octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2025-01-13 10:01:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

SSH2: sodium_compat doesn't support memzero

Browse Source
This commit is contained in:
terrafrost 2019-11-13 23:47:16 -06:00
parent 53dcc19441
commit e3557220d7
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
phpseclib/Net/SSH2.php
View File

@ -1713,7 +1713,14 @@ class SSH2
return false;
}
$key = new BigInteger(sodium_crypto_scalarmult($x, $fBytes), 256);
sodium_memzero($x);
// sodium_compat doesn't emulate sodium_memzero
// also, with v1 of libsodium API the extension identifies itself as
// libsodium whereas v2 of the libsodium API (what PHP 7.2+ includes)
// identifies itself as sodium. sodium_compat uses the v1 API to
// emulate the v2 API if it's the v1 API that's available
if (extension_loaded('sodium') || extension_loaded('libsodium')) {
sodium_memzero($x);
}
} else {
$f = new BigInteger($fBytes, -256);
$key = $f->modPow($x, $prime);