1
0
mirror of https://github.com/danog/tgseclib.git synced 2025-01-22 14:01:20 +01:00

Merge branch '1.0' into 2.0

This commit is contained in:
terrafrost 2019-03-08 07:30:33 -06:00
commit 0bb37d2853

View File

@ -2221,12 +2221,13 @@ class RSA
return false; return false;
} }
$result = 0; $result = "\0";
$x^= $y;
for ($i = 0; $i < strlen($x); $i++) { for ($i = 0; $i < strlen($x); $i++) {
$result |= ord($x[$i]) ^ ord($y[$i]); $result|= $x[$i];
} }
return $result == 0; return $result === "\0";
} }
/** /**
@ -2433,19 +2434,26 @@ class RSA
$db = $maskedDB ^ $dbMask; $db = $maskedDB ^ $dbMask;
$lHash2 = substr($db, 0, $this->hLen); $lHash2 = substr($db, 0, $this->hLen);
$m = substr($db, $this->hLen); $m = substr($db, $this->hLen);
if (!$this->_equals($lHash, $lHash2)) { $hashesMatch = $this->_equals($lHash, $lHash2);
user_error('Decryption error'); $leadingZeros = 1;
return false; $patternMatch = 0;
$offset = 0;
for ($i = 0; $i < strlen($m); $i++) {
$patternMatch|= $leadingZeros & ($m[$i] === "\1");
$leadingZeros&= $m[$i] === "\0";
$offset+= $patternMatch ? 0 : 1;
} }
$m = ltrim($m, chr(0));
if (ord($m[0]) != 1) { // we do & instead of && to avoid https://en.wikipedia.org/wiki/Short-circuit_evaluation
// to protect against timing attacks
if (!$hashesMatch & !$patternMatch) {
user_error('Decryption error'); user_error('Decryption error');
return false; return false;
} }
// Output the message M // Output the message M
return substr($m, 1); return substr($m, $offset + 1);
} }
/** /**