mirror of
https://github.com/danog/tgseclib.git
synced 2025-01-22 14:01:20 +01:00
Merge branch 'master' into diffie-hellman
This commit is contained in:
commit
f04d69a3eb
12
.github/FUNDING.yml
vendored
Normal file
12
.github/FUNDING.yml
vendored
Normal file
@ -0,0 +1,12 @@
|
||||
# These are supported funding model platforms
|
||||
|
||||
github: #terrafrost
|
||||
patreon: phpseclib
|
||||
open_collective: # Replace with a single Open Collective username
|
||||
ko_fi: # Replace with a single Ko-fi username
|
||||
tidelift: "packagist/phpseclib/phpseclib"
|
||||
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
|
||||
liberapay: # Replace with a single Liberapay username
|
||||
issuehunt: # Replace with a single IssueHunt username
|
||||
otechie: # Replace with a single Otechie username
|
||||
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
|
@ -20,6 +20,7 @@ before_install: true
|
||||
matrix:
|
||||
allow_failures:
|
||||
- php: nightly
|
||||
- php: 7.4snapshot
|
||||
|
||||
install:
|
||||
- wget http://ftp.gnu.org/gnu/parallel/parallel-20170822.tar.bz2
|
||||
|
@ -1,5 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## 2.0.21 - 2019-07-14
|
||||
|
||||
- SSH2: only auto close the channel for exec() timeouts (#1384)
|
||||
|
||||
## 2.0.20 - 2019-06-23
|
||||
|
||||
- BigInteger: lower PHP req back down to PHP 5.3.3 (#1382)
|
||||
|
5
LICENSE
5
LICENSE
@ -1,5 +1,4 @@
|
||||
Copyright 2007-2016 TerraFrost and other contributors
|
||||
http://phpseclib.sourceforge.net/
|
||||
Copyright (c) 2011-2019 TerraFrost and other contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
@ -18,4 +17,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
12
README.md
12
README.md
@ -2,6 +2,14 @@
|
||||
|
||||
[![Build Status](https://travis-ci.org/phpseclib/phpseclib.svg?branch=master)](https://travis-ci.org/phpseclib/phpseclib)
|
||||
|
||||
## Supporting phpseclib
|
||||
|
||||
- [Become a backer or sponsor on Patreon](https://www.patreon.com/phpseclib)
|
||||
- [One-time donation via PayPal or crypto-currencies](http://sourceforge.net/donate/index.php?group_id=198487)
|
||||
- [Subscribe to Tidelift](https://tidelift.com/subscription/pkg/packagist-phpseclib-phpseclib?utm_source=packagist-phpseclib-phpseclib&utm_medium=referral&utm_campaign=readme)
|
||||
|
||||
## Introduction
|
||||
|
||||
MIT-licensed pure-PHP implementations of an arbitrary-precision integer
|
||||
arithmetic library, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael,
|
||||
AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509
|
||||
@ -39,6 +47,10 @@ AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509
|
||||
* Install using PEAR: See [phpseclib PEAR Channel Documentation](http://phpseclib.sourceforge.net/pear.htm)
|
||||
* [Download 1.0.16 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.16.zip/download)
|
||||
|
||||
## Security contact information
|
||||
|
||||
To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
|
||||
|
||||
## Support
|
||||
|
||||
Need Support?
|
||||
|
@ -243,7 +243,7 @@ abstract class SymmetricKey
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private $enbuffer;
|
||||
protected $enbuffer;
|
||||
|
||||
/**
|
||||
* Decryption buffer for CTR, OFB and CFB modes
|
||||
@ -253,7 +253,7 @@ abstract class SymmetricKey
|
||||
* @var array
|
||||
* @access private
|
||||
*/
|
||||
private $debuffer;
|
||||
protected $debuffer;
|
||||
|
||||
/**
|
||||
* mcrypt resource for encryption
|
||||
|
@ -739,7 +739,14 @@ abstract class ASN1
|
||||
return isset(self::$oids[$decoded['content']]) ? self::$oids[$decoded['content']] : $decoded['content'];
|
||||
case self::TYPE_UTC_TIME:
|
||||
case self::TYPE_GENERALIZED_TIME:
|
||||
if (isset($mapping['implicit'])) {
|
||||
// for explicitly tagged optional stuff
|
||||
if (is_array($decoded['content'])) {
|
||||
$decoded['content'] = $decoded['content'][0]['content'];
|
||||
}
|
||||
// for implicitly tagged optional stuff
|
||||
// in theory, doing isset($mapping['implicit']) would work but malformed certs do exist
|
||||
// in the wild that OpenSSL decodes without issue so we'll support them as well
|
||||
if (!is_object($decoded['content'])) {
|
||||
$decoded['content'] = self::decodeTime($decoded['content'], $decoded['type']);
|
||||
}
|
||||
return $decoded['content'] ? $decoded['content']->format(self::$format) : false;
|
||||
@ -902,7 +909,7 @@ abstract class ASN1
|
||||
if ($mapping['type'] == self::TYPE_SET) {
|
||||
sort($value);
|
||||
}
|
||||
$value = implode($value, '');
|
||||
$value = implode('', $value);
|
||||
break;
|
||||
}
|
||||
|
||||
|
35
phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php
Normal file
35
phpseclib/File/ASN1/Maps/SubjectInfoAccessSyntax.php
Normal file
@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* SubjectInfoAccessSyntax
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category File
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @copyright 2016 Jim Wigginton
|
||||
* @license http://www.opensource.org/licenses/mit-license.html MIT License
|
||||
* @link http://phpseclib.sourceforge.net
|
||||
*/
|
||||
|
||||
namespace phpseclib\File\ASN1\Maps;
|
||||
|
||||
use phpseclib\File\ASN1;
|
||||
|
||||
/**
|
||||
* SubjectInfoAccessSyntax
|
||||
*
|
||||
* @package ASN1
|
||||
* @author Jim Wigginton <terrafrost@php.net>
|
||||
* @access public
|
||||
*/
|
||||
abstract class SubjectInfoAccessSyntax
|
||||
{
|
||||
const MAP = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'min' => 1,
|
||||
'max' => -1,
|
||||
'children' => AccessDescription::MAP
|
||||
];
|
||||
}
|
@ -575,7 +575,10 @@ class X509
|
||||
corresponding to the extension type identified by extnID */
|
||||
$map = $this->getMapping($id);
|
||||
if (!is_bool($map)) {
|
||||
$mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => [$this, 'decodeIP']]);
|
||||
$decoder = $id == 'id-ce-nameConstraints' ?
|
||||
[$this, 'decodeNameConstraintIP'] :
|
||||
[$this, 'decodeIP'];
|
||||
$mapped = ASN1::asn1map($decoded[0], $map, ['iPAddress' => $decoder]);
|
||||
$value = $mapped === false ? $decoded[0] : $mapped;
|
||||
|
||||
if ($id == 'id-ce-certificatePolicies') {
|
||||
@ -1466,18 +1469,37 @@ class X509
|
||||
return inet_ntop($ip);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decodes an IP address in a name constraints extension
|
||||
*
|
||||
* Takes in a base64 encoded "blob" and returns a human readable IP address / mask
|
||||
*
|
||||
* @param string $ip
|
||||
* @access private
|
||||
* @return array
|
||||
*/
|
||||
public function decodeNameConstraintIP($ip)
|
||||
{
|
||||
$size = strlen($ip) >> 1;
|
||||
$mask = substr($ip, $size);
|
||||
$ip = substr($ip, 0, $size);
|
||||
return [inet_ntop($ip), inet_ntop($mask)];
|
||||
}
|
||||
|
||||
/**
|
||||
* Encodes an IP address
|
||||
*
|
||||
* Takes a human readable IP address into a base64-encoded "blob"
|
||||
*
|
||||
* @param string $ip
|
||||
* @param string|array $ip
|
||||
* @access private
|
||||
* @return string
|
||||
*/
|
||||
public function encodeIP($ip)
|
||||
{
|
||||
return inet_pton($ip);
|
||||
return is_string($ip) ?
|
||||
inet_pton($ip) :
|
||||
inet_pton($ip[0]) . inet_pton($ip[1]);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -3564,7 +3564,9 @@ class SSH2
|
||||
// on windows this returns a "Warning: Invalid CRT parameters detected" error
|
||||
if (!@stream_select($read, $write, $except, $sec, $usec) && !count($read)) {
|
||||
$this->is_timeout = true;
|
||||
$this->close_channel($client_channel);
|
||||
if ($client_channel == self::CHANNEL_EXEC && !$this->request_pty) {
|
||||
$this->close_channel($client_channel);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
$elapsed = microtime(true) - $start;
|
||||
@ -3597,7 +3599,7 @@ class SSH2
|
||||
switch ($type) {
|
||||
case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
|
||||
/*
|
||||
if ($client_channel == NET_SSH2_CHANNEL_EXEC) {
|
||||
if ($client_channel == self::CHANNEL_EXEC) {
|
||||
