From f0f7350045fb45da973c5414b842e3ff2c92f5b7 Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 13 Oct 2018 08:10:34 -0500 Subject: [PATCH 1/2] Crypt/Base: if derived key length is 0 or less use hash length --- phpseclib/Crypt/Base.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index a4ea784c..97a61871 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -661,7 +661,7 @@ class Crypt_Base $count = isset($func_args[4]) ? $func_args[4] : 1000; // Keylength - if (isset($func_args[5])) { + if (isset($func_args[5]) && $func_args[5] > 0) { $dkLen = $func_args[5]; } else { $dkLen = $method == 'pbkdf1' ? 2 * $this->key_length : $this->key_length; From 048635669e294effb6c7136c4b179921c15867bc Mon Sep 17 00:00:00 2001 From: terrafrost Date: Sat, 13 Oct 2018 08:20:09 -0500 Subject: [PATCH 2/2] Crypt/Base: create hmac object outside of while loop --- phpseclib/Crypt/Base.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpseclib/Crypt/Base.php b/phpseclib/Crypt/Base.php index 97a61871..63e8ec80 100644 --- a/phpseclib/Crypt/Base.php +++ b/phpseclib/Crypt/Base.php @@ -696,10 +696,10 @@ class Crypt_Base include_once 'Crypt/Hash.php'; } $i = 1; + $hmac = new Crypt_Hash(); + $hmac->setHash($hash); + $hmac->setKey($password); while (strlen($key) < $dkLen) { - $hmac = new Crypt_Hash(); - $hmac->setHash($hash); - $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; ++$j) { $u = $hmac->hash($u);