[Security] Bump phpseclib/phpseclib from 2.0.25 to 2.0.31

Bumps [phpseclib/phpseclib](https://github.com/phpseclib/phpseclib) from 2.0.25 to 2.0.31. **This update includes a security fix.**
- [Release notes](https://github.com/phpseclib/phpseclib/releases)
- [Changelog](https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md)
- [Commits](phpseclib/phpseclib@2.0.25...2.0.31)

Signed-off-by: dependabot-preview[bot] <[email protected]>
Signed-off-by: Christoph Wurst <[email protected]>

composer.json

@@ -30,7 +30,7 @@
 		"patchwork/utf8": "1.3.1",
 		"pear/archive_tar": "1.4.12",
 		"pear/pear-core-minimal": "^v1.10",
-		"phpseclib/phpseclib": "2.0.25",
+		"phpseclib/phpseclib": "2.0.31",
 		"php-opencloud/openstack": "3.0.7",
 		"pimple/pimple": "3.2.3",
 		"punic/punic": "^1.6",

composer/installed.json

@@ -2932,26 +2932,25 @@
     },
     {
         "name": "phpseclib/phpseclib",
-        "version": "2.0.25",
-        "version_normalized": "2.0.25.0",
+        "version": "2.0.31",
+        "version_normalized": "2.0.31.0",
         "source": {
             "type": "git",
             "url": "https://github.com/phpseclib/phpseclib.git",
-            "reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0"
+            "reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
-            "reference": "c18159618ed7cd7ff721ac1a8fec7860a475d2f0",
+            "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/233a920cb38636a43b18d428f9a8db1f0a1a08f4",
+            "reference": "233a920cb38636a43b18d428f9a8db1f0a1a08f4",
             "shasum": ""
         },
         "require": {
             "php": ">=5.3.3"
         },
         "require-dev": {
             "phing/phing": "~2.7",
-            "phpunit/phpunit": "^4.8.35|^5.7|^6.0",
-            "sami/sami": "~2.0",
+            "phpunit/phpunit": "^4.8.35|^5.7|^6.0|^9.4",
             "squizlabs/php_codesniffer": "~2.0"
         },
         "suggest": {
@@ -2960,7 +2959,7 @@
             "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
             "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
         },
-        "time": "2020-02-25T04:16:50+00:00",
+        "time": "2021-04-06T13:56:45+00:00",
         "type": "library",
         "installation-source": "dist",
         "autoload": {
@@ -3022,6 +3021,20 @@
             "twofish",
             "x.509",
             "x509"
+        ],
+        "funding": [
+            {
+                "url": "https://github.com/terrafrost",
+                "type": "github"
+            },
+            {
+                "url": "https://www.patreon.com/phpseclib",
+                "type": "patreon"
+            },
+            {
+                "url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib",
+                "type": "tidelift"
+            }
         ]
     },
     {

phpseclib/phpseclib/phpseclib/Crypt/Base.php

@@ -413,7 +413,7 @@ abstract class Base
      * @var mixed
      * @access private
      */
-    var $use_inline_crypt;
+    var $use_inline_crypt = true;
 
     /**
      * If OpenSSL can be used in ECB but not in CTR we can emulate CTR
@@ -495,11 +495,6 @@ function __construct($mode = self::MODE_CBC)
         }
 
         $this->_setEngine();
-
-        // Determining whether inline crypting can be used by the cipher
-        if ($this->use_inline_crypt !== false) {
-            $this->use_inline_crypt = version_compare(PHP_VERSION, '5.3.0') >= 0 || function_exists('create_function');
-        }
     }
 
     /**
@@ -784,12 +779,14 @@ function encrypt($plaintext)
         }
 
         if ($this->engine === self::ENGINE_MCRYPT) {
+            set_error_handler(array($this, 'do_nothing'));
+
             if ($this->changed) {
                 $this->_setupMcrypt();
                 $this->changed = false;
             }
             if ($this->enchanged) {
-                @mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
+                mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
                 $this->enchanged = false;
             }
 
