diff --git a/phpseclib/Crypt/Blowfish.php b/phpseclib/Crypt/Blowfish.php index 9c91a0e1..5cf8b7a2 100644 --- a/phpseclib/Crypt/Blowfish.php +++ b/phpseclib/Crypt/Blowfish.php @@ -327,10 +327,10 @@ class Blowfish extends BlockCipher * * @see \phpseclib\Crypt\Common\SymmetricKey::isValidEngine() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { if ($engine == self::ENGINE_OPENSSL) { if (version_compare(PHP_VERSION, '5.3.7') < 0 && $this->key_length != 16) { @@ -343,7 +343,7 @@ class Blowfish extends BlockCipher $this->cipher_name_openssl = 'bf-' . $this->openssl_translate_mode(); } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/Crypt/Common/AsymmetricKey.php b/phpseclib/Crypt/Common/AsymmetricKey.php index 08124730..6cc92471 100644 --- a/phpseclib/Crypt/Common/AsymmetricKey.php +++ b/phpseclib/Crypt/Common/AsymmetricKey.php @@ -299,7 +299,7 @@ abstract class AsymmetricKey * @access private * @param string $key * @param string $type - * @return array + * @return array|bool */ protected function load($key, $type) { @@ -339,7 +339,7 @@ abstract class AsymmetricKey * @access private * @param string $key * @param string $type - * @return array + * @return array|bool */ protected function setPublicKey($key, $type) { diff --git a/phpseclib/Crypt/Common/Keys/OpenSSH.php b/phpseclib/Crypt/Common/Keys/OpenSSH.php index eb1ba7a3..fc7fc822 100644 --- a/phpseclib/Crypt/Common/Keys/OpenSSH.php +++ b/phpseclib/Crypt/Common/Keys/OpenSSH.php @@ -64,7 +64,7 @@ abstract class OpenSSH * @access public * @param string $key * @param string $type - * @return array + * @return array|bool */ public static function load($key, $type) { diff --git a/phpseclib/Crypt/Common/Keys/PKCS1.php b/phpseclib/Crypt/Common/Keys/PKCS1.php index afa9ad15..6ae8588d 100644 --- a/phpseclib/Crypt/Common/Keys/PKCS1.php +++ b/phpseclib/Crypt/Common/Keys/PKCS1.php @@ -122,7 +122,7 @@ abstract class PKCS1 extends PKCS * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ protected static function load($key, $password) { diff --git a/phpseclib/Crypt/Common/Keys/PKCS8.php b/phpseclib/Crypt/Common/Keys/PKCS8.php index 74222ab5..e4002fe7 100644 --- a/phpseclib/Crypt/Common/Keys/PKCS8.php +++ b/phpseclib/Crypt/Common/Keys/PKCS8.php @@ -320,7 +320,7 @@ abstract class PKCS8 extends PKCS * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ protected static function load($key, $password = '') { diff --git a/phpseclib/Crypt/Common/Keys/PuTTY.php b/phpseclib/Crypt/Common/Keys/PuTTY.php index 12e4377a..44224510 100644 --- a/phpseclib/Crypt/Common/Keys/PuTTY.php +++ b/phpseclib/Crypt/Common/Keys/PuTTY.php @@ -77,7 +77,7 @@ abstract class PuTTY * @param string $publicHandler * @param string $type * @param string $password - * @return array + * @return array|bool */ protected static function load($key, $password) { diff --git a/phpseclib/Crypt/Common/Signature/Raw.php b/phpseclib/Crypt/Common/Signature/Raw.php index 73aeee8a..7977417c 100644 --- a/phpseclib/Crypt/Common/Signature/Raw.php +++ b/phpseclib/Crypt/Common/Signature/Raw.php @@ -33,7 +33,7 @@ abstract class Raw * * @access public * @param array $sig - * @return array + * @return array|bool */ public static function load($sig) { diff --git a/phpseclib/Crypt/Common/SymmetricKey.php b/phpseclib/Crypt/Common/SymmetricKey.php index 14f73fc9..6f198cd3 100644 --- a/phpseclib/Crypt/Common/SymmetricKey.php +++ b/phpseclib/Crypt/Common/SymmetricKey.php @@ -1712,10 +1712,10 @@ abstract class SymmetricKey * * @see self::__construct() * @param int $engine - * @access public + * @access private * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { switch ($engine) { case self::ENGINE_OPENSSL: @@ -1756,6 +1756,29 @@ abstract class SymmetricKey return false; } + /** + * Test for engine validity + * + * @see self::__construct() + * @param string $engine + * @access public + * @return bool + */ + public function isValidEngine($engine) + { + static $reverseMap; + if (!isset($reverseMap)) { + $reverseMap = array_map('strtolower', self::ENGINE_MAP); + $reverseMap = array_flip($reverseMap); + } + $engine = strtolower($engine); + if (!isset($reverseMap[$engine])) { + return