From deb151629689cdae75d3972e91d949e1a1b52ed2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hans-J=C3=BCrgen=20Petrich?= Date: Tue, 5 Mar 2013 12:25:16 +0700 Subject: [PATCH] [Triple]DES, Rijndael: Fix overflow in OFB mode Related to: https://github.com/phpseclib/phpseclib/issues/77 --- phpseclib/Crypt/DES.php | 2 +- phpseclib/Crypt/Rijndael.php | 12 ++++++++---- phpseclib/Crypt/TripleDES.php | 6 ++++-- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 0b353b87..a4b3e541 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -846,7 +846,7 @@ class Crypt_DES { $xor = $this->decryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($ciphertext); $i+=8) { - $block = substr($plaintext, $i, 8); + $block = substr($ciphertext, $i, 8); if (strlen($block) > strlen($buffer['xor'])) { $xor = $this->_processBlock($xor, CRYPT_DES_ENCRYPT); $buffer['xor'].= $xor; diff --git a/phpseclib/Crypt/Rijndael.php b/phpseclib/Crypt/Rijndael.php index 9ac4e1b2..c8d60995 100644 --- a/phpseclib/Crypt/Rijndael.php +++ b/phpseclib/Crypt/Rijndael.php @@ -900,12 +900,13 @@ class Crypt_Rijndael { $xor = $this->encryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { + $block = substr($plaintext, $i, $block_size); if (strlen($block) > strlen($buffer['xor'])) { $xor = $this->_encryptBlock($xor); $buffer['xor'].= $xor; } $key = $this->_string_shift($buffer['xor'], $block_size); - $ciphertext.= substr($plaintext, $i, $block_size) ^ $key; + $ciphertext.= $block ^ $key; } } else { for ($i = 0; $i < strlen($plaintext); $i+=$block_size) { @@ -1040,12 +1041,13 @@ class Crypt_Rijndael { $xor = $this->decryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { + $block = substr($ciphertext, $i, $block_size); if (strlen($block) > strlen($buffer['xor'])) { $xor = $this->_encryptBlock($xor); $buffer['xor'].= $xor; } $key = $this->_string_shift($buffer['xor'], $block_size); - $plaintext.= substr($ciphertext, $i, $block_size) ^ $key; + $plaintext.= $block ^ $key; } } else { for ($i = 0; $i < strlen($ciphertext); $i+=$block_size) { @@ -1973,6 +1975,7 @@ class Crypt_Rijndael { if (strlen($buffer["xor"])) { for ($i = 0; $i < $plaintext_len; $i+= '.$block_size.') { + $block = substr($text, $i, '.$block_size.'); if (strlen($block) > strlen($buffer["xor"])) { $in = $xor; '.$_encryptBlock.' @@ -1980,7 +1983,7 @@ class Crypt_Rijndael { $buffer["xor"].= $xor; } $key = $self->_string_shift($buffer["xor"], '.$block_size.'); - $ciphertext.= substr($text, $i, '.$block_size.') ^ $key; + $ciphertext.= $block ^ $key; } } else { for ($i = 0; $i < $plaintext_len; $i+= '.$block_size.') { @@ -2008,6 +2011,7 @@ class Crypt_Rijndael { if (strlen($buffer["xor"])) { for ($i = 0; $i < $ciphertext_len; $i+= '.$block_size.') { + $block = substr($text, $i, '.$block_size.'); if (strlen($block) > strlen($buffer["xor"])) { $in = $xor; '.$_encryptBlock.' @@ -2015,7 +2019,7 @@ class Crypt_Rijndael { $buffer["xor"].= $xor; } $key = $self->_string_shift($buffer["xor"], '.$block_size.'); - $plaintext.= substr($text, $i, '.$block_size.') ^ $key; + $plaintext.= $block ^ $key; } } else { for ($i = 0; $i < $ciphertext_len; $i+= '.$block_size.') { diff --git a/phpseclib/Crypt/TripleDES.php b/phpseclib/Crypt/TripleDES.php index 5af43ec9..28cdc588 100644 --- a/phpseclib/Crypt/TripleDES.php +++ b/phpseclib/Crypt/TripleDES.php @@ -669,6 +669,7 @@ class Crypt_TripleDES { $xor = $this->encryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($plaintext); $i+=8) { + $block = substr($plaintext, $i, 8); if (strlen($block) > strlen($buffer['xor'])) { $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT); $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT); @@ -676,7 +677,7 @@ class Crypt_TripleDES { $buffer['xor'].= $xor; } $key = $this->_string_shift($buffer['xor'], 8); - $ciphertext.= substr($plaintext, $i, 8) ^ $key; + $ciphertext.= $block ^ $key; } } else { for ($i = 0; $i < strlen($plaintext); $i+=8) { @@ -882,6 +883,7 @@ class Crypt_TripleDES { $xor = $this->decryptIV; if (strlen($buffer['xor'])) { for ($i = 0; $i < strlen($ciphertext); $i+=8) { + $block = substr($ciphertext, $i, 8); if (strlen($block) > strlen($buffer['xor'])) { $xor = $des[0]->_processBlock($xor, CRYPT_DES_ENCRYPT); $xor = $des[1]->_processBlock($xor, CRYPT_DES_DECRYPT); @@ -889,7 +891,7 @@ class Crypt_TripleDES { $buffer['xor'].= $xor; } $key = $this->_string_shift($buffer['xor'], 8); - $plaintext.= substr($ciphertext, $i, 8) ^ $key; + $plaintext.= $block ^ $key; } } else { for ($i = 0; $i < strlen($ciphertext); $i+=8) {