SSH2: sodium_compat doesn't support memzero

This commit is contained in:
terrafrost 2019-11-13 23:47:16 -06:00
parent 53dcc19441
commit e3557220d7

View File

@ -1713,7 +1713,14 @@ class SSH2
return false;
}
$key = new BigInteger(sodium_crypto_scalarmult($x, $fBytes), 256);
sodium_memzero($x);
// sodium_compat doesn't emulate sodium_memzero
// also, with v1 of libsodium API the extension identifies itself as
// libsodium whereas v2 of the libsodium API (what PHP 7.2+ includes)
// identifies itself as sodium. sodium_compat uses the v1 API to
// emulate the v2 API if it's the v1 API that's available
if (extension_loaded('sodium') || extension_loaded('libsodium')) {
sodium_memzero($x);
}
} else {
$f = new BigInteger($fBytes, -256);
$key = $f->modPow($x, $prime);