diff --git a/composer.lock b/composer.lock index de4b58868..52a519098 100644 --- a/composer.lock +++ b/composer.lock @@ -2961,16 +2961,16 @@ }, { "name": "phpseclib/phpseclib", - "version": "2.0.40", + "version": "2.0.47", "source": { "type": "git", "url": "https://github.com/phpseclib/phpseclib.git", - "reference": "5ef6f8376ddad21f3ce1da429950f7e00ec2292c" + "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/5ef6f8376ddad21f3ce1da429950f7e00ec2292c", - "reference": "5ef6f8376ddad21f3ce1da429950f7e00ec2292c", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/b7d7d90ee7df7f33a664b4aea32d50a305d35adb", + "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb", "shasum": "" }, "require": { @@ -3051,7 +3051,7 @@ ], "support": { "issues": "https://github.com/phpseclib/phpseclib/issues", - "source": "https://github.com/phpseclib/phpseclib/tree/2.0.40" + "source": "https://github.com/phpseclib/phpseclib/tree/2.0.47" }, "funding": [ { @@ -3067,7 +3067,7 @@ "type": "tidelift" } ], - "time": "2022-12-17T17:22:59+00:00" + "time": "2024-02-26T04:55:38+00:00" }, { "name": "pimple/pimple", diff --git a/composer/installed.json b/composer/installed.json index a13053f51..43f368092 100644 --- a/composer/installed.json +++ b/composer/installed.json @@ -3090,17 +3090,17 @@ }, { "name": "phpseclib/phpseclib", - "version": "2.0.40", - "version_normalized": "2.0.40.0", + "version": "2.0.47", + "version_normalized": "2.0.47.0", "source": { "type": "git", "url": "https://github.com/phpseclib/phpseclib.git", - "reference": "5ef6f8376ddad21f3ce1da429950f7e00ec2292c" + "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/5ef6f8376ddad21f3ce1da429950f7e00ec2292c", - "reference": "5ef6f8376ddad21f3ce1da429950f7e00ec2292c", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/b7d7d90ee7df7f33a664b4aea32d50a305d35adb", + "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb", "shasum": "" }, "require": { @@ -3118,7 +3118,7 @@ "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.", "ext-xml": "Install the XML extension to load XML formatted public keys." }, - "time": "2022-12-17T17:22:59+00:00", + "time": "2024-02-26T04:55:38+00:00", "type": "library", "installation-source": "dist", "autoload": { @@ -3183,7 +3183,7 @@ ], "support": { "issues": "https://github.com/phpseclib/phpseclib/issues", - "source": "https://github.com/phpseclib/phpseclib/tree/2.0.40" + "source": "https://github.com/phpseclib/phpseclib/tree/2.0.47" }, "funding": [ { diff --git a/composer/installed.php b/composer/installed.php index f2337fab8..20ca2c2c2 100644 --- a/composer/installed.php +++ b/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'nextcloud/3rdparty', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => 'a7f0f5d93a0d9a947b4d3676d6344824d8490eab', + 'reference' => '2292aeac89a39167ee4916f3930aa47961b9a88d', 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -328,7 +328,7 @@ 'nextcloud/3rdparty' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => 'a7f0f5d93a0d9a947b4d3676d6344824d8490eab', + 'reference' => '2292aeac89a39167ee4916f3930aa47961b9a88d', 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), @@ -437,9 +437,9 @@ 'dev_requirement' => false, ), 'phpseclib/phpseclib' => array( - 'pretty_version' => '2.0.40', - 'version' => '2.0.40.0', - 'reference' => '5ef6f8376ddad21f3ce1da429950f7e00ec2292c', + 'pretty_version' => '2.0.47', + 'version' => '2.0.47.0', + 'reference' => 'b7d7d90ee7df7f33a664b4aea32d50a305d35adb', 'type' => 'library', 'install_path' => __DIR__ . '/../phpseclib/phpseclib', 'aliases' => array(), diff --git a/phpseclib/phpseclib/phpseclib/Crypt/AES.php b/phpseclib/phpseclib/phpseclib/Crypt/AES.php index 7d8cb8b03..9903db105 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/AES.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/AES.php @@ -84,43 +84,13 @@ function setBlockLength($length) */ function setKeyLength($length) { - switch ($length) { - case 160: - $length = 192; - break; - case 224: - $length = 256; - } parent::setKeyLength($length); - } - - /** - * Sets the key. - * - * Rijndael supports five different key lengths, AES only supports three. - * - * @see \phpseclib\Crypt\Rijndael:setKey() - * @see setKeyLength() - * @access public - * @param string $key - */ - function setKey($key) - { - parent::setKey($key); - - if (!$this->explicit_key_length) { - $length = strlen($key); - switch (true) { - case $length <= 16: - $this->key_length = 16; - break; - case $length <= 24: - $this->key_length = 24; - break; - default: - $this->key_length = 32; - } - $this->_setEngine(); + switch ($this->key_length) { + case 20: + $this->key_length = 24; + break; + case 28: + $this->key_length = 32; } } } diff --git a/phpseclib/phpseclib/phpseclib/Crypt/Base.php b/phpseclib/phpseclib/phpseclib/Crypt/Base.php index 7bb357a7b..ab5944cde 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/Base.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/Base.php @@ -514,6 +514,8 @@ function __construct($mode = self::MODE_CBC) switch (true) { // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster case (PHP_OS & "\xDF\xDF\xDF") === 'WIN': + case !function_exists('php_uname'): + case !is_string(php_uname('m')): case (php_uname('m') & "\xDF\xDF\xDF") != 'ARM': case PHP_INT_SIZE == 8: define('CRYPT_BASE_USE_REG_INTVAL', true); diff --git a/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php b/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php index 94552f94c..346c064b8 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php @@ -445,7 +445,7 @@ function isValidEngine($engine) // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not - if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { return false; } if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) { @@ -762,7 +762,7 @@ function _encryptBlock($in) $l = $in[1]; $r = $in[2]; - list($r, $l) = CRYPT_BASE_USE_REG_INTVAL ? + list($r, $l) = PHP_INT_SIZE === 8 ? $this->_encryptBlockHelperFast($l, $r, $sb_0, $sb_1, $sb_2, $sb_3, $p) : $this->_encryptBlockHelperSlow($l, $r, $sb_0, $sb_1, $sb_2, $sb_3, $p); @@ -820,25 +820,26 @@ function _encryptBlockHelperFast($x0, $x1, $sbox0, $sbox1, $sbox2, $sbox3, $p) */ function _encryptBlockHelperSlow($x0, $x1, $sbox0, $sbox1, $sbox2, $sbox3, $p) { + // -16777216 == intval(0xFF000000) on 32-bit PHP installs $x0^= $p[0]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[1]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[2]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[3]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[4]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[5]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[6]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[7]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[8]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[9]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[10]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[11]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[12]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[13]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[14]; - $x1^= $this->safe_intval(($this->safe_intval($sbox0[($x0 & 0xFF000000) >> 24] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[15]; - $x0^= $this->safe_intval(($this->safe_intval($sbox0[($x1 & 0xFF000000) >> 24] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[16]; - - return array($x1 & 0xFFFFFFFF ^ $p[17], $x0 & 0xFFFFFFFF); + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[1]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[2]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[3]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[4]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[5]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[6]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[7]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[8]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[9]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[10]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[11]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[12]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[13]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[14]; + $x1^= $this->safe_intval(($this->safe_intval($sbox0[(($x0 & -16777216) >> 24) & 0xFF] + $sbox1[($x0 & 0xFF0000) >> 16]) ^ $sbox2[($x0 & 0xFF00) >> 8]) + $sbox3[$x0 & 0xFF]) ^ $p[15]; + $x0^= $this->safe_intval(($this->safe_intval($sbox0[(($x1 & -16777216) >> 24) & 0xFF] + $sbox1[($x1 & 0xFF0000) >> 16]) ^ $sbox2[($x1 & 0xFF00) >> 8]) + $sbox3[$x1 & 0xFF]) ^ $p[16]; + + return array($x1 ^ $p[17], $x0); } /** diff --git a/phpseclib/phpseclib/phpseclib/Crypt/DES.php b/phpseclib/phpseclib/phpseclib/Crypt/DES.php index d9244b513..26bd385f5 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/DES.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/DES.php @@ -595,7 +595,7 @@ function isValidEngine($engine) // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not - if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { return false; } $this->cipher_name_openssl_ecb = 'des-ecb'; diff --git a/phpseclib/phpseclib/phpseclib/Crypt/Hash.php b/phpseclib/phpseclib/phpseclib/Crypt/Hash.php index 248b65ef7..5e5d13d4c 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/Hash.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/Hash.php @@ -866,7 +866,7 @@ function _add() $result+= $argument < 0 ? ($argument & 0x7FFFFFFF) + 0x80000000 : $argument; } - if ((php_uname('m') & "\xDF\xDF\xDF") != 'ARM') { + if (function_exists('php_uname') && is_string(php_uname('m')) && (php_uname('m') & "\xDF\xDF\xDF") != 'ARM') { return fmod($result, $mod); } diff --git a/phpseclib/phpseclib/phpseclib/Crypt/RC2.php b/phpseclib/phpseclib/phpseclib/Crypt/RC2.php index 72a15d35d..e0511b32f 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/RC2.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/RC2.php @@ -276,7 +276,7 @@ function isValidEngine($engine) // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not - if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { return false; } if ($this->current_key_length != 128 || strlen($this->orig_key) < 16) { diff --git a/phpseclib/phpseclib/phpseclib/Crypt/RC4.php b/phpseclib/phpseclib/phpseclib/Crypt/RC4.php index 195d97ee3..2e5c05567 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/RC4.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/RC4.php @@ -148,7 +148,7 @@ function isValidEngine($engine) // quoting https://www.openssl.org/news/openssl-3.0-notes.html, OpenSSL 3.0.1 // "Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, RC4, RC5, and DES to the legacy provider" // in theory openssl_get_cipher_methods() should catch this but, on GitHub Actions, at least, it does not - if (version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { + if (defined('OPENSSL_VERSION_TEXT') && version_compare(preg_replace('#OpenSSL (\d+\.\d+\.\d+) .*#', '$1', OPENSSL_VERSION_TEXT), '3.0.1', '>=')) { return false; } if (version_compare(PHP_VERSION, '5.3.7') >= 0) { diff --git a/phpseclib/phpseclib/phpseclib/Crypt/RSA.php b/phpseclib/phpseclib/phpseclib/Crypt/RSA.php index a8fa23156..fec689585 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/RSA.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/RSA.php @@ -570,6 +570,7 @@ function createKey($bits = 1024, $timeout = false, $partial = array()) $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, self::PUBLIC_FORMAT_PKCS1))); // clear the buffer of error strings stemming from a minimalistic openssl.cnf + // https://github.com/php/php-src/issues/11054 talks about other errors this'll pick up while (openssl_error_string() !== false) { } diff --git a/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php b/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php index 7a6be2a67..4665738e1 100644 --- a/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php +++ b/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php @@ -814,7 +814,6 @@ function _setupInlineCrypt() // Generating encrypt code: $init_encrypt.= ' - static $tables; if (empty($tables)) { $tables = &$self->_getTables(); } @@ -871,7 +870,6 @@ function _setupInlineCrypt() // Generating decrypt code: $init_decrypt.