From f418be845bac129932527cf0ff56eb3a165ed645 Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Fri, 2 Jun 2023 10:09:47 -0500
Subject: [PATCH] RSA: setting sig padding broke enc padding and vice versa

---
 phpseclib/Crypt/RSA.php           | 20 ++++++++++++--------
 tests/Unit/Crypt/RSA/ModeTest.php | 15 +++++++++++++++
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index 7b935cc2..13571997 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -841,15 +841,15 @@ abstract class RSA extends AsymmetricKey
             self::ENCRYPTION_PKCS1,
             self::ENCRYPTION_NONE
         ];
-        $numSelected = 0;
+        $encryptedCount = 0;
         $selected = 0;
         foreach ($masks as $mask) {
             if ($padding & $mask) {
                 $selected = $mask;
-                $numSelected++;
+                $encryptedCount++;
             }
         }
-        if ($numSelected > 1) {
+        if ($encryptedCount > 1) {
             throw new InconsistentSetupException('Multiple encryption padding modes have been selected; at most only one should be selected');
         }
         $encryptionPadding = $selected;
@@ -859,22 +859,26 @@ abstract class RSA extends AsymmetricKey
             self::SIGNATURE_RELAXED_PKCS1,
             self::SIGNATURE_PKCS1
         ];
-        $numSelected = 0;
+        $signatureCount = 0;
         $selected = 0;
         foreach ($masks as $mask) {
             if ($padding & $mask) {
                 $selected = $mask;
-                $numSelected++;
+                $signatureCount++;
             }
         }
-        if ($numSelected > 1) {
+        if ($signatureCount > 1) {
             throw new InconsistentSetupException('Multiple signature padding modes have been selected; at most only one should be selected');
         }
         $signaturePadding = $selected;
 
         $new = clone $this;
-        $new->encryptionPadding = $encryptionPadding;
-        $new->signaturePadding = $signaturePadding;
+        if ($encryptedCount) {
+            $new->encryptionPadding = $encryptionPadding;
+        }
+        if ($signatureCount) {
+            $new->signaturePadding = $signaturePadding;
+        }
         return $new;
     }
 
diff --git a/tests/Unit/Crypt/RSA/ModeTest.php b/tests/Unit/Crypt/RSA/ModeTest.php
index 27292730..9efa149a 100644
--- a/tests/Unit/Crypt/RSA/ModeTest.php
+++ b/tests/Unit/Crypt/RSA/ModeTest.php
@@ -254,4 +254,19 @@ zUlir0ACPypC1Q==
 
         $this->assertSame($data, $decrypted);
     }
+
+    public function testSettingOnePadding()
+    {
+        $pub = <<<HERE
+-----BEGIN PUBLIC KEY-----
+MF0wDQYJKoZIhvcNAQEBBQADTAAwSQJCAmdYuOvii3I6ya3q/zSeZFoJprgF9fIq
+k12yS6pCS3c+1wZ9cYFVtgfpSL4XpylLe9EnRT2GRVYCqUkR4AUeTuvnAgMBAAE=
+-----END PUBLIC KEY-----
+HERE;
+
+        $rsa = PublicKeyLoader::load($pub);
+        $this->assertTrue((bool) ($rsa->getPadding() & RSA::SIGNATURE_PSS));
+        $rsa = $rsa->withPadding(RSA::ENCRYPTION_NONE);
+        $this->assertTrue((bool) ($rsa->getPadding() & RSA::SIGNATURE_PSS));
+    }
 }