false; + } + + return $this->isValidEngineHelper($reverseMap[$engine]); + } + /** * Sets the preferred crypt engine * @@ -1816,7 +1839,7 @@ abstract class SymmetricKey self::ENGINE_EVAL ]; foreach ($candidateEngines as $engine) { - if ($this->isValidEngine($engine)) { + if ($this->isValidEngineHelper($engine)) { $this->engine = $engine; break; } diff --git a/phpseclib/Crypt/DES.php b/phpseclib/Crypt/DES.php index 6981cd96..b7c45ee4 100644 --- a/phpseclib/Crypt/DES.php +++ b/phpseclib/Crypt/DES.php @@ -603,10 +603,10 @@ class DES extends BlockCipher * * @see \phpseclib\Crypt\Common\SymmetricKey::isValidEngine() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { if ($this->key_length_max == 8) { if ($engine == self::ENGINE_OPENSSL) { @@ -615,7 +615,7 @@ class DES extends BlockCipher } } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/Crypt/DSA.php b/phpseclib/Crypt/DSA.php index 9cbee43e..19b0bae2 100644 --- a/phpseclib/Crypt/DSA.php +++ b/phpseclib/Crypt/DSA.php @@ -109,7 +109,7 @@ class DSA extends AsymmetricKey * @access public * @param int $L * @param int $N - * @return \phpseclib\Crypt\DSA + * @return \phpseclib\Crypt\DSA|bool */ static function createParameters($L = 2048, $N = 224) { @@ -183,7 +183,7 @@ class DSA extends AsymmetricKey * - 'publickey': The public key. * * @access public - * @return \phpseclib\Crypt\DSA + * @return array|DSA */ static function createKey() { diff --git a/phpseclib/Crypt/DSA/Keys/OpenSSH.php b/phpseclib/Crypt/DSA/Keys/OpenSSH.php index 6458ba35..0b5d47b4 100644 --- a/phpseclib/Crypt/DSA/Keys/OpenSSH.php +++ b/phpseclib/Crypt/DSA/Keys/OpenSSH.php @@ -37,7 +37,7 @@ abstract class OpenSSH extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Keys/PKCS1.php b/phpseclib/Crypt/DSA/Keys/PKCS1.php index 7a3920ba..fefe3117 100644 --- a/phpseclib/Crypt/DSA/Keys/PKCS1.php +++ b/phpseclib/Crypt/DSA/Keys/PKCS1.php @@ -46,7 +46,7 @@ abstract class PKCS1 extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Keys/PKCS8.php b/phpseclib/Crypt/DSA/Keys/PKCS8.php index 1415175a..4a94a861 100644 --- a/phpseclib/Crypt/DSA/Keys/PKCS8.php +++ b/phpseclib/Crypt/DSA/Keys/PKCS8.php @@ -69,7 +69,7 @@ abstract class PKCS8 extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Keys/PuTTY.php b/phpseclib/Crypt/DSA/Keys/PuTTY.php index 7b297631..af7a7ea4 100644 --- a/phpseclib/Crypt/DSA/Keys/PuTTY.php +++ b/phpseclib/Crypt/DSA/Keys/PuTTY.php @@ -55,7 +55,7 @@ abstract class PuTTY extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Keys/Raw.php b/phpseclib/Crypt/DSA/Keys/Raw.php index 18d0b03a..ab6085fa 100644 --- a/phpseclib/Crypt/DSA/Keys/Raw.php +++ b/phpseclib/Crypt/DSA/Keys/Raw.php @@ -34,7 +34,7 @@ abstract class Raw * @access public * @param array $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Keys/XML.php b/phpseclib/Crypt/DSA/Keys/XML.php index 02644b7d..0741ae5f 100644 --- a/phpseclib/Crypt/DSA/Keys/XML.php +++ b/phpseclib/Crypt/DSA/Keys/XML.php @@ -39,7 +39,7 @@ abstract class XML * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/DSA/Signature/PKCS.php b/phpseclib/Crypt/DSA/Signature/PKCS.php index fa09e54a..eeb97755 100644 --- a/phpseclib/Crypt/DSA/Signature/PKCS.php +++ b/phpseclib/Crypt/DSA/Signature/PKCS.php @@ -36,7 +36,7 @@ abstract class PKCS * * @access public * @param array $key - * @return array + * @return array|bool */ public static function load($sig) { diff --git a/phpseclib/Crypt/Hash.php b/phpseclib/Crypt/Hash.php index e5af7b48..2b4f7b83 100644 --- a/phpseclib/Crypt/Hash.php +++ b/phpseclib/Crypt/Hash.php @@ -134,7 +134,7 @@ class Hash * Keys can be of any length. * * @access public - * @param string $key + * @param string|bool $key */ public function setKey($key = false) { diff --git a/phpseclib/Crypt/RC2.php b/phpseclib/Crypt/RC2.php index 8854be51..013b32ec 100644 --- a/phpseclib/Crypt/RC2.php +++ b/phpseclib/Crypt/RC2.php @@ -284,10 +284,10 @@ class RC2 extends BlockCipher * * @see \phpseclib\Crypt\Common\SymmetricKey::__construct() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { switch ($engine) { case self::ENGINE_OPENSSL: @@ -298,7 +298,7 @@ class RC2 extends BlockCipher $this->cipher_name_openssl = 'rc2-' . $this->openssl_translate_mode(); } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/Crypt/RC4.php b/phpseclib/Crypt/RC4.php index 865776ff..e2d8b24e 100644 --- a/phpseclib/Crypt/RC4.php +++ b/phpseclib/Crypt/RC4.php @@ -139,10 +139,10 @@ class RC4 extends StreamCipher * * @see \phpseclib\Crypt\Common\SymmetricKey::__construct() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { if ($engine == self::ENGINE_OPENSSL) { if (version_compare(PHP_VERSION, '5.3.7') >= 0) { @@ -164,7 +164,7 @@ class RC4 extends StreamCipher } } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/Crypt/RSA/Keys/MSBLOB.php b/phpseclib/Crypt/RSA/Keys/MSBLOB.php index 8ac478e0..33500fe7 100644 --- a/phpseclib/Crypt/RSA/Keys/MSBLOB.php +++ b/phpseclib/Crypt/RSA/Keys/MSBLOB.php @@ -71,7 +71,7 @@ abstract class MSBLOB * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/RSA/Keys/OpenSSH.php b/phpseclib/Crypt/RSA/Keys/OpenSSH.php index 40f20330..b8ba1bb5 100644 --- a/phpseclib/Crypt/RSA/Keys/OpenSSH.php +++ b/phpseclib/Crypt/RSA/Keys/OpenSSH.php @@ -37,7 +37,7 @@ abstract class OpenSSH extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/RSA/Keys/PKCS1.php b/phpseclib/Crypt/RSA/Keys/PKCS1.php index 125927ce..6c73d65d 100644 --- a/phpseclib/Crypt/RSA/Keys/PKCS1.php +++ b/phpseclib/Crypt/RSA/Keys/PKCS1.php @@ -44,7 +44,7 @@ abstract class PKCS1 extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/RSA/Keys/PKCS8.php b/phpseclib/Crypt/RSA/Keys/PKCS8.php index 382fb2b7..40888020 100644 --- a/phpseclib/Crypt/RSA/Keys/PKCS8.php +++ b/phpseclib/Crypt/RSA/Keys/PKCS8.php @@ -70,7 +70,7 @@ abstract class PKCS8 extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/RSA/Keys/PuTTY.php b/phpseclib/Crypt/RSA/Keys/PuTTY.php index 4353fd02..ca9195d0 100644 --- a/phpseclib/Crypt/RSA/Keys/PuTTY.php +++ b/phpseclib/Crypt/RSA/Keys/PuTTY.php @@ -50,7 +50,7 @@ abstract class PuTTY extends Progenitor * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/RSA/Keys/Raw.php b/phpseclib/Crypt/RSA/Keys/Raw.php index e2bd636c..fe3c4c62 100644 --- a/phpseclib/Crypt/RSA/Keys/Raw.php +++ b/phpseclib/Crypt/RSA/Keys/Raw.php @@ -42,7 +42,7 @@ abstract class Raw * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { @@ -95,7 +95,7 @@ abstract class Raw * @access public * @param \phpseclib\Math\BigInteger $n * @param \phpseclib\Math\BigInteger $e - * @return string + * @return array */ public static function savePublicKey(BigInteger $n, BigInteger $e) { diff --git a/phpseclib/Crypt/RSA/Keys/XML.php b/phpseclib/Crypt/RSA/Keys/XML.php index a31a4be0..07549026 100644 --- a/phpseclib/Crypt/RSA/Keys/XML.php +++ b/phpseclib/Crypt/RSA/Keys/XML.php @@ -40,7 +40,7 @@ abstract class XML * @access public * @param string $key * @param string $password optional - * @return array + * @return array|bool */ public static function load($key, $password = '') { diff --git a/phpseclib/Crypt/Rijndael.php b/phpseclib/Crypt/Rijndael.php index e78d578c..1553bb09 100644 --- a/phpseclib/Crypt/Rijndael.php +++ b/phpseclib/Crypt/Rijndael.php @@ -273,10 +273,10 @@ class Rijndael extends BlockCipher * * @see \phpseclib\Crypt\Common\SymmetricKey::__construct() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { switch ($engine) { case self::ENGINE_OPENSSL: @@ -294,7 +294,7 @@ class Rijndael extends BlockCipher } } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/Crypt/TripleDES.php b/phpseclib/Crypt/TripleDES.php index 9dede481..3c665f29 100644 --- a/phpseclib/Crypt/TripleDES.php +++ b/phpseclib/Crypt/TripleDES.php @@ -178,10 +178,10 @@ class TripleDES extends DES * * @see \phpseclib\Crypt\Common\SymmetricKey::__construct() * @param int $engine - * @access public + * @access protected * @return bool */ - public function isValidEngine($engine) + protected function isValidEngineHelper($engine) { if ($engine == self::ENGINE_OPENSSL) { $this->cipher_name_openssl_ecb = 'des-ede3'; @@ -189,7 +189,7 @@ class TripleDES extends DES $this->cipher_name_openssl = $mode == 'ecb' ? 