* PSR2-1.0:
Fix indentation phpcbf did not fix.
Remove PSR2.Methods.FunctionCallSignature.SpaceAfterOpenBracket exception.
Use phpcbf to fix PHP code to ruleset.
Ignore coding guidelines in ANSI switch block.
Base code sniffer ruleset on PSR2 rather than PEAR.
Update PHP Code Sniffer to 2.3.3
Conflicts:
build/code-sniffer-ruleset-tests.xml
build/code-sniffer-ruleset.xml
composer.lock
phpseclib/Crypt/DES.php
phpseclib/Crypt/Hash.php
phpseclib/Crypt/RSA.php
phpseclib/File/X509.php
phpseclib/Math/BigInteger.php
phpseclib/Net/SFTP.php
phpseclib/Net/SSH1.php
phpseclib/Net/SSH2.php
tests/Functional/Net/SFTPUserStoryTest.php
tests/Unit/Crypt/TwofishTest.php
X509: use a random serial number for 2.0 branch
* terrafrost/x509-serialnumber-2.0:
X509: add a comment to explain the bitmask
X509: move where Crypt/Random loading is done
X509: use a random serial number
X509: use a random serial number for 1.0 branch
* terrafrost/x509-serialnumber-1.0:
X509: add a comment to explain the bitmask
X509: move where Crypt/Random loading is done
X509: use a random serial number
To accomodate this decrypt() can no longer return false. If padding is enabled and the padding length is invalid (the only condition under which false was returned) an InvalidInputException will be thrown.
Also, previously, when encrypting, if the padding was disabled and the plaintext wasn't a multiple of the block size a E_USER_NOTICE would be issued via user_error() and then padding would be enabled. Now it's not enabled - an exception is thrown suggesting that you might want to enable padding and that's that.
Add support for RFC 4419: diffie-hellman-group-exchange-sha{1,256}
* bantu/diffie-hellman-group-exchange-sha256:
Add support for RFC 4419: diffie-hellman-group-exchange-sha{1,256}
SFTP: delete stat cache for recursive deletes / 1.0 branch
* terrafrost/sftp-recur-delete-stat-cache-1.0:
SFTP: update how recursive delete's update stat cache
Tests/SFTP: add unit test
[1.0] Various fixes to fopen mode handling in SFTP Stream
* bantu/SFTPStreamTest:
Explicitly set size to 0 when creating or truncating.
mode[0] of 'c' is not supposed to truncate.
Need to create the file when it does not exist and mode[0] is not 'r'.
Add SFTPStreamTest::testFopenFcloseCreatesFile()
Various fixes to fopen mode handling in SFTP Stream
* bantu/SFTPStreamTest:
Explicitly set size to 0 when creating or truncating.
mode[0] of 'c' is not supposed to truncate.
Need to create the file when it does not exist and mode[0] is not 'r'.
Add SFTPStreamTest::testFopenFcloseCreatesFile()
Conflicts:
tests/Functional/Net/SFTPLargeFileTest.php
* 1.0:
Tests/SFTP: $lstat->$stat
Tests/SFTP: just check to see that stat / lstat return an array
SFTP: update conditions under which cache for lstat / . is used
Tests/SFTP: add test for stat's on .
SFTP: update conditions under which cache for lstat / . is used for 1.0 branch
* terrafrost/lstat-fix-1.0:
Tests/SFTP: $lstat->$stat
Tests/SFTP: just check to see that stat / lstat return an array
SFTP: update conditions under which cache for lstat / . is used
Tests/SFTP: add test for stat's on .
ASN1 parsing fix for issue mainly effecting CSR's for 2.0 branch
* terrafrost/asn1-fix-2.0:
Tests/X509: PHP5 adjustments
ASN1: handle malformed input better
Tests/X509/CSR: add unit test for ASN1 changes
ASN1: constructed context-specific tags can have x sub elements
ASN1 parsing fix for issue mainly effecting CSR's for 1.0 branch
* terrafrost/asn1-fix-1.0:
ASN1: handle malformed input better
Tests/X509/CSR: add unit test for ASN1 changes
ASN1: constructed context-specific tags can have x sub elements
fix E_NOTICE with SSH2 global requests
* terrafrost/ssh2-global-request:
SSH2: string shift by 4 instead of by 1
SSH2: fix E_NOTICE involving global requests
Agent Forwarding for 1.0 branch
* terrafrost/agentforwarding-1.0:
removed unwarrented user_error
preference isset over array_key_exists, return false on failure, break after return channel opened
moved agent forwarding channel handling to filter method and reusing existing open channels to request forwarding
removed stopSSHForwarding
determining what failure to expect
addresses low hanging fruit comments from terrafrost and bantu
removed superfluous default case
SSH agent forwarding implementation
make it so that the timeout in the constructor behaves in the same
way that timeout's set via setTimeout() do. eg. isTimeout() tells
you if a timeout was thrown etc.
