool)(extension_loaded('hash') && in_array('whirlpool', hash_algos()))); } - // return pack('H*', md5($bytes) . sha1($bytes) . (CRYPT_BASE_WHIRLPOOL_AVAILABLE ? hash('whirlpool', $bytes) : '')); // Alternative - $result = ''; $hash = $bytes; diff --git a/phpseclib/Crypt/Blowfish.php b/phpseclib/Crypt/Blowfish.php index 82c3b713..55919430 100644 --- a/phpseclib/Crypt/Blowfish.php +++ b/phpseclib/Crypt/Blowfish.php @@ -546,10 +546,10 @@ class Crypt_Blowfish extends Crypt_Base // After that, we'll still create very fast optimized code but not the hi-ultimative code, for each $mode one. $gen_hi_opt_code = (bool)( count($lambda_functions) < 10 ); - // Generation of a uniqe hash for our generated code + // Generation of a unique hash for our generated code $code_hash = "Crypt_Blowfish, {$this->mode}"; if ($gen_hi_opt_code) { - $code_hash = str_pad($code_hash, 32) . $this->_trapdoor($this->key); + $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); } if (!isset($lambda_functions[$code_hash])) { diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index b274495b..6006c22f 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -1394,7 +1394,7 @@ class Crypt_DES extends Crypt_Base // After max 10 hi-optimized functions, we create generic // (still very fast.. but not ultra) functions for each $mode/$des_rounds // Currently 2 * 5 generic functions will be then max. possible. - $code_hash = str_pad($code_hash, 32) . $this->_trapdoor($this->key); + $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); } // Is there a re-usable $lambda_functions in there? If not, we have to create it. diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index ce78fc50..63c5effb 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -642,7 +642,7 @@ class Crypt_RC2 extends Crypt_Base // Generation of a uniqe hash for our generated code $code_hash = "Crypt_RC2, {$this->mode}"; if ($gen_hi_opt_code) { - $code_hash = str_pad($code_hash, 32) . $this->_trapdoor($this->key); + $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); } // Is there a re-usable $lambda_functions in there? diff --git a/phpseclib/Crypt/Rijndael.php b/phpseclib/Crypt/Rijndael.php index b4e38a83..e511937e 100644 --- a/phpseclib/Crypt/Rijndael.php +++ b/phpseclib/Crypt/Rijndael.php @@ -960,7 +960,7 @@ class Crypt_Rijndael extends Crypt_Base // Generation of a uniqe hash for our generated code $code_hash = "Crypt_Rijndael, {$this->mode}, {$this->Nr}, {$this->Nb}"; if ($gen_hi_opt_code) { - $code_hash = str_pad($code_hash, 32) . $this->_trapdoor($this->key); + $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); } if (!isset($lambda_functions[$code_hash])) { diff --git a/phpseclib/Crypt/Twofish.php b/phpseclib/Crypt/Twofish.php index 1a204fe0..9ff79a53 100644 --- a/phpseclib/Crypt/Twofish.php +++ b/phpseclib/Crypt/Twofish.php @@ -746,7 +746,7 @@ class Crypt_Twofish extends Crypt_Base // Generation of a uniqe hash for our generated code $code_hash = "Crypt_Twofish, {$this->mode}"; if ($gen_hi_opt_code) { - $code_hash = str_pad($code_hash, 32) . $this->_trapdoor($this->key); + $code_hash = str_pad($code_hash, 32) . $this->_hashInlineCryptFunction($this->key); } if (!isset($lambda_functions[$code_hash])) { From 9a400c40949b1ad69434ee397e551226f976616a Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 15 Mar 2015 02:44:13 -0500 Subject: [PATCH 2/4] Crypt/Base: engine wasn't being set correctly --- phpseclib/Crypt/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 4c5cbf99..73886502 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -1651,7 +1651,7 @@ class Crypt_Base ); foreach ($candidateEngines as $engine) { if ($this->isValidEngine($engine)) { - $this->engine = $this->preferredEngine; + $this->engine = $engine; break; } } From 6bd4e6018edecc27e8e76a3e8409ab1a161140b2 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sun, 29 Mar 2015 15:26:15 -0500 Subject: [PATCH 3/4] Crypt/Base: rm redundant null padding --- phpseclib/Crypt/Base.php | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 73886502..5bd50862 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -979,7 +979,8 @@ class Crypt_Base function decrypt($ciphertext) { if ($this->paddable) { - // we pad with chr(0) since that's what mcrypt_generic does [...] + // we pad with chr(0) since that's what mcrypt_generic does. to quote from {@link http://www.php.net/function.mcrypt-generic}: + // "The data is padded with "\0" to make sure the length of the data is n * blocksize." $ciphertext = str_pad($ciphertext, strlen($ciphertext) + ($this->block_size - strlen($ciphertext) % $this->block_size) % $this->block_size, chr(0)); } @@ -1112,12 +1113,6 @@ class Crypt_Base return $plaintext; } - if ($this->paddable) { - // we pad with chr(0) since that's what mcrypt_generic does. to quote from {@link http://www.php.net/function.mcrypt-generic}: - // "The data is padded with "\0" to make sure the length of the data is n * blocksize." - $ciphertext = str_pad($ciphertext, strlen($ciphertext) + ($block_size - strlen($ciphertext) % $block_size) % $block_size, chr(0)); - } - $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext); if (!$this->continuousBuffer) { From 1a51226d84864a303e95228af10becd5aa1879da Mon Sep 17 00:00:00 2001 From: terrafrost Date: Mon, 30 Mar 2015 23:33:52 -0500 Subject: [PATCH 4/4] Crypt/Base; prioritize OpenSSL over mcrypt --- phpseclib/Crypt/Base.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 5bd50862..f1fb1585 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -56,7 +56,6 @@ * @access public * @see Crypt_Base::encrypt() * @see Crypt_Base::decrypt() - * @internal This constants are for internal use only */ /** * Encrypt / decrypt using the Counter mode. @@ -100,7 +99,7 @@ define('CRYPT_MODE_STREAM', 5); /**#@+ * @access private * @see Crypt_Base::Crypt_Base() - * @internal This constants are for internal use only + * @internal These constants are for internal use only */ /** * Base value for the internal implementation $engine switch @@ -1641,8 +1640,8 @@ class Crypt_Base $candidateEngines = array( $this->preferredEngine, - CRYPT_ENGINE_MCRYPT, - CRYPT_ENGINE_OPENSSL + CRYPT_ENGINE_OPENSSL, + CRYPT_ENGINE_MCRYPT ); foreach ($candidateEngines as $engine) { if ($this->isValidEngine($engine)) {