'des-ede3' : 'des-ede3-' . $mode; } - return parent::isValidEngine($engine); + return parent::isValidEngineHelper($engine); } /** diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php index 295a2b72..53ac6ff2 100644 --- a/phpseclib/File/ASN1.php +++ b/phpseclib/File/ASN1.php @@ -26,6 +26,7 @@ namespace phpseclib\File; use ParagonIE\ConstantTime\Base64; use phpseclib\File\ASN1\Element; use phpseclib\Math\BigInteger; +use phpseclib\Common\Functions\Strings; /** * Pure-PHP ASN.1 Parser @@ -248,7 +249,7 @@ abstract class ASN1 * @param string $encoded * @param int $start * @param int $encoded_pos - * @return array + * @return array|bool * @access private */ private static function decode_ber($encoded, $start = 0, $encoded_pos = 0) @@ -513,7 +514,7 @@ abstract class ASN1 * @param array $decoded * @param array $mapping * @param array $special - * @return array + * @return array|bool|Element * @access public */ public static function asn1map($decoded, $mapping, $special = []) @@ -826,7 +827,7 @@ abstract class ASN1 * ASN.1 Encode (Helper function) * * @param string $source - * @param string $mapping + * @param array $mapping * @param int $idx * @return string * @throws \RuntimeException if the input has an error in it @@ -1348,27 +1349,6 @@ abstract class ASN1 return $temp != false ? $temp : $str; } - /** - * DER-decode the length - * - * DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See - * {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information. - * - * @access public - * @param string $string - * @return int - */ - public static function decodeLength(&$string) - { - $length = ord(Strings::shift($string)); - if ($length & 0x80) { // definite length, long form - $length&= 0x7F; - $temp = Strings::shift($string, $length); - list(, $length) = unpack('N', substr(str_pad($temp, 4, chr(0), STR_PAD_LEFT), -4)); - } - return $length; - } - /** * DER-encode the length * diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index a95784b5..51161b21 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -36,6 +36,7 @@ use phpseclib\File\ASN1\Element; use phpseclib\Math\BigInteger; use phpseclib\File\ASN1\Maps; + /** * Pure-PHP X.509 Parser * @@ -1564,7 +1565,7 @@ class X509 * @param mixed $format optional * @param array $dn optional * @access public - * @return bool + * @return array|bool */ public function getDN($format = self::DN_ARRAY, $dn = null) { @@ -2796,7 +2797,7 @@ class X509 */ if (strtolower($date) == 'lifetime') { $temp = '99991231235959Z'; - $temp = chr(ASN1::TYPE_GENERALIZED_TIME) . Functions::encodeLength(strlen($temp)) . $temp; + $temp = chr(ASN1::TYPE_GENERALIZED_TIME) . ASN1::encodeLength(strlen($temp)) . $temp; $this->endDate = new Element($temp); } else { $this->endDate = @date('D, d M Y H:i:s O', @strtotime($date)); @@ -3117,24 +3118,26 @@ class X509 * * @param string $id * @param array $cert optional + * @param string $path * @access public * @return mixed */ - public function getExtension($id, $cert = null) + public function getExtension($id, $cert = null, $path=null) { - return $this->getExtensionHelper($id, $cert); + return $this->getExtensionHelper($id, $cert, $path); } /** * Returns a list of all extensions in use in certificate, CSR or CRL * * @param array $cert optional + * @param string $path optional * @access public * @return array */ - public function getExtensions($cert = null) + public function getExtensions($cert = null, $path = null) { - return $this->getExtensionsHelper($cert); + return $this->getExtensionsHelper($cert, $path); } /** @@ -3430,7 +3433,7 @@ class X509 * Format a public key as appropriate * * @access private - * @return array + * @return array|bool */ private function formatSubjectPublicKey() { @@ -3602,7 +3605,7 @@ class X509 * * @param array $crl optional * @access public - * @return array + * @return array|bool */ public function listRevoked($crl = null) { @@ -3676,7 +3679,7 @@ class X509 * @param string $serial * @param array $crl optional * @access public - * @return array + * @return array|bool */ public function getRevokedCertificateExtensions($serial, $crl = null) { @@ -3686,7 +3689,7 @@ class X509 if (is_array($rclist = $this->subArray($crl, 'tbsCertList/revokedCertificates'))) { if (($i = $this->revokedCertificate($rclist, $serial)) !