* 1.0:
Tests/X509: swap expected and actual value
Tests/X509: fix unit test
Tests/X509: add unit test for unsupported extension encoding
X509: always base64-encode extensions for which _getMapping returns a bool
SSH2: update conditions under which _disconnect's code is executed
* terrafrost/disconnect-fix:
SSH2: update conditions under which _disconnect's code is executed
SSH2: update conditions under which _disconnect's code is executed
* terrafrost/disconnect-fix:
SSH2: update conditions under which _disconnect's code is executed
Replaced get_class() calls with instanceof operators
* cnelissen/ReplaceGetClassFix:
Revert changes for abstract methods in Base class
Replaced get_class() calls with instanceof operators
Currently, Net_SCP::put() has a callback parameter, allowing the consumer to monitor/log/report progress (or whatever they please).
This patch adds the same feature, working in the same way, to Net_SFTP::put()
Change copyright years from roman numeral to decimal numbers.
* bantu/fix-547:
Change copyright years from roman numeral to decimal numbers.
Conflicts:
phpseclib/System/SSH_Agent.php
the last _send_channel_packet was unnecessarily complex. this lead
to a number of problems. for example,
the window size was checked for adjustments in two places. in the
second place it receives a window adjustment packet and just assumes
that the window adjustment packet was big enough for the rest of the
data.
(thanks, pixall!)
System package constants fix
* cnelissen/SystemPackageConstantsFix:
Added SSH_AGENT_FAILURE constant back in
Missed a couple SYSTEM_ prefixes
Moved global constants to class constants
Currently, the call to "scp -t" or "scp -f" just uses naive quoting - i.e. a couple of quote marks are thrown in.
But, this can easily be escaped from - if the filename has a quote mark of its own in it, for example.
e.g. if the filename is as follows, then bad things will happen:
";rm -rf /
Instead, escapeshellarg should be used, to make sure it gets escaped properly.
Split File_ASN1 and File_ASN1_Element into separate files
* cnelissen/FixFileAsn1Classes:
Code sniffer php version fix
Removed duplicated docblock text
Codesniff fix
Split File_ASN1 and File_ASN1_Element into separate files
Split System_SSH_Agent and System_SSH_Agent_Identity into separate files
* cnelissen/FixSSHAgentClasses:
Code sniff php version fix
Removed duplicated docblock text
Split System_SSH_Agent and System_SSH_Agent_Identity into separate files
aside from the addition of OpenSSL support a few other changes have been included:
- setEngine(), as added by petrich, is depricated (not that it was ever in trunk to begin with)
it has been replaced with isValidEngine() and setPreferredEngine().
- replace _generate_xor() with increment_str()
_increment_str() had extra functionality that wasn't being used. ie. it could concatenate
multiple successive string increments to one another automatically. but not only was that
functionality not used - it also made the function less versatile. _increment_str() can be
used more easily for iterative brute forcing (for example)
- rename Crypt_Base::_stringShift to Crypt_Base::_string_shift (for consistency)
- more expansive unit test coverage
Sometimes SSH servers will null pad their RSA keys. this null padding
broke Net/SSH2.php's RSA implementation (Crypt/RSA.php's implementation
works just fine). Also, the -3 was counting the initial "\0" of $h
twice so adjust it to -2.
SFTP: Replace incorrect comment about filesize. There is no 4 GiB limit.
* bantu/sftp-large-file-comment:
SFTP: Replace incorrect comment about filesize. There is no 4 GiB limit.
