mirror of
https://github.com/danog/phpseclib.git
synced 2024-12-12 09:09:39 +01:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
d9cc8072ac
@ -327,10 +327,10 @@ class Blowfish extends BlockCipher
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::isValidEngine()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
if ($engine == self::ENGINE_OPENSSL) {
|
||||
if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) {
|
||||
@ -343,7 +343,7 @@ class Blowfish extends BlockCipher
|
||||
$this->cipher_name_openssl = 'bf-' . $this->openssl_translate_mode();
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -299,7 +299,7 @@ abstract class AsymmetricKey
|
||||
* @access private
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
protected function load($key, $type)
|
||||
{
|
||||
@ -339,7 +339,7 @@ abstract class AsymmetricKey
|
||||
* @access private
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
protected function setPublicKey($key, $type)
|
||||
{
|
||||
|
@ -64,7 +64,7 @@ abstract class OpenSSH
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $type
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $type)
|
||||
{
|
||||
|
@ -122,7 +122,7 @@ abstract class PKCS1 extends PKCS
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
protected static function load($key, $password)
|
||||
{
|
||||
|
@ -320,7 +320,7 @@ abstract class PKCS8 extends PKCS
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
protected static function load($key, $password = '')
|
||||
{
|
||||
|
@ -77,7 +77,7 @@ abstract class PuTTY
|
||||
* @param string $publicHandler
|
||||
* @param string $type
|
||||
* @param string $password
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
protected static function load($key, $password)
|
||||
{
|
||||
|
@ -33,7 +33,7 @@ abstract class Raw
|
||||
*
|
||||
* @access public
|
||||
* @param array $sig
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($sig)
|
||||
{
|
||||
|
@ -1712,10 +1712,10 @@ abstract class SymmetricKey
|
||||
*
|
||||
* @see self::__construct()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access private
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
switch ($engine) {
|
||||
case self::ENGINE_OPENSSL:
|
||||
@ -1756,6 +1756,29 @@ abstract class SymmetricKey
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test for engine validity
|
||||
*
|
||||
* @see self::__construct()
|
||||
* @param string $engine
|
||||
* @access public
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
{
|
||||
static $reverseMap;
|
||||
if (!isset($reverseMap)) {
|
||||
$reverseMap = array_map('strtolower', self::ENGINE_MAP);
|
||||
$reverseMap = array_flip($reverseMap);
|
||||
}
|
||||
$engine = strtolower($engine);
|
||||
if (!isset($reverseMap[$engine])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->isValidEngineHelper($reverseMap[$engine]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the preferred crypt engine
|
||||
*
|
||||
@ -1816,7 +1839,7 @@ abstract class SymmetricKey
|
||||
self::ENGINE_EVAL
|
||||
];
|
||||
foreach ($candidateEngines as $engine) {
|
||||
if ($this->isValidEngine($engine)) {
|
||||
if ($this->isValidEngineHelper($engine)) {
|
||||
$this->engine = $engine;
|
||||
break;
|
||||
}
|
||||
|
@ -603,10 +603,10 @@ class DES extends BlockCipher
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::isValidEngine()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
if ($this->key_length_max == 8) {
|
||||
if ($engine == self::ENGINE_OPENSSL) {
|
||||
@ -615,7 +615,7 @@ class DES extends BlockCipher
|
||||
}
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -109,7 +109,7 @@ class DSA extends AsymmetricKey
|
||||
* @access public
|
||||
* @param int $L
|
||||
* @param int $N
|
||||
* @return \phpseclib\Crypt\DSA
|
||||
* @return \phpseclib\Crypt\DSA|bool
|
||||
*/
|
||||
static function createParameters($L = 2048, $N = 224)
|
||||
{
|
||||
@ -183,7 +183,7 @@ class DSA extends AsymmetricKey
|
||||
* - 'publickey': The public key.
