Skip to content

Commit

Permalink
Merge pull request #228 from nextcloud/dependabot/composer/phpseclib/…
Browse files Browse the repository at this point in the history 
…phpseclib-2.0.14

Bump phpseclib/phpseclib from 2.0.13 to 2.0.14
  • Loading branch information
@MorrisJobke
MorrisJobke committed Feb 5, 2019
2 parents 2f18f40 + 45a3223 commit 2fac6fc
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 37 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Expand Up @@ -29,7 +29,7 @@
"patchwork/utf8": "1.3.1",
"pear/archive_tar": "1.4.5",
"pear/pear-core-minimal": "^v1.10",
"phpseclib/phpseclib": "2.0.13",
"phpseclib/phpseclib": "2.0.14",
"php-opencloud/openstack": "3.0.5",
"pimple/pimple": "3.2.3",
"punic/punic": "^1.6",
Expand Down
12 changes: 6 additions & 6 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions composer/installed.json
View file
Expand Up @@ -2352,17 +2352,17 @@
},
{
"name": "phpseclib/phpseclib",
"version": "2.0.13",
"version_normalized": "2.0.13.0",
"version": "2.0.14",
"version_normalized": "2.0.14.0",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
"reference": "42603ce3f42a27f7e14e54feab95db7b680ad473"
"reference": "8ebfcadbf30524aeb75b2c446bc2519d5b321478"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/42603ce3f42a27f7e14e54feab95db7b680ad473",
"reference": "42603ce3f42a27f7e14e54feab95db7b680ad473",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/8ebfcadbf30524aeb75b2c446bc2519d5b321478",
"reference": "8ebfcadbf30524aeb75b2c446bc2519d5b321478",
"shasum": ""
},
"require": {
Expand All @@ -2380,7 +2380,7 @@
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
},
"time": "2018-12-16T17:45:25+00:00",
"time": "2019-01-27T19:37:29+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
Expand Down
55 changes: 31 additions & 24 deletions phpseclib/phpseclib/phpseclib/Net/SSH2.php
View file
Expand Up @@ -104,6 +104,7 @@ class SSH2
const CHANNEL_SHELL = 2;
const CHANNEL_SUBSYSTEM = 3;
const CHANNEL_AGENT_FORWARD = 4;
const CHANNEL_KEEP_ALIVE = 5;
/**#@-*/

/**#@+
Expand Down Expand Up @@ -1819,8 +1820,13 @@ function _key_exchange($kexinit_payload_server = false)
}

if ($public_key_format != $expected_key_format || $this->signature_format != $server_host_key_algorithm) {
user_error('Server Host Key Algorithm Mismatch');
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
switch (true) {
case $this->signature_format == $server_host_key_algorithm:
case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
case $this->signature_format != 'ssh-rsa':
user_error('Server Host Key Algorithm Mismatch');
return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
}
}

$packet = pack(
Expand Down Expand Up @@ -2587,6 +2593,21 @@ function _privatekey_login($username, $privatekey)
$publickey['n']
);

switch ($this->signature_format) {
case 'rsa-sha2-512':
$hash = 'sha512';
$signatureType = 'rsa-sha2-512';
break;
case 'rsa-sha2-256':
$hash = 'sha256';
$signatureType = 'rsa-sha2-256';
break;
//case 'ssh-rsa':
default:
$hash = 'sha1';
$signatureType = 'ssh-rsa';
}

$part1 = pack(
'CNa*Na*Na*',
NET_SSH2_MSG_USERAUTH_REQUEST,
Expand All @@ -2597,7 +2618,7 @@ function _privatekey_login($username, $privatekey)
strlen('publickey'),
'publickey'
);
$part2 = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey), $publickey);
$part2 = pack('Na*Na*', strlen($signatureType), $signatureType, strlen($publickey), $publickey);

$packet = $part1 . chr(0) . $part2;
if (!$this->_send_binary_packet($packet)) {
Expand Down Expand Up @@ -2638,23 +2659,9 @@ function _privatekey_login($username, $privatekey)

$packet = $part1 . chr(1) . $part2;
$privatekey->setSignatureMode(RSA::SIGNATURE_PKCS1);
switch ($this->signature_format) {
case 'rsa-sha2-512':
$hash = 'sha512';
$type = 'rsa-sha2-512';
break;
case 'rsa-sha2-256':
$hash = 'sha256';
$type = 'rsa-sha2-256';
break;
//case 'ssh-rsa':
default:
$hash = 'sha1';
$type = 'ssh-rsa';
}
$privatekey->setHash($hash);
$signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet));
$signature = pack('Na*Na*', strlen($type), $type, strlen($signature), $signature);
$signature = pack('Na*Na*', strlen($signatureType), $signatureType, strlen($signature), $signature);
$packet.= pack('Na*', strlen($signature), $signature);

if (!$this->_send_binary_packet($packet)) {
Expand Down Expand Up @@ -3259,27 +3266,27 @@ function ping()
return false;
}

$this->window_size_server_to_client[NET_SSH2_CHANNEL_KEEP_ALIVE] = $this->window_size;
$this->window_size_server_to_client[self::CHANNEL_KEEP_ALIVE] = $this->window_size;
$packet_size = 0x4000;
$packet = pack(
'CNa*N3',
NET_SSH2_MSG_CHANNEL_OPEN,
strlen('session'),
'session',
NET_SSH2_CHANNEL_KEEP_ALIVE,
$this->window_size_server_to_client[NET_SSH2_CHANNEL_KEEP_ALIVE],
self::CHANNEL_KEEP_ALIVE,
$this->window_size_server_to_client[self::CHANNEL_KEEP_ALIVE],
$packet_size
);

if (!@$this->_send_binary_packet($packet)) {
return $this->_reconnect();
}

$this->channel_status[NET_SSH2_CHANNEL_KEEP_ALIVE] = NET_SSH2_MSG_CHANNEL_OPEN;
$this->channel_status[self::CHANNEL_KEEP_ALIVE] = NET_SSH2_MSG_CHANNEL_OPEN;

$response = @$this->_get_channel_packet(NET_SSH2_CHANNEL_KEEP_ALIVE);
$response = @$this->_get_channel_packet(self::CHANNEL_KEEP_ALIVE);
if ($response !== false) {
$this->_close_channel(NET_SSH2_CHANNEL_KEEP_ALIVE);
$this->_close_channel(self::CHANNEL_KEEP_ALIVE);
return true;
}

Expand Down

0 comments on commit 2fac6fc

Please sign in to comment.