6 files changed, 55 insertions, 8 deletions
diff --git a/Auth/OpenID.php b/Auth/OpenID.php
index 354e2db..88124cf 100644
--- a/Auth/OpenID.php
+++ b/Auth/OpenID.php
@@ -491,6 +491,38 @@ class Auth_OpenID {
 
         return intval($value);
     }
+
+    /**
+     * Count the number of bytes in a string independently of
+     * multibyte support conditions.
+     *
+     * @param string $str The string of bytes to count.
+     * @return int The number of bytes in $str.
+     */
+    function bytes($str)
+    {
+        return strlen(bin2hex($str)) / 2;
+    }
+
+    /**
+     * Get the bytes in a string independently of multibyte support
+     * conditions.
+     */
+    function toBytes($str)
+    {
+        $hex = bin2hex($str);
+
+        if (!$hex) {
+            return array();
+        }
+
+        $b = array();
+        for ($i = 0; $i < strlen($hex); $i += 2) {
+            $b[] = chr(base_convert(substr($hex, $i, 2), 16, 10));
+        }
+
+        return $b;
+    }
 }
 
 ?>
 \ No newline at end of file
diff --git a/Auth/OpenID/BigMath.php b/Auth/OpenID/BigMath.php
index c4c75f6..f8188a3 100644
--- a/Auth/OpenID/BigMath.php
+++ b/Auth/OpenID/BigMath.php
@@ -21,6 +21,11 @@
 require_once 'Auth/OpenID/CryptUtil.php';
 
 /**
+ * Need Auth_OpenID::bytes().
+ */
+require_once 'Auth/OpenID.php';
+
+/**
  * The superclass of all big-integer math implementations
  * @access private
  * @package OpenID
@@ -145,9 +150,9 @@ class Auth_OpenID_MathLibrary {
             list($duplicate, $nbytes) = $duplicate_cache[$rbytes];
         } else {
             if ($rbytes[0] == "\x00") {
-                $nbytes = strlen($rbytes) - 1;
+                $nbytes = Auth_OpenID::bytes($rbytes) - 1;
             } else {
-                $nbytes = strlen($rbytes);
+                $nbytes = Auth_OpenID::bytes($rbytes);
             }
 
             $mxrand = $this->pow(256, $nbytes);
@@ -446,4 +451,4 @@ function &Auth_OpenID_getMathLib()
     return $lib;
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/Auth/OpenID/DiffieHellman.php b/Auth/OpenID/DiffieHellman.php
index 0551390..9b99909 100644
--- a/Auth/OpenID/DiffieHellman.php
+++ b/Auth/OpenID/DiffieHellman.php
@@ -14,6 +14,7 @@
  * @license http://www.gnu.org/copyleft/lesser.html LGPL
  */
 
+require_once 'Auth/OpenID.php';
 require_once 'Auth/OpenID/BigMath.php';
 require_once 'Auth/OpenID/HMACSHA1.php';
 
@@ -123,7 +124,7 @@ class Auth_OpenID_DiffieHellman {
         $hash_dh_shared = $hash_func($dh_shared_str);
 
         $xsecret = "";
-        for ($i = 0; $i < strlen($secret); $i++) {
+        for ($i = 0; $i < Auth_OpenID::bytes($secret); $i++) {
             $xsecret .= chr(ord($secret[$i]) ^ ord($hash_dh_shared[$i]));
         }
 
diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php
index acf0dd2..dba0e4d 100644
--- a/Auth/OpenID/FileStore.php
+++ b/Auth/OpenID/FileStore.php
@@ -560,8 +560,10 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
     function _filenameEscape($str)
     {
         $filename = "";
-        for ($i = 0; $i < strlen($str); $i++) {
-            $c = $str[$i];
+        $b = Auth_OpenID::toBytes($str);
+
+        for ($i = 0; $i < count($b); $i++) {
+            $c = $b[$i];
             if (Auth_OpenID_FileStore::_isFilenameSafe($c)) {
                 $filename .= $c;
             } else {
diff --git a/Auth/OpenID/HMACSHA1.php b/Auth/OpenID/HMACSHA1.php
index 928525b..9fc293e 100644
--- a/Auth/OpenID/HMACSHA1.php
+++ b/Auth/OpenID/HMACSHA1.php
@@ -14,6 +14,8 @@
  * @license http://www.gnu.org/copyleft/lesser.html LGPL
  */
 
+require_once 'Auth/OpenID.php';
+
 /**
  * SHA1_BLOCKSIZE is this module's SHA1 blocksize used by the fallback
  * implementation.
@@ -54,7 +56,7 @@ function Auth_OpenID_SHA1($text)
  */
 function Auth_OpenID_HMACSHA1($key, $text)
 {
-    if (strlen($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
+    if (Auth_OpenID::bytes($key) > Auth_OpenID_SHA1_BLOCKSIZE) {
         $key = Auth_OpenID_SHA1($key, true);
     }
 
diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php
index 5829f18..b71729d 100644
--- a/Auth/OpenID/SQLStore.php
+++ b/Auth/OpenID/SQLStore.php
@@ -29,6 +29,11 @@ $__Auth_OpenID_PEAR_AVAILABLE = @include_once 'DB.php';
 require_once 'Auth/OpenID/Interface.php';
 
 /**
+ * @access private
+ */
+require_once 'Auth/OpenID.php';
+
+/**
  * This is the parent class for the SQL stores, which contains the
  * logic common to all of the SQL stores.
  *
@@ -494,7 +499,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
     function _octify($str)
     {
         $result = "";
-        for ($i = 0; $i < strlen($str); $i++) {
+        for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
             $ch = substr($str, $i, 1);
             if ($ch == "\\") {
                 $result .= "\\\\\\\\";