* master:
ASN1: fix unit test
ASN1: add unit test for non-constructed context-specific change
ASN1: fix issue with non-constructed context-specific tags
README: update download link to 0.3.8
* master:
RSA: syntax error in unit tests
RSA: make unit tests perform string comparisons sans white space chars
RSA: update unit test
RSA: add unit test
RSA: make XML keys use unsigned integers
RSA: make XML keys use unsigned integers
* terrafrost/rsa-xml-unsigned:
RSA: syntax error in unit tests
RSA: make unit tests perform string comparisons sans white space chars
RSA: update unit test
RSA: add unit test
RSA: make XML keys use unsigned integers
it doesn't need to be defined since the strlen($this->last_interactive_response)
check in _login_helper serves the same purpose that NET_SSH_MASK_LOGIN_INTERACTIVE
was intended to serve
* master:
ASN1: one more unit test change
ASN1: another unit test update
ASN1: unit test adjustments
ASN1: cs adjustments to unit test
ASN1: add unit tests for indefinite length decoding
ASN1: CS adjustment (rm whitespace at eol)
ASN1: rewrite _decode_der
Conflicts:
phpseclib/File/ASN1.php
ASN1: rewrite _decode_der
* terrafrost/asn1-handle-indef-lengths:
ASN1: one more unit test change
ASN1: another unit test update
ASN1: unit test adjustments
ASN1: cs adjustments to unit test
ASN1: add unit tests for indefinite length decoding
ASN1: CS adjustment (rm whitespace at eol)
ASN1: rewrite _decode_der
* master:
SFTP: cs adjustment
SFTP: optimize conditional calls to fclose in get() method
SFTP: grammar
SFTP: fix issue with uploading via a resource
SFTP: make it so files can be downloaded into resources or upload from resources
* master:
AES: don't do mcrypt unit tests if mcrypt extension is not available
AES: a few final changes
AES: set CRYPT_RIJNDAEL_MODE as well in unit tests
AES: CS changes to unit tests
AES: more unit test fixes
AES: unit test updates
AES: more unit test fixes
AES: add new lines to end of unit tests
AES: CS adjustments to unit tests
AES: first attempt at unit tests for key padding
Rijndael, AES: adjustments to what key sizes are and aren't allowed
* master:
Hash: apply fixes to sha512 unit tests as well
Hash: one more fix to unit test
Hash: fix unit tests
Hash: add unit tests
Hash: add sha256-96 and sha512-96
Hash: add sha256-96 and sha512-96
* terrafrost/hash-96-2:
Hash: apply fixes to sha512 unit tests as well
Hash: one more fix to unit test
Hash: fix unit tests
Hash: add unit tests
Hash: add sha256-96 and sha512-96
* master:
SSH2: white space adjustment
SSH: update getServerPublicHostKey() to use new _connect() method
SSH2: fix if statement for conditional _connect() call
simplify calls to $this->_connect()
SSH2: make it so negotiated algorithms can be seen before login
SSH2: make it so negotiated algorithms can be seen before login
* terrafrost/ssh2-show-methods-before-login:
SSH2: white space adjustment
SSH: update getServerPublicHostKey() to use new _connect() method
SSH2: fix if statement for conditional _connect() call
simplify calls to $this->_connect()
SSH2: make it so negotiated algorithms can be seen before login
This small patch adds hmac-sha2-256 support separately as requested in #423.
Some security standards now recommend to disable MD5 and SHA1, and use SHA2 instead. This change was tested using SHA2 against RHEL6's OpenSSH v5.3p1 and Solaris 11. And was also tested with RHEL5's OpenSSH 4.3p2 which doesn't include SHA2.
SFTP: Do not check filename over and over again, remove '.' and '..' from the map instead.
* bantu/sftp-skip-current-dir-by-removal:
Do not check filename over and over again, remove '.' and '..' from the map instead.
SSH2: make isConnected return true if even if we're not logged in
* terrafrost/ssh2-connected:
SSH2: make isConnected return true if even if we're not logged in
SCP: add support for file names with spaces
* terrafrost/scp-spaces:
SCP: always encapsulate filenames within double quotes
SCP: add support for file names with spaces
* master:
Use get_called_class() if available.
Add Net_SFTP_Stream::register() for easier autoloading.
Add unit test for (to be added) Net_SFTP_Stream::register().
* master:
SFTP: return $sftp object in unit tests
SFTP: fix unit test
SFTP: syntax error in unit test
SFTP: add unit tests for symlinks
SFTP: add readlink and symlink functions
SFTP: add readlink and symlink functions
* terrafrost/symlink:
SFTP: return $sftp object in unit tests
SFTP: fix unit test
SFTP: syntax error in unit test
SFTP: add unit tests for symlinks
SFTP: add readlink and symlink functions
* master:
phpseclib_is_includable() -> phpseclib_resolve_include_path()
Drop Net_SSH2::_is_includable() method.
