Fix for breaking change in phpseclib

Author: danog

psalm-baseline.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="dev-master@cdceda044f0255e4eb1da0557ff1479e6d317e01">
+<files psalm-version="dev-master@0df8d6882bef149abbe640774a1c4097cc97ba8c">
   <file src="src/API.php">
     <ArgumentTypeCoercion>
       <code><![CDATA[$settings]]></code>
@@ -186,7 +186,6 @@
   <file src="src/Broadcast/Broadcast.php">
     <DocblockTypeContradiction>
       <code><![CDATA[$this->broadcasts[$id]]]></code>
-      <code><![CDATA[$this->broadcasts[$id]]]></code>
     </DocblockTypeContradiction>
     <MixedArrayAccess>
       <code><![CDATA[$message['media']['_']]]></code>
@@ -197,7 +196,6 @@
     </MixedAssignment>
     <RedundantConditionGivenDocblockType>
       <code><![CDATA[$this->broadcasts[$id]?->cancel()]]></code>
-      <code><![CDATA[$this->broadcasts[$id]?->getProgress()]]></code>
     </RedundantConditionGivenDocblockType>
   </file>
   <file src="src/Broadcast/InternalState.php">
@@ -615,9 +613,6 @@
       <code><![CDATA[$this->periodicLoops]]></code>
       <code><![CDATA[array<string, PeriodicLoop>]]></code>
     </MixedReturnTypeCoercion>
-    <PossiblyNullArgument>
-      <code><![CDATA[$methodRefl->getParameters()[0]->getType()]]></code>
-    </PossiblyNullArgument>
     <PossiblyNullReference>
       <code><![CDATA[getDbSettings]]></code>
       <code><![CDATA[rethrowInner]]></code>
@@ -7610,6 +7605,9 @@
     <TaintedFile>
       <code><![CDATA[Tools::absolute($file)]]></code>
     </TaintedFile>
+    <TaintedSSRF>
+      <code><![CDATA[Tools::absolute($file)]]></code>
+    </TaintedSSRF>
   </file>
   <file src="src/TL/TLConstructors.php">
     <MissingReturnType>

src/API.php

@@ -51,7 +51,7 @@ final class API extends AbstractAPI
      *
      * @var string
      */
-    public const RELEASE = '8.6.1';
+    public const RELEASE = '8.6.2';
     /**
      * We're not logged in.
      *

src/MTProto.php

@@ -231,19 +231,19 @@ final class MTProto implements TLCallback, LoggerGetter, SettingsGetter
      *
      * @var array<RSA>
      */
-    private array $rsa_keys = [];
+    private array $rsaKeys = [];
     /**
      * RSA keys.
      *
      * @var array<RSA>
      */
-    private array $test_rsa_keys = [];
+    private array $testRsaKeys = [];
     /**
      * CDN RSA keys.
      *
      * @var array<RSA>
      */
-    private array $cdn_rsa_keys = [];
+    private array $cdnRsaKeys = [];
     /**
      * Diffie-hellman config.
      *
@@ -489,11 +489,11 @@ public function serializeSession(object $data)
     public function findRsaKey(array $fps, bool $test, bool $cdn): ?RSA
     {
         if ($cdn) {
-            $list = $this->cdn_rsa_keys;
+            $list = $this->cdnRsaKeys;
         } elseif ($test) {
-            $list = $this->test_rsa_keys;
+            $list = $this->testRsaKeys;
         } else {
-            $list = $this->rsa_keys;
+            $list = $this->rsaKeys;
         }
 
         foreach ($list as $curkey) {
@@ -673,15 +673,15 @@ private function initialize(Settings|SettingsEmpty $settings): void
         // Actually instantiate needed classes like a boss
         $this->cleanupProperties();
         // Load rsa keys
-        $this->rsa_keys = [];
+        $this->rsaKeys = [];
         foreach ($this->settings->getConnection()->getRSAKeys() as $key) {
             $key = RSA::load($this->TL, $key);
-            $this->rsa_keys[$key->fp] = $key;
+            $this->rsaKeys[$key->fp] = $key;
         }
-        $this->test_rsa_keys = [];
+        $this->testRsaKeys = [];
         foreach ($this->settings->getConnection()->getTestRSAKeys() as $key) {
             $key = RSA::load($this->TL, $key);
-            $this->test_rsa_keys[$key->fp] = $key;
+            $this->testRsaKeys[$key->fp] = $key;
         }
         // (re)-initialize TL
         $callbacks = [$this, $this->peerDatabase];
@@ -795,8 +795,9 @@ public function __sleep(): array
             'loginState',
 
             // Authorization cache
-            'rsa_keys',
-            'test_rsa_keys',
+            'rsaKeys',
+            'testRsaKeys',
+            'cdnRsaKeys',
             'dh_config',
 
             // Update state
@@ -1519,7 +1520,7 @@ public function getCdnConfig(): void
         try {
             foreach (($this->methodCallAsyncRead('help.getCdnConfig', [], $this->loginState->getState()->authorizedDc))['public_keys'] as $curkey) {
                 $curkey = RSA::load($this->TL, $curkey['public_key']);
-                $this->cdn_rsa_keys[$curkey->fp] = $curkey;
+                $this->cdnRsaKeys[$curkey->fp] = $curkey;
             }
         } catch (\danog\MadelineProto\TL\Exception $e) {
             $this->logger->logger($e->getMessage(), Logger::FATAL_ERROR);

src/MTProtoSession/AuthKeyHandler.php

@@ -166,13 +166,24 @@ public function createAuthKey(bool $temp): void
                 }
                 $data_with_padding = $p_q_inner_data.Tools::random(192 - \strlen($p_q_inner_data));
                 $data_pad_reversed = strrev($data_with_padding);
-                do {
+
+                for ($tryInner = 0; $tryInner < 10; $tryInner++) {
                     $temp_key = Tools::random(32);
                     $data_with_hash = $data_pad_reversed.hash('sha256', $temp_key.$data_with_padding, true);
                     $aes_encrypted = Crypt::igeEncrypt($data_with_hash, $temp_key, str_repeat("\0", 32));
                     $temp_key_xor = $temp_key ^ hash('sha256', $aes_encrypted, true);
                     $key_aes_encrypted_bigint = new BigInteger($temp_key_xor.$aes_encrypted, 256);
-                } while ($key_aes_encrypted_bigint->compare($key->n) >= 0);
+
+                    $ok = $key_aes_encrypted_bigint->compare($key->n) < 0;
+                    if ($ok) {
+                        break;
+                    }
+                }
+
+                if (!$ok) {
+                    throw new SecurityException('Failed to generate a valid payload within 10 attempts.');
+                }
+
                 $encrypted_data = $key->encrypt($key_aes_encrypted_bigint);
                 $this->API->logger('Starting Diffie Hellman key exchange', Logger::VERBOSE);
                 /*