= ' - static $invtables; if (empty($invtables)) { $invtables = &$self->_getInvTables(); } @@ -928,7 +926,7 @@ function _setupInlineCrypt() $lambda_functions[$code_hash] = $this->_createInlineCryptFunction( array( - 'init_crypt' => '', + 'init_crypt' => 'static $tables; static $invtables;', 'init_encrypt' => $init_encrypt, 'init_decrypt' => $init_decrypt, 'encrypt_block' => $encrypt_block, diff --git a/phpseclib/phpseclib/phpseclib/File/ASN1.php b/phpseclib/phpseclib/phpseclib/File/ASN1.php index 22e4d9652..dba99de73 100644 --- a/phpseclib/phpseclib/phpseclib/File/ASN1.php +++ b/phpseclib/phpseclib/phpseclib/File/ASN1.php @@ -1176,6 +1176,11 @@ function _decodeOID($content) $oid = array(); $pos = 0; $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 + if ($len > 4096) { + //user_error('Object Identifier size is limited to 4096 bytes'); + return false; + } if (ord($content[$len - 1]) & 0x80) { return false; @@ -1441,7 +1446,7 @@ function convert($in, $from = self::TYPE_UTF8_STRING, $to = self::TYPE_UTF8_STRI return false; } break; - case ($c & 0x80000000) != 0: + case ($c & (PHP_INT_SIZE == 8 ? 0x80000000 : (1 << 31))) != 0: return false; case $c >= 0x04000000: $v .= chr(0x80 | ($c & 0x3F)); diff --git a/phpseclib/phpseclib/phpseclib/File/X509.php b/phpseclib/phpseclib/phpseclib/File/X509.php index 73ecd25de..7b8d96e29 100644 --- a/phpseclib/phpseclib/phpseclib/File/X509.php +++ b/phpseclib/phpseclib/phpseclib/File/X509.php @@ -1321,6 +1321,10 @@ function __construct() '2.5.4.45' => 'id-at-uniqueIdentifier', '2.5.4.72' => 'id-at-role', '2.5.4.16' => 'id-at-postalAddress', + '1.3.6.1.4.1.311.60.2.1.3' => 'jurisdictionOfIncorporationCountryName', + '1.3.6.1.4.1.311.60.2.1.2' => 'jurisdictionOfIncorporationStateOrProvinceName', + '1.3.6.1.4.1.311.60.2.1.1' => 'jurisdictionLocalityName', + '2.5.4.15' => 'id-at-businessCategory', '0.9.2342.19200300.100.1.25' => 'id-domainComponent', '1.2.840.113549.1.9' => 'pkcs-9', @@ -2066,7 +2070,8 @@ function validateURL($url) if ($names = $this->getExtension('id-ce-subjectAltName')) { foreach ($names as $name) { foreach ($name as $key => $value) { - $value = str_replace(array('.', '*'), array('\.', '[^.]*'), $value); + $value = preg_quote($value); + $value = str_replace('\*', '[^.]*', $value); switch ($key) { case 'dNSName': /* From RFC2818 "HTTP over TLS": @@ -2576,6 +2581,20 @@ function _encodeIP($ip) function _translateDNProp($propName) { switch (strtolower($propName)) { + case 'jurisdictionofincorporationcountryname': + case 'jurisdictioncountryname': + case 'jurisdictionc': + return 'jurisdictionOfIncorporationCountryName'; + case 'jurisdictionofincorporationstateorprovincename': + case 'jurisdictionstateorprovincename': + case 'jurisdictionst': + return 'jurisdictionOfIncorporationStateOrProvinceName'; + case 'jurisdictionlocalityname': + case 'jurisdictionl': + return 'jurisdictionLocalityName'; + case 'id-at-businesscategory': + case 'businesscategory': + return 'id-at-businessCategory'; case 'id-at-countryname': case 'countryname': case 'c': diff --git a/phpseclib/phpseclib/phpseclib/Math/BigInteger.php b/phpseclib/phpseclib/phpseclib/Math/BigInteger.php index 8d1291db2..7747a95b6 100644 --- a/phpseclib/phpseclib/phpseclib/Math/BigInteger.php +++ b/phpseclib/phpseclib/phpseclib/Math/BigInteger.php @@ -163,23 +163,23 @@ class BigInteger * * @see __construct() */ - protected static $base; - protected static $baseFull; - protected static $maxDigit; - protected static $msb; + static $base; + static $baseFull; + static $maxDigit; + static $msb; /** * $max10 in greatest $max10Len satisfying * $max10 = 10**$max10Len <= 2**$base. */ - protected static $max10; + static $max10; /** * $max10Len in greatest $max10Len satisfying * $max10 = 10**$max10Len <= 2**$base. */ - protected static $max10Len; - protected static $maxDigit2; + static $max10Len; + static $maxDigit2; /**#@-*/ /** @@ -408,7 +408,7 @@ function __construct($x = 0, $base = 10) $x = substr($x, 1); } - $x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#', '$1', $x); + $x = preg_replace('#^(?:0x)?