From be168e262ffdddd5f7334f38dec13ebc73eee32e Mon Sep 17 00:00:00 2001 From: terrafrost Date: Wed, 31 Dec 2014 14:10:53 -0600 Subject: [PATCH] Crypt/Base: stream ciphers cannot be run in continuous mode with OpenSSL --- phpseclib/Crypt/Base.php | 7 +++++++ phpseclib/Net/SSH2.php | 7 ++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 17e8d110..b0f21ed6 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -1498,6 +1498,8 @@ class Crypt_Base } $this->continuousBuffer = true; + + $this->_setEngine(); } /** @@ -1520,6 +1522,8 @@ class Crypt_Base $this->continuousBuffer = false; $this->changed = true; + + $this->_setEngine(); } /** @@ -1534,6 +1538,9 @@ class Crypt_Base { switch ($engine) { case CRYPT_ENGINE_OPENSSL: + if ($this->mode == CRYPT_MODE_STREAM && $this->continuousBuffer) { + return false; + } $this->openssl_emulate_ctr = false; $result = $this->cipher_name_openssl && extension_loaded('openssl') && diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 53b110d8..4d230b14 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -1166,11 +1166,12 @@ class Net_SSH2 //'none' // OPTIONAL no encryption; NOT RECOMMENDED ); - if (extension_loaded('openssl')) { - // OpenSSL does not support arcfour256 + if (extension_loaded('openssl') && !extension_loaded('mcrypt')) { + // OpenSSL does not support arcfour256 in any capacity and arcfour128 / arcfour support is limited to + // instances that do not use continuous buffers $encryption_algorithms = array_diff( $encryption_algorithms, - array('arcfour256') + array('arcfour256', 'arcfour128', 'arcfour') ); }