Random: a few changes to the stream_resolve_include_path_function
Replace stream_resolve_include_path with phpseclib_is_includable.
Random: add explanatory comment
SSH2: replace _is_includable() with stream_resolve_include_path
Random: include the Crypt_* classes if they're available
Conflicts:
tests/bootstrap.php
Random: include the Crypt_* classes if they're available
* bantu/a-random-change:
phpseclib_is_includable() -> phpseclib_resolve_include_path()
Drop Net_SSH2::_is_includable() method.
Random: a few changes to the stream_resolve_include_path_function
Replace stream_resolve_include_path with phpseclib_is_includable.
Random: add explanatory comment
SSH2: replace _is_includable() with stream_resolve_include_path
Random: include the Crypt_* classes if they're available
* master:
SSH2: rm redundant part of SSH2 unit test
SSH2: add unit test for getServerPublicHostKey
SSH2: make it so you can verify server public host key without logging on
SSH2: make it so you can verify server public host key without logging on
* terrafrost/server-host-key:
SSH2: rm redundant part of SSH2 unit test
SSH2: add unit test for getServerPublicHostKey
SSH2: make it so you can verify server public host key without logging on
* master:
Crypt/Base: readability improvement
RSA: CS adjustments
RSA: rename PUBLIC_FORMAT_PKCS1_RAW -> PUBLIC_FORMAT_PKCS8
RSA: add PKCS8 unit tests
RSA: add support for saving encrypted PKCS8 keys
Crypt/Base: adjust default key size for pbkdf1
RSA: add support for loading PKCS8 encrypted private keys
Crypt/Base: add support for pbkdf1
RSA: add support for saving to PKCS8 (unencrypted)
RSA: add support for PKCS8 encoded private keys
* terrafrost/pkcs8:
Crypt/Base: readability improvement
RSA: CS adjustments
RSA: rename PUBLIC_FORMAT_PKCS1_RAW -> PUBLIC_FORMAT_PKCS8
RSA: add PKCS8 unit tests
RSA: add support for saving encrypted PKCS8 keys
Crypt/Base: adjust default key size for pbkdf1
RSA: add support for loading PKCS8 encrypted private keys
Crypt/Base: add support for pbkdf1
RSA: add support for saving to PKCS8 (unencrypted)
* master:
BigInteger: one more change to the comments
BigInteger: update comments
BigInteger: unit test update
BigInteger: change argument names for random / randomPrime
BigInteger: fix unit tests
BigInteger: fix syntax error
BigInteger: make it so you can do $min->random($max)
Conflicts:
phpseclib/Math/BigInteger.php
BigInteger: make it so you can do $min->random($max)
* terrafrost/another-random-change:
BigInteger: one more change to the comments
BigInteger: update comments
BigInteger: unit test update
BigInteger: change argument names for random / randomPrime
BigInteger: fix unit tests
BigInteger: fix syntax error
BigInteger: make it so you can do $min->random($max)
RSA: slight adjustment to CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW format
* terrafrost/rsa-format-change:
RSA: slight adjustment to CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW format
none of the other statically defined variables have the potential
to change as multiple Net_SSH2 objects are created but this one does.
ie. if you connect to one SSH-2.0-SSHD server then no subsequent server
will use hmac-sha1-96 even if it could
CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW and CRYPT_RSA_PUBLIC_FORMAT_PKCS1
produce two very similar looking keys but they are not the same.
As dissection OpenSSL's asn1parse would reveal CRYPT_RSA_PUBLIC_FORMAT_PKCS1
has the fact that it is an RSA key embedded within it whereas
CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW does not. phpseclib now resolves
this ambiguity in the same way that OpenSSH's ssh-keygen does.
Despite this change CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW is still incompatible
with OpenSSL's rsautl (CRYPT_RSA_PUBLIC_FORMAT_PKCS1 is compatible). I guess
this incompatibility isn't just due to the headers but is also due to the
overall structure of the format.