([A-Fa-f0-9]*).*#s', '$1', $x); $is_negative = false; if ($base < 0 && hexdec($x[0]) >= 8) { @@ -444,7 +444,7 @@ function __construct($x = 0, $base = 10) // (?toBits()); + } + + $max = count($this->value) - 1; + return $max != -1 ? + $max * self::$base + intval(ceil(log($this->value[$max] + 1, 2))) : + 0; + } + + /** + * Return the size of a BigInteger in bytes + * + * @return int + */ + function getLengthInBytes() + { + return (int) ceil($this->getLength() / 8); + } + /** * Copy an object * @@ -3237,6 +3264,11 @@ function randomPrime($arg1, $arg2 = false, $timeout = false) $min = $temp; } + $length = $max->getLength(); + if ($length > 8196) { + user_error('Generation of random prime numbers larger than 8196 has been disabled'); + } + static $one, $two; if (!isset($one)) { $one = new static(1); @@ -3344,7 +3376,14 @@ function _make_odd() */ function isPrime($t = false) { - $length = strlen($this->toBytes()); + $length = $this->getLength(); + // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is + // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is + // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest + // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on + if ($length > 8196) { + user_error('Primality testing is not supported for numbers larger than 8196 bits'); + } if (!$t) { // see HAC 4.49 "Note (controlling the error probability)" diff --git a/phpseclib/phpseclib/phpseclib/Net/SFTP.php b/phpseclib/phpseclib/phpseclib/Net/SFTP.php index 54d76a1b3..28b568062 100644 --- a/phpseclib/phpseclib/phpseclib/Net/SFTP.php +++ b/phpseclib/phpseclib/phpseclib/Net/SFTP.php @@ -318,6 +318,38 @@ class SFTP extends SSH2 */ var $partial_init = false; + /** + * http://tools.ietf.org/html/draft-ietf-secsh-filexfer-13#section-7.1 + * the order, in this case, matters quite a lot - see \phpseclib3\Net\SFTP::_parseAttributes() to understand why + * + * @var array + * @access private + */ + var $attributes = array(); + + /** + * @var array + * @access private + */ + var $open_flags = array(); + + /** + * SFTPv5+ changed the flags up: + * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13#section-8.1.1.3 + * + * @var array + * @access private + */ + var $open_flags5 = array(); + + /** + * http://tools.ietf.org/html/draft-ietf-secsh-filexfer-04#section-5.2 + * see \phpseclib\Net\SFTP::_parseLongname() for an explanation + * + * @var array + */ + var $file_types = array(); + /** * Default Constructor. * @@ -422,7 +454,7 @@ function __construct($host, $port = 22, $timeout = 10) // yields inconsistent behavior depending on how php is compiled. so we left shift -1 (which, in // two's compliment, consists of all 1 bits) by 31. on 64-bit systems this'll yield 0xFFFFFFFF80000000. // that's not a problem, however, and 'anded' and a 32-bit number, as all the leading 1 bits are ignored. - (PHP_INT_SIZE == 4 ? -1 : 0xFFFFFFFF) => 'NET_SFTP_ATTR_EXTENDED' + (PHP_INT_SIZE == 4 ? (-1 << 31) : 0x80000000) => 'NET_SFTP_ATTR_EXTENDED' ); $this->open_flags = array( 0x00000001 => 'NET_SFTP_OPEN_READ', @@ -839,7 +871,7 @@ function _logError($response, $status = -1) $error = $this->status_codes[$status]; - if ($this->version > 2 || strlen($response) < 4) { + if ($this->version > 2) { extract(unpack('Nlength', $this->_string_shift($response, 4))); $this->sftp_errors[] = $error . ': ' . $this->_string_shift($response, $length); } else { @@ -891,7 +923,7 @@ function _realpath($path) } $parts = explode('/', $path); - $afterPWD = $beforePWD = []; + $afterPWD = $beforePWD = array(); foreach ($parts as $part) { switch ($part) { //case '': // some SFTP servers /require/ double /'s. see https://github.com/phpseclib/phpseclib/pull/1137 @@ -2280,7 +2312,7 @@ function put($remote_file, $data, $mode = self::SOURCE_STRING, $start = -1, $loc if ($start >= 0) { $offset = $start; - } elseif ($mode & self::RESUME) { + } elseif ($mode & (self::RESUME | self::RESUME_START)) { // if NET_SFTP_OPEN_APPEND worked as it should _size() wouldn't need to be called $size = $this->size($remote_file); $offset = $size !