RSA: setting sig padding broke enc padding and vice versa

2024-12-02 09:38:06 +01:00 · 2023-06-02 10:09:47 -05:00 · 2023-06-02 10:09:47 -05:00 · f418be845b
commit f418be845b
parent 841267aafa
2 changed files with 27 additions and 8 deletions
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -841,15 +841,15 @@ abstract class RSA extends AsymmetricKey
            self::ENCRYPTION_PKCS1,
            self::ENCRYPTION_NONE
        ];
-        $numSelected = 0;
+        $encryptedCount = 0;
        $selected = 0;
        foreach ($masks as $mask) {
            if ($padding & $mask) {
                $selected = $mask;
-                $numSelected++;
+                $encryptedCount++;
            }
        }
-        if ($numSelected > 1) {
+        if ($encryptedCount > 1) {
            throw new InconsistentSetupException('Multiple encryption padding modes have been selected; at most only one should be selected');
        }
        $encryptionPadding = $selected;
@ -859,22 +859,26 @@ abstract class RSA extends AsymmetricKey
            self::SIGNATURE_RELAXED_PKCS1,
            self::SIGNATURE_PKCS1
        ];
-        $numSelected = 0;
+        $signatureCount = 0;
        $selected = 0;
        foreach ($masks as $mask) {
            if ($padding & $mask) {
                $selected = $mask;
-                $numSelected++;
+                $signatureCount++;
            }
        }
-        if ($numSelected > 1) {
+        if ($signatureCount > 1) {
            throw new InconsistentSetupException('Multiple signature padding modes have been selected; at most only one should be selected');
        }
        $signaturePadding = $selected;

        $new = clone $this;
-        $new->encryptionPadding = $encryptionPadding;
-        $new->signaturePadding = $signaturePadding;
+        if ($encryptedCount) {
+            $new->encryptionPadding = $encryptionPadding;
+        }
+        if ($signatureCount) {
+            $new->signaturePadding = $signaturePadding;
+        }
        return $new;
    }

--- a/tests/Unit/Crypt/RSA/ModeTest.php
+++ b/tests/Unit/Crypt/RSA/ModeTest.php
@ -254,4 +254,19 @@ zUlir0ACPypC1Q==

        $this->assertSame($data, $decrypted);
    }
+
+    public function testSettingOnePadding()
+    {
+        $pub = <<<HERE
+-----BEGIN PUBLIC KEY-----
+MF0wDQYJKoZIhvcNAQEBBQADTAAwSQJCAmdYuOvii3I6ya3q/zSeZFoJprgF9fIq
+k12yS6pCS3c+1wZ9cYFVtgfpSL4XpylLe9EnRT2GRVYCqUkR4AUeTuvnAgMBAAE=
+-----END PUBLIC KEY-----
+HERE;
+
+        $rsa = PublicKeyLoader::load($pub);
+        $this->assertTrue((bool) ($rsa->getPadding() & RSA::SIGNATURE_PSS));
+        $rsa = $rsa->withPadding(RSA::ENCRYPTION_NONE);
+        $this->assertTrue((bool) ($rsa->getPadding() & RSA::SIGNATURE_PSS));
+    }
 }