== false) { - return $this->getExtensionsHelper($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); + return $this->getExtensions($crl, "tbsCertList/revokedCertificates/$i/crlEntryExtensions"); } } diff --git a/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php b/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php index 7237c5ac..f858ce17 100644 --- a/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php +++ b/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php @@ -61,7 +61,7 @@ abstract class Barrett extends Base * * @param string $n * @param string $m - * @return array + * @return array|string */ protected static function reduce($n, $m) { diff --git a/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php b/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php index 2ab676e6..58374b3d 100644 --- a/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php +++ b/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php @@ -55,7 +55,7 @@ abstract class EvalBarrett extends Base * * @param array $m * @param string $class - * @return callable + * @return callable|void */ protected static function generateCustomReduction(BCMath $m, $class) { diff --git a/phpseclib/Math/BigInteger/Engines/Engine.php b/phpseclib/Math/BigInteger/Engines/Engine.php index 89787416..9f3dc497 100644 --- a/phpseclib/Math/BigInteger/Engines/Engine.php +++ b/phpseclib/Math/BigInteger/Engines/Engine.php @@ -396,7 +396,7 @@ abstract class Engine implements \Serializable /** * Logical Not * - * @return \phpseclib\Math\BigInteger\Engines\Engine + * @return Engine|string */ public function bitwise_not() { @@ -465,7 +465,7 @@ abstract class Engine implements \Serializable * Instead of the top x bits being dropped they're appended to the shifted bit string. * * @param int $shift - * @return \phpseclib\Math\BigInteger\Engine\Engines + * @return \phpseclib\Math\BigInteger\Engines\Engine */ public function bitwise_leftRotate($shift) { @@ -563,7 +563,7 @@ abstract class Engine implements \Serializable /** * Performs some pre-processing for powMod * - * @return \phpseclib\Math\BigInteger\Engines\Engine + * @return bool|Engine */ protected function powModOuter(Engine $e, Engine $n) { @@ -591,11 +591,11 @@ abstract class Engine implements \Serializable * however, this function performs a modular reduction after every multiplication and squaring operation. * As such, this function has the same preconditions that the reductions being used do. * - * @param \phpseclib\Math\BigInteger\Engine $x - * @param \phpseclib\Math\BigInteger\Engine $e - * @param \phpseclib\Math\BigInteger\Engine $n + * @param \phpseclib\Math\BigInteger\Engines\Engine $x + * @param \phpseclib\Math\BigInteger\Engines\Engine $e + * @param \phpseclib\Math\BigInteger\Engines\Engine $n * @param string $class - * @return \phpseclib\Math\BigInteger\Engine + * @return \phpseclib\Math\BigInteger\Engines\Engine */ protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class) { @@ -691,7 +691,7 @@ abstract class Engine implements \Serializable /** * Performs some pre-processing for randomRangePrime * - * @return \phpseclib\Math\BigInteger\Engines\Engine + * @return bool|Engine */ protected static function randomRangePrimeOuter(Engine $min, Engine $max) { @@ -781,7 +781,7 @@ abstract class Engine implements \Serializable /** * Performs some post-processing for randomRangePrime * - * @return \phpseclib\Math\BigInteger\Engine + * @return bool|Engine */ protected static function randomRangePrimeInner(Engine $x, Engine $min, Engine $max) { diff --git a/phpseclib/Math/BigInteger/Engines/GMP.php b/phpseclib/Math/BigInteger/Engines/GMP.php index 5e5a0197..9a406a27 100644 --- a/phpseclib/Math/BigInteger/Engines/GMP.php +++ b/phpseclib/Math/BigInteger/Engines/GMP.php @@ -546,7 +546,7 @@ class GMP extends Engine * * Returns the nth root of a positive biginteger, where n defaults to 2 * - * @return \phpseclib\Math\BigInteger\Engines\Engine\GMP + * @return \phpseclib\Math\BigInteger\Engines\GMP */ protected function rootInner($n) { diff --git a/phpseclib/Math/BigInteger/Engines/PHP.php b/phpseclib/Math/BigInteger/Engines/PHP.php