== false ? $size : 0; @@ -2353,7 +2385,11 @@ function put($remote_file, $data, $mode = self::SOURCE_STRING, $start = -1, $loc if ($local_start >= 0) { fseek($fp, $local_start); $size-= $local_start; + } elseif ($mode & self::RESUME) { + fseek($fp, $offset); + $size-= $offset; } + } elseif ($dataCallback) { $size = 0; } else { @@ -2657,14 +2693,6 @@ function get($remote_file, $local_file = false, $offset = 0, $length = -1, $prog } } - if ($length > 0 && $length <= $offset - $start) { - if ($local_file === false) { - $content = substr($content, 0, $length); - } else { - ftruncate($fp, $length + $res_offset); - } - } - if ($fclose_check) { fclose($fp); @@ -3612,6 +3640,7 @@ function _reset_connection($reason) $this->use_request_id = false; $this->pwd = false; $this->requestBuffer = array(); + $this->partial_init = false; } /** @@ -3760,7 +3789,7 @@ function getSFTPLog() } /** - * Returns all errors + * Returns all errors on the SFTP layer * * @return array * @access public @@ -3771,7 +3800,7 @@ function getSFTPErrors() } /** - * Returns the last error + * Returns the last error on the SFTP layer * * @return string * @access public diff --git a/phpseclib/phpseclib/phpseclib/Net/SSH1.php b/phpseclib/phpseclib/phpseclib/Net/SSH1.php index e372b8b92..fc8d2acd8 100644 --- a/phpseclib/phpseclib/phpseclib/Net/SSH1.php +++ b/phpseclib/phpseclib/phpseclib/Net/SSH1.php @@ -205,6 +205,10 @@ class SSH1 * Dumps the content real-time to a file */ const LOG_REALTIME_FILE = 4; + /** + * Make sure that the log never gets larger than this + */ + const LOG_MAX_SIZE = 1048576; // 1024 * 1024 /**#@-*/ /**#@+ @@ -360,7 +364,7 @@ class SSH1 * @var array * @access private */ - var $protocol_flag_log = array(); + var $protocol_flags_log = array(); /** * Message Log @@ -407,6 +411,18 @@ class SSH1 */ var $interactiveBuffer = ''; + /** + * Current log size + * + * Should never exceed self::LOG_MAX_SIZE + * + * @see self::_send_binary_packet() + * @see self::_get_binary_packet() + * @var int + * @access private + */ + var $log_size; + /** * Timeout * @@ -1418,7 +1434,7 @@ function getLog() switch (NET_SSH1_LOGGING) { case self::LOG_SIMPLE: - return $this->message_number_log; + return $this->protocol_flags_log; break; case self::LOG_COMPLEX: return $this->_format_log($this->message_log, $this->protocol_flags_log); diff --git a/phpseclib/phpseclib/phpseclib/Net/SSH2.php b/phpseclib/phpseclib/phpseclib/Net/SSH2.php index 03b50f620..607cc2145 100644 --- a/phpseclib/phpseclib/phpseclib/Net/SSH2.php +++ b/phpseclib/phpseclib/phpseclib/Net/SSH2.php @@ -402,6 +402,14 @@ class SSH2 */ var $decrypt = false; + /** + * Decryption Algorithm Name + * + * @var string|null + * @access private + */ + var $decryptName; + /** * Client to Server Encryption Object * @@ -411,6 +419,14 @@ class SSH2 */ var $encrypt = false; + /** + * Encryption Algorithm Name + * + * @var string|null + * @access private + */ + var $encryptName; + /** * Client to Server HMAC Object * @@ -420,6 +436,13 @@ class SSH2 */ var $hmac_create = false; + /** + * Client to Server HMAC Name + * + * @var string|false + */ + private $hmac_create_name; + /** * Server to Client HMAC Object * @@ -429,6 +452,13 @@ class SSH2 */ var $hmac_check = false; + /** + * Server to Client HMAC Name + * + * @var string|false + */ + var $hmac_check_name; + /** * Size of server to client HMAC * @@ -1066,10 +1096,20 @@ class SSH2 */ var $smartMFA = true; + /** + * Extra packets counter + * + * @var bool + * @access private + */ + var $extra_packets; + /** * Default Constructor. * * $host can either be a string, representing the host, or a stream resource. + * If $host is a stream resource then $port doesn't do anything, altho $timeout + * still will be used * * @param mixed $host * @param int $port @@ -1087,6 +1127,7 @@ function __construct($host, $port = 22, $timeout = 10) 4 => 'NET_SSH2_MSG_DEBUG', 5 => 'NET_SSH2_MSG_SERVICE_REQUEST', 6 => 'NET_SSH2_MSG_SERVICE_ACCEPT', + 7 => 'NET_SSH2_MSG_EXT_INFO', // RFC 8308 20 => 'NET_SSH2_MSG_KEXINIT', 21 => 'NET_SSH2_MSG_NEWKEYS', 30 => 'NET_SSH2_MSG_KEXDH_INIT', @@ -1159,6 +1200,8 @@ function __construct($host, $port = 22, $timeout = 10) 31 => 'NET_SSH2_MSG_KEX_ECDH_REPLY') ); + $this->timeout = $timeout; + if (is_resource($host)) { $this->fsock = $host; return; @@ -1167,7 +1210,6 @@ function __construct($host, $port = 22, $timeout = 10) if (is_string($host)) { $this->host = $host; $this->port = $port; - $this->timeout = $timeout; } } @@ -1471,6 +1513,8 @@ function _key_exchange($kexinit_payload_server = false) $preferred['client_to_server']['comp'] : $this->getSupportedCompressionAlgorithms(); + $kex_algorithms = array_merge($kex_algorithms, array('ext-info-c', 'kex-strict-c-v00@openssh.com')); + // some SSH servers have buggy implementations of some of the above algorithms switch (true) { case $this->server_identifier == 'SSH-2.0-SSHD': @@ -1533,6 +1577,7 @@ function _key_exchange($kexinit_payload_server = false) return false; } + $this->extra_packets = 0; $kexinit_payload_server = $this->_get_binary_packet(); if ($kexinit_payload_server === false) { $this->bitmap = 0; @@ -1557,6 +1602,12 @@ function _key_exchange($kexinit_payload_server = false) } $temp = unpack('Nlength', $this->_string_shift($response, 4)); $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length'])); + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + if ($this->session_id === false && $this->extra_packets) { + user_error('Possible Terrapin Attack detected'); + return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + } + } if (strlen($response) < 4) { return false; @@ -1963,6 +2014,10 @@ function _key_exchange($kexinit_payload_server = false) return false; } + if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) { + $this->get_seq_no = $this->send_seq_no = 0; + } + $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes); $this->encrypt = $this->_encryption_algorithm_to_crypt_instance($encrypt); @@ -1992,7 +2047,7 @@ function _key_exchange($kexinit_payload_server = false) } $this->encrypt->setKey(substr($key, 0, $encryptKeyLength)); - $this->encrypt->name = $decrypt; + $this->encryptName = $encrypt; } $this->decrypt = $this->_encryption_algorithm_to_crypt_instance($decrypt); @@ -2022,7 +2077,7 @@ function _key_exchange($kexinit_payload_server = false) } $this->decrypt->setKey(substr($key, 0, $decryptKeyLength)); - $this->decrypt->name = $decrypt; + $this->decryptName = $decrypt; } /* The "arcfour128" algorithm is the RC4 cipher, as described in @@ -2067,7 +2122,7 @@ function _key_exchange($kexinit_payload_server = false) $this->hmac_create = new Hash('md5-96'); $createKeyLength = 16; } - $this->hmac_create->name = $mac_algorithm_out; + $this->hmac_create_name = $mac_algorithm_out; $checkKeyLength = 0; $this->hmac_size = 0; @@ -2097,7 +2152,7 @@ function _key_exchange($kexinit_payload_server = false) $checkKeyLength = 16; $this->hmac_size = 12; } - $this->hmac_check->name = $mac_algorithm_in; + $this->hmac_check_name = $mac_algorithm_in; $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'E' . $this->session_id); while ($createKeyLength > strlen($key)) { @@ -2237,7 +2292,9 @@ function _bad_algorithm_candidate($algorithm) function login($username) { $args = func_get_args(); - $this->auth[] = $args; + if (!$this->retry_connect) { + $this->auth[] = $args; + } // try logging with 'none' as an authentication method first since that's what // PuTTY does @@ -2380,6 +2437,35 @@ function _login_helper($username, $password = null) } extract(unpack('Ctype', $this->_string_shift($response, 1))); + if ($type == NET_SSH2_MSG_EXT_INFO) { + if (strlen($response) < 4) { + return false; + } + $nr_extensions = unpack('Nlength', $this->_string_shift($response, 4)); + for ($i = 0; $i < $nr_extensions['length']; $i++) { + if (strlen($response) < 4) { + return false; + } + $temp = unpack('Nlength', $this->_string_shift($response, 4)); + $extension_name = $this->_string_shift($response, $temp['length']); + if ($extension_name == 'server-sig-algs') { + if (strlen($response) < 4) { + return false; + } + $temp = unpack('Nlength', $this->_string_shift($response, 4)); + $this->supported_private_key_algorithms = explode(',', $this->_string_shift($response, $temp['length'])); + } + } + + $response = $this->_get_binary_packet(); + if ($response === false) { + $this->bitmap = 0; + user_error('Connection closed by server'); + return false; + } + extract(unpack('Ctype', $this->_string_shift($response, 1))); + } + if ($type != NET_SSH2_MSG_SERVICE_ACCEPT) { user_error('Expected SSH_MSG_SERVICE_ACCEPT'); return false; @@ -2745,9 +2831,9 @@ function _privatekey_login($username, $privatekey) $publickey['n'] ); - $algos = ['rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa']; + $algos = array('rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa'); if (isset($this->preferred['hostkey'])) { - $algos = array_intersect($this->preferred['hostkey'], $algos); + $algos = array_intersect($algos, $this->preferred['hostkey']); } $algo = $this->_array_intersect_first($algos, $this->supported_private_key_algorithms); @@ -2860,6 +2946,16 @@ function _privatekey_login($username, $privatekey) return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION); } + /** + * Return the currently configured timeout + * + * @return int + */ + function getTimeout() + { + return $this->timeout; + } + /** * Set Timeout * @@ -3388,7 +3484,7 @@ function __destruct() */ function isConnected() { - return (bool) ($this->bitmap & self::MASK_CONNECTED); + return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock); } /** @@ -3553,6 +3649,9 @@ function _get_binary_packet($skip_channel_filter = false) } $start = microtime(true); + $sec = (int) floor($this->curTimeout); + $usec = (int) (1000000 * ($this->curTimeout - $sec)); + stream_set_timeout($this->fsock, $sec, $usec); $raw = stream_get_contents($this->fsock, $this->decrypt_block_size); if (!strlen($raw)) { @@ -3579,7 +3678,7 @@ function _get_binary_packet($skip_channel_filter = false) // "implementations SHOULD check that the packet length is reasonable" // PuTTY uses 0x9000 as the actual max packet size and so to shall we if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) { - if (!$this->bad_key_size_fix && $this->_bad_algorithm_candidate($this->decrypt->name) && !($this->bitmap & SSH2::MASK_LOGIN)) { + if (!$this->bad_key_size_fix && $this->_bad_algorithm_candidate($this->decryptName) && !($this->bitmap & SSH2::MASK_LOGIN)) { $this->bad_key_size_fix = true; $this->_reset_connection(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); return false; @@ -3692,9 +3791,11 @@ function _filter($payload, $skip_channel_filter) $this->bitmap = 0; return false; case NET_SSH2_MSG_IGNORE: + $this->extra_packets++; $payload = $this->_get_binary_packet($skip_channel_filter); break; case NET_SSH2_MSG_DEBUG: + $this->extra_packets++; $this->_string_shift($payload, 2); if (strlen($payload) < 4) { return false; @@ -3706,6 +3807,7 @@ function _filter($payload, $skip_channel_filter) case NET_SSH2_MSG_UNIMPLEMENTED: return false; case NET_SSH2_MSG_KEXINIT: + // this is here for key re-exchanges after the initial key exchange if ($this->session_id !== false) { $this->send_kex_first = false; if (!$this->_key_exchange($payload)) { @@ -4602,7 +4704,9 @@ function _array_intersect_first($array1, $array2) } /** - * Returns all errors + * Returns all errors / debug messages on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors() * * @return string[] * @access public @@ -4613,7 +4717,9 @@ function getErrors() } /** - * Returns the last error + * Returns the last error received on the SSH layer + * + * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError() * * @return string * @access public @@ -4984,13 +5090,13 @@ function getAlgorithmsNegotiated() 'kex' => $this->kex_algorithm, 'hostkey' => $this->signature_format, 'client_to_server' => array( - 'crypt' => $this->encrypt->name, - 'mac' => $this->hmac_create->name, + 'crypt' => $this->encryptName, + 'mac' => $this->hmac_create_name, 'comp' => $compression_map[$this->compress], ), 'server_to_client' => array( - 'crypt' => $this->decrypt->name, - 'mac' => $this->hmac_check->name, + 'crypt' => $this->decryptName, + 'mac' => $this->hmac_check_name, 'comp' => $compression_map[$this->decompress], ) );