|
||||
*
|
||||
* @access public
|
||||
* @return \phpseclib\Crypt\DSA
|
||||
* @return array|DSA
|
||||
*/
|
||||
static function createKey()
|
||||
{
|
||||
|
@ -37,7 +37,7 @@ abstract class OpenSSH extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -46,7 +46,7 @@ abstract class PKCS1 extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -69,7 +69,7 @@ abstract class PKCS8 extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -55,7 +55,7 @@ abstract class PuTTY extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -34,7 +34,7 @@ abstract class Raw
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -39,7 +39,7 @@ abstract class XML
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -36,7 +36,7 @@ abstract class PKCS
|
||||
*
|
||||
* @access public
|
||||
* @param array $key
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($sig)
|
||||
{
|
||||
|
@ -134,7 +134,7 @@ class Hash
|
||||
* Keys can be of any length.
|
||||
*
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string|bool $key
|
||||
*/
|
||||
public function setKey($key = false)
|
||||
{
|
||||
|
@ -284,10 +284,10 @@ class RC2 extends BlockCipher
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::__construct()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
switch ($engine) {
|
||||
case self::ENGINE_OPENSSL:
|
||||
@ -298,7 +298,7 @@ class RC2 extends BlockCipher
|
||||
$this->cipher_name_openssl = 'rc2-' . $this->openssl_translate_mode();
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -139,10 +139,10 @@ class RC4 extends StreamCipher
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::__construct()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
if ($engine == self::ENGINE_OPENSSL) {
|
||||
if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
|
||||
@ -164,7 +164,7 @@ class RC4 extends StreamCipher
|
||||
}
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -71,7 +71,7 @@ abstract class MSBLOB
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -37,7 +37,7 @@ abstract class OpenSSH extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -44,7 +44,7 @@ abstract class PKCS1 extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -70,7 +70,7 @@ abstract class PKCS8 extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -50,7 +50,7 @@ abstract class PuTTY extends Progenitor
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -42,7 +42,7 @@ abstract class Raw
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
@ -95,7 +95,7 @@ abstract class Raw
|
||||
* @access public
|
||||
* @param \phpseclib\Math\BigInteger $n
|
||||
* @param \phpseclib\Math\BigInteger $e
|
||||
* @return string
|
||||
* @return array
|
||||
*/
|
||||
public static function savePublicKey(BigInteger $n, BigInteger $e)
|
||||
{
|
||||
|
@ -40,7 +40,7 @@ abstract class XML
|
||||
* @access public
|
||||
* @param string $key
|
||||
* @param string $password optional
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function load($key, $password = '')
|
||||
{
|
||||
|
@ -273,10 +273,10 @@ class Rijndael extends BlockCipher
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::__construct()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
switch ($engine) {
|
||||
case self::ENGINE_OPENSSL:
|
||||
@ -294,7 +294,7 @@ class Rijndael extends BlockCipher
|
||||
}
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -178,10 +178,10 @@ class TripleDES extends DES
|
||||
*
|
||||
* @see \phpseclib\Crypt\Common\SymmetricKey::__construct()
|
||||
* @param int $engine
|
||||
* @access public
|
||||
* @access protected
|
||||
* @return bool
|
||||
*/
|
||||
public function isValidEngine($engine)
|
||||
protected function isValidEngineHelper($engine)
|
||||
{
|
||||
if ($engine == self::ENGINE_OPENSSL) {
|
||||
$this->cipher_name_openssl_ecb = 'des-ede3';
|
||||
@ -189,7 +189,7 @@ class TripleDES extends DES
|
||||
$this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode;
|
||||
}
|
||||
|
||||
return parent::isValidEngine($engine);
|
||||
return parent::isValidEngineHelper($engine);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -26,6 +26,7 @@ namespace phpseclib\File;
|
||||
use ParagonIE\ConstantTime\Base64;
|
||||
use phpseclib\File\ASN1\Element;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\Common\Functions\Strings;
|
||||
|
||||
/**
|
||||
* Pure-PHP ASN.1 Parser
|
||||
@ -248,7 +249,7 @@ abstract class ASN1
|
||||
* @param string $encoded
|
||||
* @param int $start
|
||||
* @param int $encoded_pos
|
||||
* @return array
|
||||
* @return array|bool
|
||||
* @access private
|
||||
*/
|
||||
private static function decode_ber($encoded, $start = 0, $encoded_pos = 0)
|
||||
@ -513,7 +514,7 @@ abstract class ASN1
|
||||
* @param array $decoded
|
||||
* @param array $mapping
|
||||
* @param array $special
|
||||
* @return array
|
||||
* @return array|bool|Element
|
||||
* @access public
|
||||
*/
|
||||
public static function asn1map($decoded, $mapping, $special = [])
|
||||
@ -826,7 +827,7 @@ abstract class ASN1
|
||||
* ASN.1 Encode (Helper function)
|
||||
*
|
||||
* @param string $source
|
||||
* @param string $mapping
|
||||
* @param array $mapping
|
||||
* @param int $idx
|
||||
* @return string
|
||||
* @throws \RuntimeException if the input has an error in it
|
||||
@ -1348,27 +1349,6 @@ abstract class ASN1
|
||||
return $temp != false ? $temp : $str;
|
||||
}
|
||||
|
||||
/**
|
||||
* DER-decode the length
|
||||
*
|
||||
* DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See
|
||||
* {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.
|
||||
*
|
||||
* @access public
|
||||
* @param string $string
|
||||
* @return int
|
||||
*/
|
||||
public static function decodeLength(&$string)
|
||||
{
|
||||
$length = ord(Strings::shift($string));
|
||||
if ($length & 0x80) { // definite length, long form
|
||||
$length&= 0x7F;
|
||||
$temp = Strings::shift($string, $length);
|
||||
list(, $length) = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4));
|
||||
}
|
||||
return $length;
|
||||
}
|
||||
|
||||
/**
|
||||
* DER-encode the length
|
||||
*
|
||||
|
@ -36,6 +36,7 @@ use phpseclib\File\ASN1\Element;
|
||||
use phpseclib\Math\BigInteger;
|
||||
use phpseclib\File\ASN1\Maps;
|
||||
|
||||
|
||||
/**
|
||||
* Pure-PHP X.509 Parser
|
||||
*
|
||||
@ -1564,7 +1565,7 @@ class X509
|
||||
* @param mixed $format optional
|
||||
* @param array $dn optional
|
||||
* @access public
|
||||
* @return bool
|
||||
* @return array|bool
|
||||
*/
|
||||
public function getDN($format = self::DN_ARRAY, $dn = null)
|
||||
{
|
||||
@ -2796,7 +2797,7 @@ class X509
|
||||
*/
|
||||
if (strtolower($date) == 'lifetime') {
|
||||
$temp = '99991231235959Z';
|
||||
$temp = chr(ASN1::TYPE_GENERALIZED_TIME) . Functions::encodeLength(strlen($temp)) . $temp;
|
||||
$temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp;
|
||||
$this->endDate = new Element($temp);
|
||||
} else {
|
||||
$this->endDate = @date('D, d M Y H:i:s O', @strtotime($date));
|
||||
@ -3117,24 +3118,26 @@ class X509
|
||||
*
|
||||
* @param string $id
|
||||
* @param array $cert optional
|
||||
* @param string $path
|
||||
* @access public
|
||||
* @return mixed
|
||||
*/
|
||||
public function getExtension($id, $cert = null)
|
||||
public function getExtension($id, $cert = null, $path=null)
|
||||
{
|
||||
return $this->getExtensionHelper($id, $cert);
|
||||
return $this->getExtensionHelper($id, $cert, $path);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all extensions in use in certificate, CSR or CRL
|
||||
*
|
||||
* @param array $cert optional
|
||||
* @param string $path optional
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
public function getExtensions($cert = null)
|
||||
public function getExtensions($cert = null, $path = null)
|
||||
{
|
||||
return $this->getExtensionsHelper($cert);
|
||||
return $this->getExtensionsHelper($cert, $path);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -3430,7 +3433,7 @@ class X509
|
||||
* Format a public key as appropriate
|
||||
*
|
||||
* @access private
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
private function formatSubjectPublicKey()
|
||||
{
|
||||
@ -3602,7 +3605,7 @@ class X509
|
||||
*
|
||||
* @param array $crl optional
|
||||
* @access public
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public function listRevoked($crl = null)
|
||||
{
|
||||
@ -3676,7 +3679,7 @@ class X509
|
||||
* @param string $serial
|
||||
* @param array $crl optional
|
||||
* @access public
|
||||
* @return array
|
||||
* @return array|bool
|
||||
*/
|
||||
public function getRevokedCertificateExtensions($serial, $crl = null)
|
||||
{
|
||||
@ -3686,7 +3689,7 @@ class X509
|
||||
|
||||
if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) {
|
||||
if (($i = $this->revokedCertificate($rclist, $serial)) !== false) {
|
||||
return $this->getExtensionsHelper($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -61,7 +61,7 @@ abstract class Barrett extends Base
|
||||
*
|
||||
* @param string $n
|
||||
* @param string $m
|
||||
* @return array
|
||||
* @return array|string
|
||||
*/
|
||||
protected static function reduce($n, $m)
|
||||
{
|
||||
|
@ -55,7 +55,7 @@ abstract class EvalBarrett extends Base
|
||||
*
|
||||
* @param array $m
|
||||
* @param string $class
|
||||
* @return callable
|
||||
* @return callable|void
|
||||
*/
|
||||
protected static function generateCustomReduction(BCMath $m, $class)
|
||||
{
|
||||
|
@ -396,7 +396,7 @@ abstract class Engine implements \Serializable
|
||||
/**
|
||||
* Logical Not
|
||||
*
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine
|
||||
* @return Engine|string
|
||||
*/
|
||||
public function bitwise_not()
|
||||
{
|
||||
@ -465,7 +465,7 @@ abstract class Engine implements \Serializable
|
||||
* Instead of the top x bits being dropped they're appended to the shifted bit string.
|
||||
*
|
||||
* @param int $shift
|
||||
* @return \phpseclib\Math\BigInteger\Engine\Engines
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine
|
||||
*/
|
||||
public function bitwise_leftRotate($shift)
|
||||
{
|
||||
@ -563,7 +563,7 @@ abstract class Engine implements \Serializable
|
||||
/**
|
||||
* Performs some pre-processing for powMod
|
||||
*
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine
|
||||
* @return bool|Engine
|
||||
*/
|
||||
protected function powModOuter(Engine $e, Engine $n)
|
||||
{
|
||||
@ -591,11 +591,11 @@ abstract class Engine implements \Serializable
|
||||
* however, this function performs a modular reduction after every multiplication and squaring operation.
|
||||
* As such, this function has the same preconditions that the reductions being used do.
|
||||
*
|
||||
* @param \phpseclib\Math\BigInteger\Engine $x
|
||||
* @param \phpseclib\Math\BigInteger\Engine $e
|
||||
* @param \phpseclib\Math\BigInteger\Engine $n
|
||||
* @param \phpseclib\Math\BigInteger\Engines\Engine $x
|
||||
* @param \phpseclib\Math\BigInteger\Engines\Engine $e
|
||||
* @param \phpseclib\Math\BigInteger\Engines\Engine $n
|
||||
* @param string $class
|
||||
* @return \phpseclib\Math\BigInteger\Engine
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine
|
||||
*/
|
||||
protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class)
|
||||
{
|
||||
@ -691,7 +691,7 @@ abstract class Engine implements \Serializable
|
||||
/**
|
||||
* Performs some pre-processing for randomRangePrime
|
||||
*
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine
|
||||
* @return bool|Engine
|
||||
*/
|
||||
protected static function randomRangePrimeOuter(Engine $min, Engine $max)
|
||||
{
|
||||
@ -781,7 +781,7 @@ abstract class Engine implements \Serializable
|
||||
/**
|
||||
* Performs some post-processing for randomRangePrime
|
||||
*
|
||||
* @return \phpseclib\Math\BigInteger\Engine
|
||||
* @return bool|Engine
|
||||
*/
|
||||
protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max)
|
||||
{
|
||||
|
@ -546,7 +546,7 @@ class GMP extends Engine
|
||||
*
|
||||
* Returns the nth root of a positive biginteger, where n defaults to 2
|
||||
*
|
||||
* @return \phpseclib\Math\BigInteger\Engines\Engine\GMP
|
||||
* @return \phpseclib\Math\BigInteger\Engines\GMP
|
||||
*/
|
||||
protected function rootInner($n)
|
||||
{
|
||||
|
@ -1314,7 +1314,7 @@ abstract class PHP extends Engine
|
||||
protected function powHelper(PHP $n)
|
||||
{
|
||||
if ($n->compare(static::$zero) == 0) {
|
||||
return new self(1);
|
||||
return new static(1);
|
||||
} // n^0 = 1
|
||||
|
||||
|
||||
|
@ -46,7 +46,7 @@ abstract class Montgomery extends Base
|
||||
* @param \phpseclib\Math\BigInteger\Engine $e
|
||||
* @param \phpseclib\Math\BigInteger\Engine $n
|
||||
* @param string $class
|
||||
* @return \phpseclib\Math\BigInteger\Engine
|
||||
* @return \phpseclib\Math\BigInteger\Engine|Engine
|
||||
*/
|
||||
protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class)
|
||||
{
|
||||
|
@ -3024,7 +3024,7 @@ class SFTP extends SSH2
|
||||
* Returns a string if NET_SFTP_LOGGING == self::LOG_COMPLEX, an array if NET_SFTP_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SFTP_LOGGING')
|
||||
*
|
||||
* @access public
|
||||
* @return string or Array
|
||||
* @return array|string
|
||||
*/
|
||||
public function getSFTPLog()
|
||||
{
|
||||
@ -3086,7 +3086,7 @@ class SFTP extends SSH2
|
||||
* @return bool
|
||||
* @access private
|
||||
*/
|
||||
private function disconnect_helper($reason)
|
||||
protected function disconnect_helper($reason)
|
||||
{
|
||||
$this->pwd = false;
|
||||
parent::disconnect_helper($reason);
|
||||
|
@ -1079,7 +1079,7 @@ class SSH1
|
||||
* http://www.securiteam.com/securitynews/5LP042K3FY.html
|
||||
*
|
||||
* @see self::_send_binary_packet()
|
||||
* @return array
|
||||
* @return array|bool
|
||||
* @access private
|
||||
*/
|
||||
private function get_binary_packet()
|
||||
|
@ -652,7 +652,7 @@ class SSH2
|
||||
* @see self::_get_channel_packet()
|
||||
* @access private
|
||||
*/
|
||||
private $curTimeout;
|
||||
protected $curTimeout;
|
||||
|
||||
/**
|
||||
* Real-time log file pointer
|
||||
@ -881,6 +881,22 @@ class SSH2
|
||||
*/
|
||||
private static $connections;
|
||||
|
||||
/**
|
||||
* Send the identification string first?
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
private $send_id_string_first = true;
|
||||
|
||||
/**
|
||||
* Send the key exchange initiation packet first?
|
||||
*
|
||||
* @var bool
|
||||
* @access private
|
||||
*/
|
||||
private $send_kex_first = true;
|
||||
|
||||
/**
|
||||
* Default Constructor.
|
||||
*
|
||||
@ -890,7 +906,7 @@ class SSH2
|
||||
* @param int $port
|
||||
* @param int $timeout
|
||||
* @see self::login()
|
||||
* @return \phpseclib\Net\SSH2
|
||||
* @return SSH2|void
|
||||
* @access public
|
||||
*/
|
||||
public function __construct($host, $port = 22, $timeout = 10)
|
||||
@ -995,13 +1011,69 @@ class SSH2
|
||||
* OpenSSL, mcrypt, Eval, PHP
|
||||
*
|
||||
* @param int $engine
|
||||
* @access private
|
||||
* @access public
|
||||
*/
|
||||
public function setCryptoEngine($engine)
|
||||
{
|
||||
$this->crypto_engine = $engine;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send Identification String First
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
|
||||
* both sides MUST send an identification string". It does not say which side sends it first. In
|
||||
* theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
function sendIdentificationStringFirst()
|
||||
{
|
||||
$this->send_id_string_first = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send Identification String Last
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
|
||||
* both sides MUST send an identification string". It does not say which side sends it first. In
|
||||
* theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
function sendIdentificationStringLast()
|
||||
{
|
||||
$this->send_id_string_first = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send SSH_MSG_KEXINIT First
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
|
||||
* sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
|
||||
* it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
function sendKEXINITFirst()
|
||||
{
|
||||
$this->send_kex_first = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send SSH_MSG_KEXINIT Last
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
|
||||
* sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
|
||||
* it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
function sendKEXINITLast()
|
||||
{
|
||||
$this->send_kex_first = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Connect to an SSHv2 server
|
||||
*
|
||||
@ -1044,7 +1116,9 @@ class SSH2
|
||||
|
||||
$this->identifier = $this->generate_identifier();
|
||||
|
||||
fputs($this->fsock, $this->identifier . "\r\n");
|
||||
if ($this->send_id_string_first) {
|
||||
fputs($this->fsock, $this->identifier . "\r\n");
|
||||
}
|
||||
|
||||
/* According to the SSH2 specs,
|
||||
|
||||
@ -1120,16 +1194,26 @@ class SSH2
|
||||
throw new \RuntimeException("Cannot connect to SSH $matches[1] servers");
|
||||
}
|
||||
|
||||
$response = $this->get_binary_packet();
|
||||
if ($response === false) {
|
||||
throw new \RuntimeException('Connection closed by server');
|
||||
if (!$this->send_id_string_first) {
|
||||
fputs($this->fsock, $this->identifier . "\r\n");
|
||||
}
|
||||
|
||||
if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
|
||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
||||
if (!$this->send_kex_first) {
|
||||
$response = $this->get_binary_packet();
|
||||
if ($response === false) {
|
||||
throw new \RuntimeException('Connection closed by server');
|
||||
}
|
||||
|
||||
if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
|
||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
||||
}
|
||||
|
||||
if (!$this->key_exchange($response)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$this->key_exchange($response)) {
|
||||
if ($this->send_kex_first && !$this->key_exchange()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1177,13 +1261,13 @@ class SSH2
|
||||
/**
|
||||
* Key Exchange
|
||||
*
|
||||
* @param string $kexinit_payload_server
|
||||
* @param string $kexinit_payload_server optional
|
||||
* @throws \UnexpectedValueException on receipt of unexpected packets
|
||||
* @throws \RuntimeException on other errors
|
||||
* @throws \phpseclib\Exception\NoSupportedAlgorithmsException when none of the algorithms phpseclib has loaded are compatible
|
||||
* @access private
|
||||
*/
|
||||
private function key_exchange($kexinit_payload_server)
|
||||
private function key_exchange($kexinit_payload_server = false)
|
||||
{
|
||||
$kex_algorithms = [
|
||||
// Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using
|
||||
@ -1321,6 +1405,49 @@ class SSH2
|
||||
|
||||
$client_cookie = Random::string(16);
|
||||
|
||||
$kexinit_payload_client = pack(
|
||||
'Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN',
|
||||
NET_SSH2_MSG_KEXINIT,
|
||||
$client_cookie,
|
||||
strlen($str_kex_algorithms),
|
||||
$str_kex_algorithms,
|
||||
strlen($str_server_host_key_algorithms),
|
||||
$str_server_host_key_algorithms,
|
||||
strlen($encryption_algorithms_client_to_server),
|
||||
$encryption_algorithms_client_to_server,
|
||||
strlen($encryption_algorithms_server_to_client),
|
||||
$encryption_algorithms_server_to_client,
|
||||
strlen($mac_algorithms_client_to_server),
|
||||
$mac_algorithms_client_to_server,
|
||||
strlen($mac_algorithms_server_to_client),
|
||||
$mac_algorithms_server_to_client,
|
||||
strlen($compression_algorithms_client_to_server),
|
||||
$compression_algorithms_client_to_server,
|
||||
strlen($compression_algorithms_server_to_client),
|
||||
$compression_algorithms_server_to_client,
|
||||
0,
|
||||
'',
|
||||
0,
|
||||
'',
|
||||
0,
|
||||
0
|
||||
);
|
||||
|
||||
if ($this->send_kex_first) {
|
||||
if (!$this->send_binary_packet($kexinit_payload_client)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$kexinit_payload_server = $this->get_binary_packet();
|
||||
if ($kexinit_payload_server === false) {
|
||||
throw new \RuntimeException('Connection closed by server');
|
||||
}
|
||||
|
||||
if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) {
|
||||
throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
|
||||
}
|
||||
}
|
||||
|
||||
$response = $kexinit_payload_server;
|
||||
Strings::shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
|
||||
$server_cookie = Strings::shift($response, 16);
|
||||
@ -1392,39 +1519,9 @@ class SSH2
|
||||
|
||||
$first_kex_packet_follows = $first_kex_packet_follows != 0;
|
||||
|
||||
// the sending of SSH2_MSG_KEXINIT could go in one of two places. this is the second place.
|
||||
$kexinit_payload_client = pack(
|
||||
'Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN',
|
||||
NET_SSH2_MSG_KEXINIT,
|
||||
$client_cookie,
|
||||
strlen($str_kex_algorithms),
|
||||
$str_kex_algorithms,
|
||||
strlen($str_server_host_key_algorithms),
|
||||
$str_server_host_key_algorithms,
|
||||
strlen($encryption_algorithms_client_to_server),
|
||||
$encryption_algorithms_client_to_server,
|
||||
strlen($encryption_algorithms_server_to_client),
|
||||
$encryption_algorithms_server_to_client,
|
||||
strlen($mac_algorithms_client_to_server),
|
||||
$mac_algorithms_client_to_server,
|
||||
strlen($mac_algorithms_server_to_client),
|
||||
$mac_algorithms_server_to_client,
|
||||
strlen($compression_algorithms_client_to_server),
|
||||
$compression_algorithms_client_to_server,
|
||||
strlen($compression_algorithms_server_to_client),
|
||||
$compression_algorithms_server_to_client,
|
||||
0,
|
||||
'',
|
||||
0,
|
||||
'',
|
||||
0,
|
||||
0
|
||||
);
|
||||
|
||||
if (!$this->send_binary_packet($kexinit_payload_client)) {
|
||||
if (!$this->send_kex_first && !$this->send_binary_packet($kexinit_payload_client)) {
|
||||
return false;
|
||||
}
|
||||
// here ends the second place.