index 8e448cc0..bee28778 100644 --- a/phpseclib/Math/BigInteger/Engines/PHP.php +++ b/phpseclib/Math/BigInteger/Engines/PHP.php @@ -1314,7 +1314,7 @@ abstract class PHP extends Engine protected function powHelper(PHP $n) { if ($n->compare(static::$zero) == 0) { - return new self(1); + return new static(1); } // n^0 = 1 diff --git a/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php b/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php index 8bffb1ca..cdbf23a1 100644 --- a/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php +++ b/phpseclib/Math/BigInteger/Engines/PHP/Montgomery.php @@ -46,7 +46,7 @@ abstract class Montgomery extends Base * @param \phpseclib\Math\BigInteger\Engine $e * @param \phpseclib\Math\BigInteger\Engine $n * @param string $class - * @return \phpseclib\Math\BigInteger\Engine + * @return \phpseclib\Math\BigInteger\Engine|Engine */ protected static function slidingWindow(Engine $x, Engine $e, Engine $n, $class) { diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php index 4397586e..63496e69 100644 --- a/phpseclib/Net/SFTP.php +++ b/phpseclib/Net/SFTP.php @@ -3024,7 +3024,7 @@ class SFTP extends SSH2 * Returns a string if NET_SFTP_LOGGING == self::LOG_COMPLEX, an array if NET_SFTP_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SFTP_LOGGING') * * @access public - * @return string or Array + * @return array|string */ public function getSFTPLog() { @@ -3086,7 +3086,7 @@ class SFTP extends SSH2 * @return bool * @access private */ - private function disconnect_helper($reason) + protected function disconnect_helper($reason) { $this->pwd = false; parent::disconnect_helper($reason); diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php index 973b13f6..8cb3c625 100644 --- a/phpseclib/Net/SSH1.php +++ b/phpseclib/Net/SSH1.php @@ -1079,7 +1079,7 @@ class SSH1 * http://www.securiteam.com/securitynews/5LP042K3FY.html * * @see self::_send_binary_packet() - * @return array + * @return array|bool * @access private */ private function get_binary_packet() diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 49653416..5fc9dc6d 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -652,7 +652,7 @@ class SSH2 * @see self::_get_channel_packet() * @access private */ - private $curTimeout; + protected $curTimeout; /** * Real-time log file pointer @@ -881,6 +881,22 @@ class SSH2 */ private static $connections; + /** + * Send the identification string first? + * + * @var bool + * @access private + */ + private $send_id_string_first = true; + + /** + * Send the key exchange initiation packet first? + * + * @var bool + * @access private + */ + private $send_kex_first = true; + /** * Default Constructor. * @@ -890,7 +906,7 @@ class SSH2 * @param int $port * @param int $timeout * @see self::login() - * @return \phpseclib\Net\SSH2 + * @return SSH2|void * @access public */ public function __construct($host, $port = 22, $timeout = 10) @@ -995,13 +1011,69 @@ class SSH2 * OpenSSL, mcrypt, Eval, PHP * * @param int $engine - * @access private + * @access public */ public function setCryptoEngine($engine) { $this->crypto_engine = $engine; } + /** + * Send Identification String First + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + * @access public + */ + function sendIdentificationStringFirst() + { + $this->send_id_string_first = true; + } + + /** + * Send Identification String Last + * + * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, + * both sides MUST send an identification string". It does not say which side sends it first. In + * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + * @access public + */ + function sendIdentificationStringLast() + { + $this->send_id_string_first = false; + } + + /** + * Send SSH_MSG_KEXINIT First + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + * @access public + */ + function sendKEXINITFirst() + { + $this->send_kex_first = true; + } + + /** + * Send SSH_MSG_KEXINIT Last + * + * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending + * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory + * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy + * + * @access public + */ + function sendKEXINITLast() + { + $this->send_kex_first = false; + } + /** * Connect to an SSHv2 server * @@ -1044,7 +1116,9 @@ class SSH2 $this->identifier = $this->generate_identifier(); - fputs($this->fsock, $this->identifier . "\r\n"); + if ($this->send_id_string_first) { + fputs($this->fsock, $this->identifier . "\r\n"); + } /* According to the SSH2 specs, @@ -1120,16 +1194,26 @@ class SSH2 throw new \RuntimeException("Cannot connect to SSH $matches[1] servers"); } - $response = $this->get_binary_packet(); - if ($response === false) { - throw new \RuntimeException('Connection closed by server'); + if (!