phpseclib
diff --git a/‎phpseclib/Crypt/RSA.php
Lines changed: 54 additions & 2 deletions b/‎phpseclib/Crypt/RSA.php
Lines changed: 54 additions & 2 deletions
diff --git a/‎phpseclib/File/ASN1.php
Lines changed: 2 additions & 0 deletions b/‎phpseclib/File/ASN1.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎tests/Unit/Crypt/RSA/ModeTest.php
Lines changed: 22 additions & 0 deletions b/‎tests/Unit/Crypt/RSA/ModeTest.php
Lines changed: 22 additions & 0 deletions
diff --git a/‎tests/Unit/File/ASN1Test.php
Lines changed: 30 additions & 0 deletions b/‎tests/Unit/File/ASN1Test.php
Lines changed: 30 additions & 0 deletions
@@ -2917,6 +2917,56 @@ function _emsa_pkcs1_v1_5_encode($m, $emLen)
         return $em;
     }
 
+    /**
+     * EMSA-PKCS1-V1_5-ENCODE (without NULL)
+     *
+     * Quoting https://tools.ietf.org/html/rfc8017#page-65,
+     *
+     * "The parameters field associated with id-sha1, id-sha224, id-sha256,
+     *  id-sha384, id-sha512, id-sha512/224, and id-sha512/256 should
+     *  generally be omitted, but if present, it shall have a value of type
+     *  NULL"
+     *
+     * @access private
+     * @param string $m
+     * @param int $emLen
+     * @return string
+     */
+    function _emsa_pkcs1_v1_5_encode_without_null($m, $emLen)
+    {
+        $h = $this->hash->hash($m);
+        if ($h === false) {
+            return false;
+        }
+
+        switch ($this->hashName) {
+            case 'sha1':
+                $t = pack('H*', '301f300706052b0e03021a0414');
+                break;
+            case 'sha256':
+                $t = pack('H*', '302f300b06096086480165030402010420');
+                break;
+            case 'sha384':
+                $t = pack('H*', '303f300b06096086480165030402020430');
+                break;
+            case 'sha512':
+                $t = pack('H*', '304f300b06096086480165030402030440');
+        }
+        $t.= $h;
+        $tLen = strlen($t);
+
+        if ($emLen < $tLen + 11) {
+            user_error('Intended encoded message length too short');
+            return false;
+        }
+
+        $ps = str_repeat(chr(0xFF), $emLen - $tLen - 3);
+
+        $em = "\0\1$ps\0$t";
+
+        return $em;
+    }
+
     /**
      * RSASSA-PKCS1-V1_5-SIGN
      *
@@ -2983,13 +3033,15 @@ function _rsassa_pkcs1_v1_5_verify($m, $s)
         // EMSA-PKCS1-v1_5 encoding
 
         $em2 = $this->_emsa_pkcs1_v1_5_encode($m, $this->k);
-        if ($em2 === false) {
+        $em3 = $this->_emsa_pkcs1_v1_5_encode_without_null($m, $this->k);
+
+        if ($em2 === false && $em3 === false) {
             user_error('RSA modulus too short');
             return false;
         }
 
         // Compare
-        return $this->_equals($em, $em2);
+        return $this->_equals($em, $em2) || $this->_equals($em, $em3);
     }
 
     /**
 
@@ -494,7 +494,9 @@ function _decode_ber($encoded, $start = 0, $encoded_pos = 0)
                     return false;
                 }
                 $current['content'] = $this->_decodeTime(substr($content, $content_pos), $tag);
+                break;
             default:
+                return false;
         }
 
         $start+= $length;
 