* master:
SFTP: update one last comment
SFTP: update unit test comments
SFTP: add new line to end of unit test
SFTP: assertEquals -> assertSame
SFTP: reset sort options every time and update unit test
SFTP: rm whitespace
SFTP: define $sortOptions
SFTP: add the ability for nlist() and rawlist() to be sorted
SFTP: add the ability for nlist() and rawlist() to be sorted
* terrafrost/sftp-sort2:
SFTP: update one last comment
SFTP: update unit test comments
SFTP: add new line to end of unit test
SFTP: assertEquals -> assertSame
SFTP: reset sort options every time and update unit test
SFTP: rm whitespace
SFTP: define $sortOptions
SFTP: add the ability for nlist() and rawlist() to be sorted
* master:
X509: Unit test CS changes
X509: move location of SPKAC unit test
X509: CS adjustments
X509: PHP4 compat changes
RSA: PHP4 compat changes
X509: rm trailing white space from unit test
X509: add SPKAC unit test
X509: add signSPKAC() and saveSPKAC() methods
SSH2: make it so callback functions can make exec() return early
* terrafrost/ssh2-exec-callback-termination:
SSH2: 0x7FFFFFFF -> $this->window_size in one more place
SSH2: make it so callback functions can make exec() return early
* master:
SFTP: last commit had a few ommissions
SFTP Functional tests: Make use of assertNotSame
SFTP Functional tests: Keep story linear.
SFTP: add more unit tests
* master:
SFTP: use_cache -> use_stat_cache
SFTP: switch from using file existence cache to stat cache, like PHP
SFTP: add support for recursive nlist and rawlist
SFTP: add file_exists, is_dir and is_file functions
SFTP: add file_exists, is_dir and is_file functions
* terrafrost/sftp-changes-20140510:
SFTP: use_cache -> use_stat_cache
SFTP: switch from using file existence cache to stat cache, like PHP
SFTP: add support for recursive nlist and rawlist
SFTP: add file_exists, is_dir and is_file functions
The code to convert the regular integer type into the appropriate format could all just be in-line'd when an integer primitive is used but this approach is easier to read.
* master:
ASN1: test case updates
ASN1: add test cases for latest changes
ASN1: CS update
ASN1: make developing new ASN.1 scripts a little easier
ASN1: make it so bit string's can have an optional minimum size
ASN1: explicit application tags didn't work (although implicit ones did)
ASN1 changes
* terrafrost/keberos-fix:
ASN1: test case updates
ASN1: add test cases for latest changes
ASN1: CS update
ASN1: make developing new ASN.1 scripts a little easier
ASN1: make it so bit string's can have an optional minimum size
ASN1: explicit application tags didn't work (although implicit ones did)
* master:
SSH2: move _connect() call to _login() from login()
SSH2: phpdoc updates
SSH: clarify role of constructor / connection timeout
SSH1: do fsockopen() call when login has been called
SSH2: != -> |=
SSH2: phpdoc changes
SSH2: syntax error
SSH2: timeout set in constructor != timeout set by setTimeout()
SSH2: add phpdoc header
SSH2: connect to server in login() function
Conflicts:
phpseclib/Net/SSH2.php
Also, in Net_SSH2::_connect() $host is used in multiple places. Rather than changing all references to {$this->host}:{$this->port} preserve existing $host reference and update it accordingly
this change will make it so some parameters can be set after the
Net_SSH2 object has been created. eg. instead of doing
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX) one can now do
$ssh->setLogging(...) or something.
* master:
SSH_Agent: add new line at end of file to comply with CS
SSH_Agent: another CS update
SSH_Agent: CS updates
SSH_Agent: mv SSH_Agent to SSH/Agent and create SSH_Agent for BC
SSH_Agent: mv SSH_Agent to SSH/Agent and create SSH_Agent for BC
* bantu/ssh-agent-psr0-fix:
SSH_Agent: add new line at end of file to comply with CS
SSH_Agent: another CS update
SSH_Agent: CS updates
SSH_Agent: mv SSH_Agent to SSH/Agent and create SSH_Agent for BC
bad timezone settings can make phpinfo() throw errors so we'll just
suppress them. if there are legit non-timezone errors with php install
those will probably be hit in other parts of the code
RFC 3280 requires in section
- 4.1.2.5 Validity
- 5.1.2.4 This Update
- 5.1.2.5 Next Update
- 5.1.2.6 Revoked Certificates
that dates are to be encoded as utcTime iff they are before 2050 and
as generalTime otherwise.
Currently, phpseclib does not respect this by always choosing generalTime.
Further, the format used interally to represent dates only keeps two digits,
so dates in 2050 and later cannot be represented in this format.
This patch fixes this by
1. changing the interal format to be capable of unambiguously representing
dates in 2050 or later (i.e. use four digits to represent the year),
2. choosing between utcTime and generalTime accordingly.
Without this patch, openssl_x509_parse complains:
Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp