Bump files in PHPSecLib to version 3.0.36 (to match composer).

libraries/google-api-php-client/vendor/phpseclib/phpseclib/BACKERS.md

@@ -13,4 +13,5 @@ phpseclib ongoing development is made possible by [Tidelift](https://tidelift.co
 - [Rachel Fish](https://github.com/itsrachelfish)
 - Tharyrok
 - [cjhaas](https://github.com/cjhaas)
-- [istiak-tridip](https://github.com/istiak-tridip)
+- [istiak-tridip](https://github.com/istiak-tridip)
+- [Anna Filina](https://github.com/afilina)

libraries/google-api-php-client/vendor/phpseclib/phpseclib/README.md

@@ -51,7 +51,7 @@ SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 /
 * PHP4 compatible
 * Composer compatible (PSR-0 autoloading)
 * Install using Composer: `composer require phpseclib/phpseclib:~1.0`
-* [Download 1.0.22 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.22.zip/download)
+* [Download 1.0.23 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.23.zip/download)
 
 ## Security contact information
 

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php

@@ -150,7 +150,7 @@ public function sign($message)
             // we use specified curves to avoid issues with OpenSSL possibly not supporting a given named curve;
             // doing this may mean some curve-specific optimizations can't be used but idk if OpenSSL even
             // has curve-specific optimizations
-            $result = openssl_sign($message, $signature, $this->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash());
+            $result = openssl_sign($message, $signature, $this->withPassword()->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash());
 
             if ($result) {
                 if ($shortFormat == 'ASN1') {

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php

@@ -1148,6 +1148,11 @@ public static function decodeOID($content)
         $oid = [];
         $pos = 0;
         $len = strlen($content);
+        // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+        if ($len > 4096) {
+            //throw new \RuntimeException("Object identifier size is limited to 4096 bytes ($len bytes present)");
+            return false;
+        }
 
         if (ord($content[$len - 1]) & 0x80) {
             return false;

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php

@@ -619,7 +619,7 @@ public function getLength()
      */
     public function getLengthInBytes()
     {
-        return strlen($this->toBytes());
+        return (int) ceil($this->getLength() / 8);
     }
 
     /**
@@ -786,6 +786,11 @@ protected static function randomRangePrimeOuter(Engine $min, Engine $max)
             $min = $temp;
         }
 
+        $length = $max->getLength();
+        if ($length > 8196) {
+            throw new \RuntimeException("Generation of random prime numbers larger than 8196 has been disabled ($length)");
+        }
+
         $x = static::randomRange($min, $max);
 
         return static::randomRangePrimeInner($x, $min, $max);
@@ -990,6 +995,15 @@ protected function testPrimality($t)
      */
     public function isPrime($t = false)
     {
+        // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is
+        // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is
+        // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest
+        // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on
+        $length = $this->getLength();
+        if ($length > 8196) {
+            throw new \RuntimeException("Primality testing is not supported for numbers larger than 8196 bits ($length)");
+        }
+
         if (!$t) {
             $t = $this->setupIsPrime();
         }

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP.php

@@ -1341,4 +1341,17 @@ protected static function testJITOnWindows()
         }
         return false;
     }
+
+    /**
+     * Return the size of a BigInteger in bits
+     *
+     * @return int
+     */
+    public function getLength()
+    {
+        $max = count($this->value) - 1;
+        return $max != -1 ?
+            $max * static::BASE + intval(ceil(log($this->value[$max] + 1, 2))) :
+            0;
+    }
 }

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php

@@ -2129,8 +2129,8 @@ public function put($remote_file, $data, $mode = self::SOURCE_STRING, $start = -
             $offset = $start;
         } elseif ($mode & (self::RESUME | self::RESUME_START)) {
             // if NET_SFTP_OPEN_APPEND worked as it should _size() wouldn't need to be called
-            $size = $this->stat($remote_file)['size'];
-            $offset = $size !== false ? $size : 0;
+            $stat = $this->stat($remote_file);
+            $offset = $stat !== false && $stat['size'] ? $stat['size'] : 0;
         } else {
             $offset = 0;
             if ($this->version >= 5) {
@@ -3446,7 +3446,7 @@ public function getSFTPLog()
     }
 