$this->send_id_string_first) { + fputs($this->fsock, $this->identifier . "\r\n"); } - if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) { - throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT'); + if (!$this->send_kex_first) { + $response = $this->get_binary_packet(); + if ($response === false) { + throw new \RuntimeException('Connection closed by server'); + } + + if (!strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) { + throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT'); + } + + if (!$this->key_exchange($response)) { + return false; + } } - if (!$this->key_exchange($response)) { + if ($this->send_kex_first && !$this->key_exchange()) { return false; } @@ -1177,13 +1261,13 @@ class SSH2 /** * Key Exchange * - * @param string $kexinit_payload_server + * @param string $kexinit_payload_server optional * @throws \UnexpectedValueException on receipt of unexpected packets * @throws \RuntimeException on other errors * @throws \phpseclib\Exception\NoSupportedAlgorithmsException when none of the algorithms phpseclib has loaded are compatible * @access private */ - private function key_exchange($kexinit_payload_server) + private function key_exchange($kexinit_payload_server = false) { $kex_algorithms = [ // Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using @@ -1321,6 +1405,49 @@ class SSH2 $client_cookie = Random::string(16); + $kexinit_payload_client = pack( + 'Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN', + NET_SSH2_MSG_KEXINIT, + $client_cookie, + strlen($str_kex_algorithms), + $str_kex_algorithms, + strlen($str_server_host_key_algorithms), + $str_server_host_key_algorithms, + strlen($encryption_algorithms_client_to_server), + $encryption_algorithms_client_to_server, + strlen($encryption_algorithms_server_to_client), + $encryption_algorithms_server_to_client, + strlen($mac_algorithms_client_to_server), + $mac_algorithms_client_to_server, + strlen($mac_algorithms_server_to_client), + $mac_algorithms_server_to_client, + strlen($compression_algorithms_client_to_server), + $compression_algorithms_client_to_server, + strlen($compression_algorithms_server_to_client), + $compression_algorithms_server_to_client, + 0, + '', + 0, + '', + 0, + 0 + ); + + if ($this->send_kex_first) { + if (!$this->send_binary_packet($kexinit_payload_client)) { + return false; + } + + $kexinit_payload_server = $this->get_binary_packet(); + if ($kexinit_payload_server === false) { + throw new \RuntimeException('Connection closed by server'); + } + + if (!strlen($kexinit_payload_server) || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT) { + throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT'); + } + } + $response = $kexinit_payload_server; Strings::shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT) $server_cookie = Strings::shift($response, 16); @@ -1392,39 +1519,9 @@ class SSH2 $first_kex_packet_follows = $first_kex_packet_follows != 0; - // the sending of SSH2_MSG_KEXINIT could go in one of two places. this is the second place. - $kexinit_payload_client = pack( - 'Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN', - NET_SSH2_MSG_KEXINIT, - $client_cookie, - strlen($str_kex_algorithms), - $str_kex_algorithms, - strlen($str_server_host_key_algorithms), - $str_server_host_key_algorithms, - strlen($encryption_algorithms_client_to_server), - $encryption_algorithms_client_to_server, - strlen($encryption_algorithms_server_to_client), - $encryption_algorithms_server_to_client, - strlen($mac_algorithms_client_to_server), - $mac_algorithms_client_to_server, - strlen($mac_algorithms_server_to_client), - $mac_algorithms_server_to_client, - strlen($compression_algorithms_client_to_server), - $compression_algorithms_client_to_server, - strlen($compression_algorithms_server_to_client), - $compression_algorithms_server_to_client, - 0, - '', - 0, - '', - 0, - 0 - ); - - if (!