@@ -822,15 +819,15 @@ function encrypt($plaintext)
                 if ($len >= $block_size) {
                     if ($this->enbuffer['enmcrypt_init'] === false || $len > $this->cfb_init_len) {
                         if ($this->enbuffer['enmcrypt_init'] === true) {
-                            @mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
+                            mcrypt_generic_init($this->enmcrypt, $this->key, $iv);
                             $this->enbuffer['enmcrypt_init'] = false;
                         }
-                        $ciphertext.= @mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % $block_size));
+                        $ciphertext.= mcrypt_generic($this->enmcrypt, substr($plaintext, $i, $len - $len % $block_size));
                         $iv = substr($ciphertext, -$block_size);
                         $len%= $block_size;
                     } else {
                         while ($len >= $block_size) {
-                            $iv = @mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, $block_size);
+                            $iv = mcrypt_generic($this->ecb, $iv) ^ substr($plaintext, $i, $block_size);
                             $ciphertext.= $iv;
                             $len-= $block_size;
                             $i+= $block_size;
@@ -839,22 +836,26 @@ function encrypt($plaintext)
                 }
 
                 if ($len) {
-                    $iv = @mcrypt_generic($this->ecb, $iv);
+                    $iv = mcrypt_generic($this->ecb, $iv);
                     $block = $iv ^ substr($plaintext, -$len);
                     $iv = substr_replace($iv, $block, 0, $len);
                     $ciphertext.= $block;
                     $pos = $len;
                 }
 
+                restore_error_handler();
+
                 return $ciphertext;
             }
 
-            $ciphertext = @mcrypt_generic($this->enmcrypt, $plaintext);
+            $ciphertext = mcrypt_generic($this->enmcrypt, $plaintext);
 
             if (!$this->continuousBuffer) {
-                @mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
+                mcrypt_generic_init($this->enmcrypt, $this->key, $this->encryptIV);
             }
 
+            restore_error_handler();
+
             return $ciphertext;
         }
 
@@ -1123,13 +1124,14 @@ function decrypt($ciphertext)
         }
 
         if ($this->engine === self::ENGINE_MCRYPT) {
+            set_error_handler(array($this, 'do_nothing'));
             $block_size = $this->block_size;
             if ($this->changed) {
                 $this->_setupMcrypt();
                 $this->changed = false;
             }
             if ($this->dechanged) {
-                @mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
+                mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
                 $this->dechanged = false;
             }
 
@@ -1157,26 +1159,30 @@ function decrypt($ciphertext)
                 }
                 if ($len >= $block_size) {
                     $cb = substr($ciphertext, $i, $len - $len % $block_size);
-                    $plaintext.= @mcrypt_generic($this->ecb, $iv . $cb) ^ $cb;
+                    $plaintext.= mcrypt_generic($this->ecb, $iv . $cb) ^ $cb;
                     $iv = substr($cb, -$block_size);
                     $len%= $block_size;
                 }
                 if ($len) {
-                    $iv = @mcrypt_generic($this->ecb, $iv);
+                    $iv = mcrypt_generic($this->ecb, $iv);
                     $plaintext.= $iv ^ substr($ciphertext, -$len);
                     $iv = substr_replace($iv, substr($ciphertext, -$len), 0, $len);
                     $pos = $len;
                 }
 
+                restore_error_handler();
+
                 return $plaintext;
             }
 
-            $plaintext = @mdecrypt_generic($this->demcrypt, $ciphertext);
+            $plaintext = mdecrypt_generic($this->demcrypt, $ciphertext);
 
             if (!$this->continuousBuffer) {
-                @mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
+                mcrypt_generic_init($this->demcrypt, $this->key, $this->decryptIV);
             }
 
+            restore_error_handler();
+
             return $this->paddable ? $this->_unpad($plaintext) : $plaintext;
         }
 
