RSA: make sure that parameters is null for relaxed PKCS1 signatures

2024-12-02 17:52:59 +01:00 · 2021-04-03 11:33:49 -05:00 · 2021-04-03 11:33:49 -05:00 · 42fc46e9a9
commit 42fc46e9a9
parent c6a22faf60
1 changed files with 4 additions and 0 deletions
--- a/phpseclib/Crypt/RSA/PublicKey.php
+++ b/phpseclib/Crypt/RSA/PublicKey.php
@ -188,6 +188,10 @@ class PublicKey extends RSA implements Common\PublicKey
            return false;
        }

+        if (isset($decoded['digestAlgorithm']['parameters']) && $decoded['digestAlgorithm']['parameters'] !== ['null' => '']) {
+            return false;
+        }
+
        $hash = $decoded['digestAlgorithm']['algorithm'];
        $hash = substr($hash, 0, 3) == 'id-' ?
            substr($hash, 3) :