|
||||
|
||||
// we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange
|
||||
|
||||
@ -3829,7 +3926,7 @@ class SSH2
|
||||
* @return bool
|
||||
* @access private
|
||||
*/
|
||||
private function disconnect_helper($reason)
|
||||
protected function disconnect_helper($reason)
|
||||
{
|
||||
if ($this->bitmap & self::MASK_CONNECTED) {
|
||||
$data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, '');
|
||||
@ -4236,7 +4333,7 @@ class SSH2
|
||||
case $r->compare($q) >= 0:
|
||||
case $s->equals($zero):
|
||||
case $s->compare($q) >= 0:
|
||||
$this->disconnectHepler(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||
$this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
|
||||
throw new \RuntimeException('Invalid signature');
|
||||
}
|
||||
|
||||
|
@ -215,20 +215,20 @@ class Unit_Crypt_RC4Test extends PhpseclibTestCase
|
||||
{
|
||||
$objects = $engines = array();
|
||||
$temp = new RC4(RC4::MODE_CTR);
|
||||
$temp->setPreferredEngine(RC4::ENGINE_INTERNAL);
|
||||
$temp->setPreferredEngine('internal');
|
||||
$objects[] = $temp;
|
||||
$engines[] = 'internal';
|
||||
|
||||
if ($temp->isValidEngine(RC4::ENGINE_MCRYPT)) {
|
||||
if ($temp->isValidEngine('mcrypt')) {
|
||||
$temp = new RC4(RC4::MODE_CTR);
|
||||
$temp->setPreferredEngine(RC4::ENGINE_MCRYPT);
|
||||
$temp->setPreferredEngine('mcrypt');
|
||||
$objects[] = $temp;
|
||||
$engines[] = 'mcrypt';
|
||||
}
|
||||
|
||||
if ($temp->isValidEngine(RC4::ENGINE_OPENSSL)) {
|
||||
if ($temp->isValidEngine('openssl')) {
|
||||
$temp = new RC4(RC4::MODE_CTR);
|
||||
$temp->setPreferredEngine(RC4::ENGINE_OPENSSL);
|
||||
$temp->setPreferredEngine('openssl');
|
||||
$objects[] = $temp;
|
||||
$engines[] = 'OpenSSL';
|
||||
}
|
||||
|
@ -167,7 +167,7 @@ class Unit_Crypt_TripleDESTest extends PhpseclibTestCase
|
||||
$des->disablePadding();
|
||||
$result = $des->encrypt($plaintext);
|
||||
$plaintext = bin2hex($plaintext);
|
||||
$this->assertEquals($result, $expected, "Failed asserting that $plaintext yielded expected output in $engin engine");
|
||||
$this->assertEquals($result, $expected, "Failed asserting that $plaintext yielded expected output in $engine engine");
|
||||
}
|
||||
|
||||
public function testInnerChaining()
|
||||
|
24
tests/Unit/File/X509/CRLTest.php
Normal file
24
tests/Unit/File/X509/CRLTest.php
Normal file
@ -0,0 +1,24 @@
|
||||
<?php
|
||||
/**
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2017 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
*/
|
||||
|
||||
use phpseclib\File\X509;
|
||||
|
||||
class Unit_File_X509_CRLTest extends PhpseclibTestCase
|
||||
{
|
||||
public function testLoadCRL()
|
||||
{
|
||||
$test = file_get_contents(__DIR__ . '/crl.bin');
|
||||
|
||||
$x509 = new X509();
|
||||
|
||||
$x509->loadCRL($test);
|
||||
|
||||
$reason = $x509->getRevokedCertificateExtension('9048354325167497831898969642461237543', 'id-ce-cRLReasons');
|
||||
|
||||
$this->assertSame('unspecified', $reason);
|
||||
}
|
||||
}
|
@ -181,6 +181,7 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7
|
||||
$issuer->setDN($subject->getDN());
|
||||
|
||||
$x509 = new X509();
|
||||
$x509->setEndDate('lifetime');
|
||||
|
||||
$result = $x509->sign($issuer, $subject);
|
||||
$cert = $x509->saveX509($result);
|
||||
|
BIN
tests/Unit/File/X509/crl.bin
Normal file
BIN
tests/Unit/File/X509/crl.bin
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user