From 498e60602b5847b3d3927394c86b796a2843d122 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Wed, 25 Jul 2018 09:57:33 -0500 Subject: [PATCH] If session decryption fails, return NULL Otherwise it returns false, we try to unpack that, and generally bad things happen. --- lib/openpgp_crypt_rsa.php | 3 ++- tests/phpseclib_suite.php | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/openpgp_crypt_rsa.php b/lib/openpgp_crypt_rsa.php index bce11e1..70925ef 100644 --- a/lib/openpgp_crypt_rsa.php +++ b/lib/openpgp_crypt_rsa.php @@ -208,7 +208,8 @@ class OpenPGP_Crypt_RSA { static function try_decrypt_session($key, $edata) { $key->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1); - $data = $key->decrypt($edata); + $data = @$key->decrypt($edata); + if(!$data) return NULL; $sk = substr($data, 1, strlen($data)-3); $chk = unpack('n', substr($data, -2)); $chk = reset($chk); diff --git a/tests/phpseclib_suite.php b/tests/phpseclib_suite.php index 6e7f2e5..d592db5 100644 --- a/tests/phpseclib_suite.php +++ b/tests/phpseclib_suite.php @@ -109,6 +109,24 @@ class Decryption extends PHPUnit_Framework_TestCase { } } + public function testDecryptRoundtrip() { + $m = new OpenPGP_Message(array(new OpenPGP_LiteralDataPacket("hello\n"))); + $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/helloKey.gpg')); + $em = OpenPGP_Crypt_Symmetric::encrypt($key, $m); + + foreach($key as $packet) { + if(!($packet instanceof OpenPGP_SecretKeyPacket)) continue; + $decryptor = new OpenPGP_Crypt_RSA($packet); + $m2 = $decryptor->decrypt($em); + + foreach($m2 as $p) { + if($p instanceof OpenPGP_LiteralDataPacket) { + $this->assertEquals($p->data, "hello\n"); + } + } + } + } + public function testDecryptSecretKey() { $key = OpenPGP_Message::parse(file_get_contents(dirname(__FILE__) . '/data/encryptedSecretKey.gpg')); $skey = OpenPGP_Crypt_Symmetric::decryptSecretKey("hello", $key[0]);