Crypt/Base: stream ciphers cannot be run in continuous mode with OpenSSL

2024-12-26 03:27:31 +00:00 · 2014-12-31 14:10:53 -06:00 · 2014-12-31 14:10:53 -06:00 · be168e262f
commit be168e262f
parent e3487c8adb
2 changed files with 11 additions and 3 deletions
--- a/phpseclib/Crypt/Base.php
+++ b/phpseclib/Crypt/Base.php
@ -1498,6 +1498,8 @@ class Crypt_Base
        }

        $this->continuousBuffer = true;
+
+        $this->_setEngine();
    }

    /**
@ -1520,6 +1522,8 @@ class Crypt_Base

        $this->continuousBuffer = false;
        $this->changed = true;
+
+        $this->_setEngine();
    }

    /**
@ -1534,6 +1538,9 @@ class Crypt_Base
    {
        switch ($engine) {
            case CRYPT_ENGINE_OPENSSL:
+                if ($this->mode == CRYPT_MODE_STREAM && $this->continuousBuffer) {
+                    return false;
+                }
                $this->openssl_emulate_ctr = false;
                $result = $this->cipher_name_openssl &&
                          extension_loaded('openssl') &&
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@ -1166,11 +1166,12 @@ class Net_SSH2
                 //'none'         // OPTIONAL          no encryption; NOT RECOMMENDED
            );

-            if (extension_loaded('openssl')) {
-                // OpenSSL does not support arcfour256
+            if (extension_loaded('openssl') && !extension_loaded('mcrypt')) {
+                // OpenSSL does not support arcfour256 in any capacity and arcfour128 / arcfour support is limited to
+                // instances that do not use continuous buffers
                $encryption_algorithms = array_diff(
                    $encryption_algorithms,
-                    array('arcfour256')
+                    array('arcfour256', 'arcfour128', 'arcfour')
                );
            }