@@ -1654,9 +1660,12 @@ function isValidEngine($engine)
                 }
                 return false;
             case self::ENGINE_MCRYPT:
-                return $this->cipher_name_mcrypt &&
+                set_error_handler(array($this, 'do_nothing'));
+                $result = $this->cipher_name_mcrypt &&
                        extension_loaded('mcrypt') &&
-                       in_array($this->cipher_name_mcrypt, @mcrypt_list_algorithms());
+                       in_array($this->cipher_name_mcrypt, mcrypt_list_algorithms());
+                restore_error_handler();
+                return $result;
             case self::ENGINE_INTERNAL:
                 return true;
         }
@@ -1733,17 +1742,19 @@ function _setEngine()
         }
 
         if ($this->engine != self::ENGINE_MCRYPT && $this->enmcrypt) {
+            set_error_handler(array($this, 'do_nothing'));
             // Closing the current mcrypt resource(s). _mcryptSetup() will, if needed,
             // (re)open them with the module named in $this->cipher_name_mcrypt
-            @mcrypt_module_close($this->enmcrypt);
-            @mcrypt_module_close($this->demcrypt);
+            mcrypt_module_close($this->enmcrypt);
+            mcrypt_module_close($this->demcrypt);
             $this->enmcrypt = null;
             $this->demcrypt = null;
 
             if ($this->ecb) {
-                @mcrypt_module_close($this->ecb);
+                mcrypt_module_close($this->ecb);
                 $this->ecb = null;
             }
+            restore_error_handler();
         }
 
         $this->changed = true;
@@ -1856,19 +1867,19 @@ function _setupMcrypt()
                 self::MODE_STREAM => MCRYPT_MODE_STREAM,
             );
 
-            $this->demcrypt = @mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
-            $this->enmcrypt = @mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
+            $this->demcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
+            $this->enmcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], '');
 
             // we need the $ecb mcrypt resource (only) in MODE_CFB with enableContinuousBuffer()
             // to workaround mcrypt's broken ncfb implementation in buffered mode
             // see: {@link http://phpseclib.sourceforge.net/cfb-demo.phps}
             if ($this->mode == self::MODE_CFB) {
-                $this->ecb = @mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, '');
+                $this->ecb = mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, '');
             }
         } // else should mcrypt_generic_deinit be called?
 
         if ($this->mode == self::MODE_CFB) {
-            @mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size));
+            mcrypt_generic_init($this->ecb, $this->key, str_repeat("\0", $this->block_size));
         }
     }
 
@@ -2602,12 +2613,8 @@ function _createInlineCryptFunction($cipher_code)
         }
 
         // Create the $inline function and return its name as string. Ready to run!
-        if (version_compare(PHP_VERSION, '5.3.0') >= 0) {
-            eval('$func = function ($_action, &$self, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' } };');
-            return $func;
-        }
-
-        return create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' }');
+        eval('$func = function ($_action, &$self, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' } };');
+        return $func;
     }
 
     /**
@@ -2636,7 +2643,7 @@ function &_getLambdaFunctions()
      *
      * @see self::_setupInlineCrypt()
      * @access private
-     * @param $bytes
+     * @param string $bytes
      * @return string
      */
     function _hashInlineCryptFunction($bytes)
@@ -2705,4 +2712,13 @@ function safe_intval_inline()
                 return $safeint . '((fmod(floor($temp / 0x80000000), 2) & 1) << 31))';
         }
     }
+
+    /**
+     * Dummy error handler to suppress mcrypt errors
+     *
+     * @access private
+     */
+    function do_nothing()
+    {
+    }
 }

phpseclib/phpseclib/phpseclib/Crypt/Hash.php

@@ -849,7 +849,6 @@ function _not($int)
      * _sha256() adds multiple unsigned 32-bit integers.  Since PHP doesn't support unsigned integers and since the
      * possibility of overflow exists, care has to be taken.  BigInteger could be used but this should be faster.
      *
-     * @param int $...
      * @return int
      * @see self::_sha256()
      * @access private