     /**
-     * Returns all errors
+     * Returns all errors on the SFTP layer
      *
      * @return array
      */
@@ -3456,7 +3456,7 @@ public function getSFTPErrors()
     }
 
     /**
-     * Returns the last error
+     * Returns the last error on the SFTP layer
      *
      * @return string
      */

libraries/google-api-php-client/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php

@@ -1116,6 +1116,8 @@ class SSH2
      * Default Constructor.
      *
      * $host can either be a string, representing the host, or a stream resource.
+     * If $host is a stream resource then $port doesn't do anything, altho $timeout
+     * still will be used
      *
      * @param mixed $host
      * @param int $port
@@ -1214,6 +1216,8 @@ public function __construct($host, $port = 22, $timeout = 10)
             ? \WeakReference::create($this)
             : $this;
 
+        $this->timeout = $timeout;
+
         if (is_resource($host)) {
             $this->fsock = $host;
             return;
@@ -1222,7 +1226,6 @@ public function __construct($host, $port = 22, $timeout = 10)
         if (Strings::is_stringable($host)) {
             $this->host = $host;
             $this->port = $port;
-            $this->timeout = $timeout;
         }
     }
 
@@ -3341,11 +3344,38 @@ public function __destruct()
     /**
      * Is the connection still active?
      *
+     * $level has 3x possible values:
+     * 0 (default): phpseclib takes a passive approach to see if the connection is still active by calling feof()
+     *    on the socket
+     * 1: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_IGNORE
+     *    packet that doesn't require a response
+     * 2: phpseclib takes an active approach to see if the connection is still active by sending an SSH_MSG_CHANNEL_OPEN
+     *    packet and imediately trying to close that channel. some routers, in particular, however, will only let you
+     *    open one channel, so this approach could yield false positives
+     *
+     * @param int $level
      * @return bool
      */
-    public function isConnected()
+    public function isConnected($level = 0)
     {
-        return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock);
+        if (!is_int($level) || $level < 0 || $level > 2) {
+            throw new \InvalidArgumentException('$level must be 0, 1 or 2');
+        }
+
+        if ($level == 0) {
+            return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock);
+        }
+        try {
+            if ($level == 1) {
+                $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
+            } else {
+                $this->openChannel(self::CHANNEL_KEEP_ALIVE);
+                $this->close_channel(self::CHANNEL_KEEP_ALIVE);
+            }
+            return true;
+        } catch (\Exception $e) {
+            return false;
+        }
     }
 
     /**
@@ -3531,6 +3561,9 @@ private function get_binary_packet($skip_channel_filter = false)
         }
 
         $start = microtime(true);
+        $sec = (int) floor($this->curTimeout);
+        $usec = (int) (1000000 * ($this->curTimeout - $sec));
+        stream_set_timeout($this->fsock, $sec, $usec);
         $raw = stream_get_contents($this->fsock, $this->decrypt_block_size);
 
         if (!strlen($raw)) {
@@ -4724,7 +4757,9 @@ private static function array_intersect_first(array $array1, array $array2)
     }
 
     /**
-     * Returns all errors
+     * Returns all errors / debug messages on the SSH layer
+     *
+     * If you are looking for messages from the SFTP layer, please see SFTP::getSFTPErrors()
      *
      * @return string[]
      */
@@ -4734,7 +4769,9 @@ public function getErrors()
     }
 
     /**
-     * Returns the last error
+     * Returns the last error received on the SSH layer
+     *
+     * If you are looking for messages from the SFTP layer, please see SFTP::getLastSFTPError()
      *
      * @return string
      */