$this->send_channel_packet($client_channel, chr(0));
|
||||
}
|
||||
*/
|
||||
|
@ -364,4 +364,32 @@ class Unit_File_ASN1Test extends PhpseclibTestCase
|
||||
$this->assertSame(pack('H*', '6983f09da7ebcfdee0c7a1a7b2c0948cc8f9d776'), $new);
|
||||
$this->assertSame($orig, ASN1::decodeOID($new));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group github1388
|
||||
*/
|
||||
public function testExplicitImplicitDate()
|
||||
{
|
||||
$map = [
|
||||
'type' => ASN1::TYPE_SEQUENCE,
|
||||
'children' => [
|
||||
'notBefore' => [
|
||||
'constant' => 0,
|
||||
'optional' => true,
|
||||
'implicit' => true,
|
||||
'type' => ASN1::TYPE_GENERALIZED_TIME],
|
||||
'notAfter' => [
|
||||
'constant' => 1,
|
||||
'optional' => true,
|
||||
'implicit' => true,
|
||||
'type' => ASN1::TYPE_GENERALIZED_TIME]
|
||||
]
|
||||
];
|
||||
|
||||
$a = pack('H*', '3026a011180f32303137303432313039303535305aa111180f32303138303432313230353935395a');
|
||||
$a = ASN1::decodeBER($a);
|
||||
$a = ASN1::asn1map($a[0], $map);
|
||||
|
||||
$this->assertInternalType('array', $a);
|
||||
}
|
||||
}
|
||||
|
@ -961,4 +961,46 @@ A9bhRA0cVk7bAEU2c44CYg==
|
||||
|
||||
$this->assertFalse($r);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group github1387
|
||||
*/
|
||||
public function testNameConstraintIP()
|
||||
{
|
||||
$x509 = new X509();
|
||||
$r = $x509->loadX509('-----BEGIN CERTIFICATE-----
|
||||
MIIGcDCCBVigAwIBAgIQRUgJC4ec7yFWcqzT3mwbWzANBgkqhkiG9w0BAQwFADB1MQswCQYDVQQG
|
||||
EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
|
||||
dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCAXDTE1
|
||||
MTIxNzEyMzg0M1oYDzIwMzAxMjE3MjM1OTU5WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMg
|
||||
U2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMM
|
||||
DkVTVEVJRC1TSyAyMDE1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oH61NDxbdW9
|
||||
k8nLA1qGaL4B7vydod2Ewp/STBZB3wEtIJCLdkpEsS8pXfFiRqwDVsgGGbu+Q99trlb5LI7yi7rI
|
||||
kRov5NftBdSNPSU5rAhYPQhvZZQgOwRaHa5Ey+BaLJHmLqYQS9hQvQsCYyws+xVvNFUpK0pGD64i
|
||||
ycqdMuBl/nWq3fLuZppwBh0VFltm4nhr/1S0R9TRJpqFUGbGr4OK/DwebQ5PjhdS40gCUNwmC7fP
|
||||
Q4vIH+x+TCk2aG+u3MoAz0IrpVWqiwzG/vxreuPPAkgXeFCeYf6fXLsGz4WivsZFbph2pMjELu6s
|
||||
ltlBXfAG3fGv43t91VXicyzR/eT5dsB+zFsW1sHV+1ONPr+qzgDxCH2cmuqoZNfIIq+buob3eA8e
|
||||
e+XpJKJQr+1qGrmhggjvAhc7m6cU4x/QfxwRYhIVNhJf+sKVThkQhbJ9XxuKk3c18wymwL1mpDD0
|
||||
PIGJqlssMeiuJ4IzagFbgESGNDUd4icm0hQT8CmQeUm1GbWeBYseqPhMQX97QFBLXJLVy2SCyoAz
|
||||
7Bq1qA43++EcibN+yBc1nQs2Zoq8ck9MK0bCxDMeUkQUz6VeQGp69ImOQrsw46qTz0mtdQrMSbnk
|
||||
XCuLan5dPm284J9HmaqiYi6j6KLcZ2NkUnDQFesBVlMEm+fHa2iR6lnAFYZ06UECAwEAAaOCAgow
|
||||
ggIGMB8GA1UdIwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMB0GA1UdDgQWBBSzq4i8mdVipIUq
|
||||
CM20HXI7g3JHUTAOBgNVHQ8BAf8EBAMCAQYwdwYDVR0gBHAwbjAIBgYEAI96AQIwCQYHBACL7EAB
|
||||
AjAwBgkrBgEEAc4fAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAsGCSsG
|
||||
AQQBzh8BAjALBgkrBgEEAc4fAQMwCwYJKwYBBAHOHwEEMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYD
|
||||
VR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUH
|
||||
AQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0
|
||||
cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5j
|
||||
cnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvZWVj
|
||||
Y3JjYS5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHRWDGI3P00r2sOnlvLHKk9eE7X93eT+4e5TeaQs
|
||||
OpE5zQRUTtshxN8Bnx2ToQ9rgi18q+MwXm2f0mrGakYYG0bix7ZgDQvCMD/kuRYmwLGdfsTXwh8K
|
||||
uL6uSHF+U/ZTss6qG7mxCHG9YvebkN5Yj/rYRvZ9/uJ9rieByxw4wo7b19p22PXkAkXP5y3+qK/O
|
||||
et98lqwI97kJhiS2zxFYRk+dXbazmoVHnozYKmsZaSUvoYNNH19tpS7BLdsgi9KpbvQLb5ywIMq9
|
||||
ut3+b2Xvzq8yzmHMFtLIJ6Afu1jJpqD82BUAFcvi5vhnP8M7b974R18WCOpgNQvXDI+2/8ZINeU=
|
||||
-----END CERTIFICATE-----');
|
||||
$r = $x509->saveX509($r);
|
||||
$r = $x509->loadX509($r);
|
||||
$this->assertSame($r['tbsCertificate']['extensions'][5]['extnValue']['excludedSubtrees'][1]['base']['iPAddress'], ['0.0.0.0', '0.0.0.0']);
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user