diff --git a/composer.json b/composer.json index 99099f94..fb893d5a 100644 --- a/composer.json +++ b/composer.json @@ -69,10 +69,7 @@ }, "psr-4": { "phpseclib\\": "phpseclib/" - }, - "files": [ - "phpseclib/Crypt/Random.php" - ] + } }, "extra": { "branch-alias": { diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php index 99b4dad6..56460b50 100644 --- a/phpseclib/Crypt/RSA.php +++ b/phpseclib/Crypt/RSA.php @@ -72,11 +72,7 @@ use \phpseclib\Math\BigInteger; /** * Include Crypt_Random */ -// the class_exists() will only be called if the crypt_random_string function hasn't been defined and -// will trigger a call to __autoload() if you're wanting to auto-load classes -// call function_exists() a second time to stop the include_once from being called outside -// of the auto loader -if (!function_exists('crypt_random_string')) { +if (!class_exists('Crypt_Random')) { include_once 'Random.php'; } @@ -798,7 +794,7 @@ class Crypt_RSA $source.= pack('Na*', strlen($private), $private); $hashkey = 'putty-private-key-file-mac-key'; } else { - $private.= crypt_random_string(16 - (strlen($private) & 15)); + $private.= Crypt_Random::crypt_random_string(16 - (strlen($private) & 15)); $source.= pack('Na*', strlen($private), $private); if (!class_exists('Crypt_AES')) { include_once 'Crypt/AES.php'; @@ -864,7 +860,7 @@ class Crypt_RSA ); $RSAPrivateKey = pack('Ca*a*', CRYPT_RSA_ASN1_SEQUENCE, $this->_encodeLength(strlen($RSAPrivateKey)), $RSAPrivateKey); if (!empty($this->password) || is_string($this->password)) { - $salt = crypt_random_string(8); + $salt = Crypt_Random::crypt_random_string(8); $iterationCount = 2048; if (!class_exists('Crypt_DES')) { @@ -904,7 +900,7 @@ class Crypt_RSA } if (!empty($this->password) || is_string($this->password)) { - $iv = crypt_random_string(8); + $iv = Crypt_Random::crypt_random_string(8); $symkey = pack('H*', md5($this->password . $iv)); // symkey is short for symmetric key $symkey.= substr(pack('H*', md5($symkey . $this->password . $iv)), 0, 8); if (!class_exists('Crypt_TripleDES')) { @@ -2306,7 +2302,7 @@ class Crypt_RSA $lHash = $this->hash->hash($l); $ps = str_repeat(chr(0), $this->k - $mLen - 2 * $this->hLen - 2); $db = $lHash . $ps . chr(1) . $m; - $seed = crypt_random_string($this->hLen); + $seed = Crypt_Random::crypt_random_string($this->hLen); $dbMask = $this->_mgf1($seed, $this->k - $this->hLen - 1); $maskedDB = $db ^ $dbMask; $seedMask = $this->_mgf1($maskedDB, $this->hLen); @@ -2424,7 +2420,7 @@ class Crypt_RSA $psLen = $this->k - $mLen - 3; $ps = ''; while (strlen($ps) != $psLen) { - $temp = crypt_random_string($psLen - strlen($ps)); + $temp = Crypt_Random::crypt_random_string($psLen - strlen($ps)); $temp = str_replace("\x00", '', $temp); $ps.= $temp; } @@ -2530,7 +2526,7 @@ class Crypt_RSA return false; } - $salt = crypt_random_string($sLen); + $salt = Crypt_Random::crypt_random_string($sLen); $m2 = "\0\0\0\0\0\0\0\0" . $mHash . $salt; $h = $this->hash->hash($m2); $ps = str_repeat(chr(0), $emLen - $sLen - $this->hLen - 2); diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index b7d8dac7..3dc22998 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -43,17 +43,8 @@ * @link http://phpseclib.sourceforge.net */ -// laravel is a PHP framework that utilizes phpseclib. laravel workbenches may, independently, -// have phpseclib as a requirement as well. if you're developing such a program you may encounter -// a "Cannot redeclare crypt_random_string()" error. -if (!function_exists('crypt_random_string')) { - /** - * "Is Windows" test - * - * @access private - */ - define('CRYPT_RANDOM_IS_WINDOWS', strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'); - +class Crypt_Random +{ /** * Generate a random string. * @@ -65,9 +56,9 @@ if (!function_exists('crypt_random_string')) { * @return String * @access public */ - function crypt_random_string($length) + static function crypt_random_string($length) { - if (CRYPT_RANDOM_IS_WINDOWS) { + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { // method 1. prior to PHP 5.3 this would call rand() on windows hence the function_exists('class_alias') call. // ie. class_alias is a function that was introduced in PHP 5.3 if (function_exists('mcrypt_create_iv') && function_exists('class_alias')) { diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php index 172e3661..e108c373 100644 --- a/phpseclib/File/X509.php +++ b/phpseclib/File/X509.php @@ -3475,7 +3475,7 @@ class File_X509 // "A challenge string that is submitted along with the public key. Defaults to an empty string if not specified." // both Firefox and OpenSSL ("openssl spkac -key private.key") behave this way // we could alternatively do this instead if we ignored the specs: - // crypt_random_string(8) & str_repeat("\x7F", 8) + // Crypt_Random::crypt_random_string(8) & str_repeat("\x7F", 8) 'challenge' => !empty($this->challenge) ? $this->challenge : '' ), 'signatureAlgorithm' => array('algorithm' => $signatureAlgorithm), diff --git a/phpseclib/Math/BigInteger.php b/phpseclib/Math/BigInteger.php index c82ab037..f3ea5cb6 100644 --- a/phpseclib/Math/BigInteger.php +++ b/phpseclib/Math/BigInteger.php @@ -68,6 +68,8 @@ namespace phpseclib\Math; +use Crypt_Random; + /**#@+ * Reduction constants * @@ -3021,7 +3023,7 @@ class BigInteger /** * Generates a random BigInteger * - * Byte length is equal to $length. Uses crypt_random if it's loaded and mt_rand if it's not. + * Byte length is equal to $length. Uses Crypt_Random if it's loaded and mt_rand if it's not. * * @param Integer $length * @return \phpseclib\Math\BigInteger @@ -3029,8 +3031,8 @@ class BigInteger */ function _random_number_helper($size) { - if (function_exists('crypt_random_string')) { - $random = crypt_random_string($size); + if (class_exists('Crypt_Random')) { + $random = Crypt_Random::crypt_random_string($size); } else { $random = ''; diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php index ae10bffc..bb5f3cc1 100644 --- a/phpseclib/Net/SSH1.php +++ b/phpseclib/Net/SSH1.php @@ -520,11 +520,7 @@ class Net_SSH1 function __construct($host, $port = 22, $timeout = 10, $cipher = NET_SSH1_CIPHER_3DES) { // Include Crypt_Random - // the class_exists() will only be called if the crypt_random_string function hasn't been defined and - // will trigger a call to __autoload() if you're wanting to auto-load classes - // call function_exists() a second time to stop the include_once from being called outside - // of the auto loader - if (!function_exists('crypt_random_string') && !class_exists('Crypt_Random') && !function_exists('crypt_random_string')) { + if (!class_exists('Crypt_Random')) { include_once 'Crypt/Random.php'; } @@ -635,7 +631,7 @@ class Net_SSH1 $session_id = pack('H*', md5($host_key_public_modulus->toBytes() . $server_key_public_modulus->toBytes() . $anti_spoofing_cookie)); - $session_key = crypt_random_string(32); + $session_key = Crypt_Random::crypt_random_string(32); $double_encrypted_session_key = $session_key ^ str_pad($session_id, 32, chr(0)); if ($server_key_public_modulus->compare($host_key_public_modulus) < 0) { @@ -1183,7 +1179,7 @@ class Net_SSH1 $length = strlen($data) + 4; - $padding = crypt_random_string(8 - ($length & 7)); + $padding = Crypt_Random::crypt_random_string(8 - ($length & 7)); $orig = $data; $data = $padding . $data; @@ -1369,7 +1365,7 @@ class Net_SSH1 $length = strlen($modulus) - strlen($m) - 3; $random = ''; while (strlen($random) != $length) { - $block = crypt_random_string($length - strlen($random)); + $block = Crypt_Random::crypt_random_string($length - strlen($random)); $block = str_replace("\x00", '', $block); $random.= $block; } diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php index 80b4825e..84414207 100644 --- a/phpseclib/Net/SSH2.php +++ b/phpseclib/Net/SSH2.php @@ -855,7 +855,7 @@ class Net_SSH2 */ function __construct($host, $port = 22, $timeout = 10) { - if (!function_exists('crypt_random_string')) { + if (!class_exists('Crypt_Random')) { include_once 'Crypt/Random.php'; } @@ -1202,7 +1202,7 @@ class Net_SSH2 $compression_algorithms_server_to_client = $compression_algorithms_client_to_server = implode(',', $compression_algorithms); } - $client_cookie = crypt_random_string(16); + $client_cookie = Crypt_Random::crypt_random_string(16); $response = $kexinit_payload_server; $this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT) @@ -3154,7 +3154,7 @@ class Net_SSH2 $packet_length+= (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size; // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length $padding_length = $packet_length - strlen($data) - 5; - $padding = crypt_random_string($padding_length); + $padding = Crypt_Random::crypt_random_string($padding_length); // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);