$this->send_binary_packet($kexinit_payload_client)) { + if (!$this->send_kex_first && !$this->send_binary_packet($kexinit_payload_client)) { return false; } - // here ends the second place. // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange @@ -3829,7 +3926,7 @@ class SSH2 * @return bool * @access private */ - private function disconnect_helper($reason) + protected function disconnect_helper($reason) { if ($this->bitmap & self::MASK_CONNECTED) { $data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, ''); @@ -4236,7 +4333,7 @@ class SSH2 case $r->compare($q) >= 0: case $s->equals($zero): case $s->compare($q) >= 0: - $this->disconnectHepler(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); + $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED); throw new \RuntimeException('Invalid signature'); } diff --git a/tests/Unit/Crypt/RC4Test.php b/tests/Unit/Crypt/RC4Test.php index e7aa6e3b..872b6a48 100644 --- a/tests/Unit/Crypt/RC4Test.php +++ b/tests/Unit/Crypt/RC4Test.php @@ -215,20 +215,20 @@ class Unit_Crypt_RC4Test extends PhpseclibTestCase { $objects = $engines = array(); $temp = new RC4(RC4::MODE_CTR); - $temp->setPreferredEngine(RC4::ENGINE_INTERNAL); + $temp->setPreferredEngine('internal'); $objects[] = $temp; $engines[] = 'internal'; - if ($temp->isValidEngine(RC4::ENGINE_MCRYPT)) { + if ($temp->isValidEngine('mcrypt')) { $temp = new RC4(RC4::MODE_CTR); - $temp->setPreferredEngine(RC4::ENGINE_MCRYPT); + $temp->setPreferredEngine('mcrypt'); $objects[] = $temp; $engines[] = 'mcrypt'; } - if ($temp->isValidEngine(RC4::ENGINE_OPENSSL)) { + if ($temp->isValidEngine('openssl')) { $temp = new RC4(RC4::MODE_CTR); - $temp->setPreferredEngine(RC4::ENGINE_OPENSSL); + $temp->setPreferredEngine('openssl'); $objects[] = $temp; $engines[] = 'OpenSSL'; } diff --git a/tests/Unit/Crypt/TripleDESTest.php b/tests/Unit/Crypt/TripleDESTest.php index cd8a7ccf..64350663 100644 --- a/tests/Unit/Crypt/TripleDESTest.php +++ b/tests/Unit/Crypt/TripleDESTest.php @@ -167,7 +167,7 @@ class Unit_Crypt_TripleDESTest extends PhpseclibTestCase $des->disablePadding(); $result = $des->encrypt($plaintext); $plaintext = bin2hex($plaintext); - $this->assertEquals($result, $expected, "Failed asserting that $plaintext yielded expected output in $engin engine"); + $this->assertEquals($result, $expected, "Failed asserting that $plaintext yielded expected output in $engine engine"); } public function testInnerChaining() diff --git a/tests/Unit/File/X509/CRLTest.php b/tests/Unit/File/X509/CRLTest.php new file mode 100644 index 00000000..78ad5d7d --- /dev/null +++ b/tests/Unit/File/X509/CRLTest.php @@ -0,0 +1,24 @@ + + * @copyright 2017 Jim Wigginton + * @license http://www.opensource.org/licenses/mit-license.html MIT License + */ + +use phpseclib\File\X509; + +class Unit_File_X509_CRLTest extends PhpseclibTestCase +{ + public function testLoadCRL() + { + $test = file_get_contents(__DIR__ . '/crl.bin'); + + $x509 = new X509(); + + $x509->loadCRL($test); + + $reason = $x509->getRevokedCertificateExtension('9048354325167497831898969642461237543', 'id-ce-cRLReasons'); + + $this->assertSame('unspecified', $reason); + } +} diff --git a/tests/Unit/File/X509/X509Test.php b/tests/Unit/File/X509/X509Test.php index 41258b21..773e2c41 100644 --- a/tests/Unit/File/X509/X509Test.php +++ b/tests/Unit/File/X509/X509Test.php @@ -181,6 +181,7 @@ aBtsWpliLSex/HHhtRW9AkBGcq67zKmEpJ9kXcYLEjJii3flFS+Ct/rNm+Hhm1l7 $issuer->setDN($subject->getDN()); $x509 = new X509(); + $x509->setEndDate('lifetime'); $result = $x509->sign($issuer, $subject); $cert = $x509->saveX509($result); diff --git a/tests/Unit/File/X509/crl.bin b/tests/Unit/File/X509/crl.bin new file mode 100644 index 00000000..ef6d3ee1 Binary files /dev/null and b/tests/Unit/File/X509/crl.bin differ