@@ -115,4 +115,26 @@ public function testPSSSigsWithNonPowerOf2Key()
         $payload = 'eyJraWQiOiJ0RkMyVUloRnBUTV9FYTNxY09kX01xUVQxY0JCbTlrRkxTRGZlSmhzUkc4IiwiYWxnIjoiUFMyNTYifQ.eyJhcHAiOiJhY2NvdW50cG9ydGFsIiwic3ViIjoiNTliOGM4YzA5NTVhNDA5MDg2MGRmYmM3ZGQwMjVjZWEiLCJjbGlkIjoiZTQ5ZTA2N2JiMTFjNDcyMmEzNGIyYjNiOGE2YTYzNTUiLCJhbSI6InBhc3N3b3JkIiwicCI6ImVOcDFrRUZQd3pBTWhmXC9QdEVOYU5kQkc2bUZDNHNpbENNNXU0aTNXMHFSS0hFVDU5V1JzcXpZRUp4XC84M3ZQbkIxcUg3Rm5CZVNabEtNME9saGVZVUVWTXlHOEVUOEZnWDI4dkdqWG4wWkcrV2hSK01rWVBicGZacHI2U3E0N0RFYjBLYkRFT21CSUZuOTZKN1ZDaWg1Q2p4dWNRZDJmdHJlMCt2cSthZFFObUluK0poWEl0UlBvQ0xya1wvZ05VV3N3T09vSVwva0Q5ZVk4c05jRHFPUzNkanFWb3RPU21oRUo5b0hZZmFqZmpSRzFGSWpGRFwvOExtT2pKbVF3d0tBMnQ0aXJBQ2NncHo0dzBuN3BtXC84YXV2T0dFM2twVFZ2d0IzdzlQZk1YZnJJUTBhejRsaEtIdVBUMU42XC9sb1FJPSIsImlhaSI6IjU5YjhjOGMwOTU1YTQwOTA4NjBkZmJjN2RkMDI1Y2VhIiwiY2xzdmMiOiJhY2NvdW50cG9ydGFsIiwibHB2IjoxNTQ3Njc1NDM4LCJ0IjoicyIsImljIjp0cnVlLCJleHAiOjE1NDc3MDQyMzgsImlhdCI6MTU0NzY3NTQzOCwianRpIjoiZTE0N2UzM2UzNzVhNDkyNWJjMzdjZTRjMDIwMmJjNDYifQ';
         $this->assertTrue($rsa->verify($payload, $sig));
     }
+
+    public function testPKCS1SigWithoutNull()
+    {
+        $rsa = new RSA();
+        $rsa->loadKey(array(
+            'n' => new BigInteger('0xE932AC92252F585B3A80A4DD76A897C8B7652952FE788F6EC8DD640587A1EE5647670A8AD
+4C2BE0F9FA6E49C605ADF77B5174230AF7BD50E5D6D6D6D28CCF0A886A514CC72E51D209CC7
+72A52EF419F6A953F3135929588EBE9B351FCA61CED78F346FE00DBB6306E5C2A4C6DFC3779
+AF85AB417371CF34D8387B9B30AE46D7A5FF5A655B8D8455F1B94AE736989D60A6F2FD5CADB
+FFBD504C5A756A2E6BB5CECC13BCA7503F6DF8B52ACE5C410997E98809DB4DC30D943DE4E81
+2A47553DCE54844A78E36401D13F77DC650619FED88D8B3926E3D8E319C80C744779AC5D6AB
+E252896950917476ECE5E8FC27D5F053D6018D91B502C4787558A002B9283DA7', 16),
+            'e' => new BigInteger('3')
+        ));
+
+        $message = 'hello world!';
+        $signature = pack('H*', 'a0073057133ff3758e7e111b4d7441f1d8cbe4b2dd5ee4316a14264290dee5ed7f175716639bd9bb43a14e4f9fcb9e84dedd35e2205caac04828b2c053f68176d971ea88534dd2eeec903043c3469fc69c206b2a8694fd262488441ed8852280c3d4994e9d42bd1d575c7024095f1a20665925c2175e089c0d731471f6cc145404edf5559fd2276e45e448086f71c78d0cc6628fad394a34e51e8c10bc39bfe09ed2f5f742cc68bee899d0a41e4c75b7b80afd1c321d89ccd9fe8197c44624d91cc935dfa48de3c201099b5b417be748aef29248527e8bbb173cab76b48478d4177b338fe1f1244e64d7d23f07add560d5ad50b68d6649a49d7bc3db686daaa7');
+
+        $rsa->setSignatureMode(RSA::SIGNATURE_PKCS1);
+        $rsa->setHash('sha256');
+        $this->assertTrue($rsa->verify($message, $signature));
+    }
 }
@@ -418,4 +418,34 @@ public function testOIDGarbage()
         $decoded = $asn1->decodeBER($em);
         $this->assertFalse($decoded[0]);
     }
+
+    public function testConstructedMismatch()
+    {
+        $asn1 = new ASN1();
+
+        $em = pack('H*', '1031300d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
+        $decoded = $asn1->decodeBER($em);
+        $this->assertFalse($decoded[0]);
+
+        $em = pack('H*', '3031100d0609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
+        $decoded = $asn1->decodeBER($em);
+        $this->assertFalse($decoded[0]);
+
+        $em = pack('H*', '3031300d2609608648016503040201050004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
+        $decoded = $asn1->decodeBER($em);
+        $this->assertFalse($decoded[0]);
+
+        $em = pack('H*', '3031300d06096086480165030402012d0004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
+        $decoded = $asn1->decodeBER($em);
+        $this->assertFalse($decoded[0]);
+    }
+
+    public function testBadTagSecondOctet()
+    {
+        $asn1 = new ASN1();
+
+        $em = pack('H*', '3033300f1f808080060960864801650304020104207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
+        $decoded = $asn1->decodeBER($em);
+        $this->assertFalse($decoded[0]);
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -494,7 +494,9 @@ function _decode_ber($encoded, $start = 0, $encoded_pos = 0)`
`494`	`494`	`return false;`
`495`	`495`	`}`
`496`	`496`	`$current['content'] = $this->_decodeTime(substr($content, $content_pos), $tag);`
	`497`	`+ break;`
`497`	`498`	`default:`
	`499`	`+ return false;`
`498`	`500`	`}`
`499`	`501`
`500`	`502`	`$start+= $length;`