Merge pull request #1788 from nextcloud/deps/28-phpseclib

[stable28] fix(deps): Update phpseclib to 2.0.47

composer.json

@@ -38,7 +38,7 @@
 		"pear/pear-core-minimal": "^v1.10",
 		"php-http/guzzle7-adapter": "^1.0.0",
 		"php-opencloud/openstack": "^3.1",
-		"phpseclib/phpseclib": "^2.0.45",
+		"phpseclib/phpseclib": "^2.0.47",
 		"pimple/pimple": "^3.5.0",
 		"psr/clock": "^1.0",
 		"psr/container": "^2.0.2",

composer/installed.json

@@ -2947,17 +2947,17 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "2.0.45",
-            "version_normalized": "2.0.45.0",
+            "version": "2.0.47",
+            "version_normalized": "2.0.47.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "28d8f438a0064c9de80857e3270d071495544640"
+                "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/28d8f438a0064c9de80857e3270d071495544640",
-                "reference": "28d8f438a0064c9de80857e3270d071495544640",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/b7d7d90ee7df7f33a664b4aea32d50a305d35adb",
+                "reference": "b7d7d90ee7df7f33a664b4aea32d50a305d35adb",
                 "shasum": ""
             },
             "require": {
@@ -2975,7 +2975,7 @@
                 "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations.",
                 "ext-xml": "Install the XML extension to load XML formatted public keys."
             },
-            "time": "2023-09-15T20:55:47+00:00",
+            "time": "2024-02-26T04:55:38+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -3040,7 +3040,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.45"
+                "source": "https://github.com/phpseclib/phpseclib/tree/2.0.47"
             },
             "funding": [
                 {

composer/installed.php

@@ -3,7 +3,7 @@
         'name' => 'nextcloud/3rdparty',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '330abb953111fee49cd2577b42dcd54712bdb8b0',
+        'reference' => '9aabf1a490571ef88073d069222e9a232b772fc8',
         'type' => 'library',
         'install_path' => __DIR__ . '/../',
         'aliases' => array(),
@@ -310,7 +310,7 @@
         'nextcloud/3rdparty' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '330abb953111fee49cd2577b42dcd54712bdb8b0',
+            'reference' => '9aabf1a490571ef88073d069222e9a232b772fc8',
             'type' => 'library',
             'install_path' => __DIR__ . '/../',
             'aliases' => array(),
@@ -410,9 +410,9 @@
             'dev_requirement' => false,
         ),
         'phpseclib/phpseclib' => array(
-            'pretty_version' => '2.0.45',
-            'version' => '2.0.45.0',
-            'reference' => '28d8f438a0064c9de80857e3270d071495544640',
+            'pretty_version' => '2.0.47',
+            'version' => '2.0.47.0',
+            'reference' => 'b7d7d90ee7df7f33a664b4aea32d50a305d35adb',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpseclib/phpseclib',
             'aliases' => array(),

phpseclib/phpseclib/phpseclib/Crypt/AES.php

@@ -84,43 +84,13 @@ function setBlockLength($length)
      */
     function setKeyLength($length)
     {
-        switch ($length) {
-            case 160:
-                $length = 192;
-                break;
-            case 224:
-                $length = 256;
-        }
         parent::setKeyLength($length);
-    }
-
-    /**
-     * Sets the key.
-     *
-     * Rijndael supports five different key lengths, AES only supports three.
-     *
-     * @see \phpseclib\Crypt\Rijndael:setKey()
-     * @see setKeyLength()
-     * @access public
-     * @param string $key
-     */
-    function setKey($key)
-    {
-        parent::setKey($key);
-
-        if (!$this->explicit_key_length) {
-            $length = strlen($key);
-            switch (true) {
-                case $length <= 16:
-                    $this->key_length = 16;
-                    break;
-                case $length <= 24:
-                    $this->key_length = 24;
-                    break;
-                default:
-                    $this->key_length = 32;
-            }
-            $this->_setEngine();
+        switch ($this->key_length) {
+            case 20:
+                $this->key_length = 24;
+                break;
+            case 28:
+                $this->key_length = 32;
         }
     }
 }

phpseclib/phpseclib/phpseclib/Crypt/Base.php

@@ -514,6 +514,8 @@ function __construct($mode = self::MODE_CBC)
             switch (true) {
                 // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster
                 case (PHP_OS & "\xDF\xDF\xDF") === 'WIN':
+                case !function_exists('php_uname'):
+                case !is_string(php_uname('m')):
                 case (php_uname('m') & "\xDF\xDF\xDF") != 'ARM':
                 case PHP_INT_SIZE == 8:
                     define('CRYPT_BASE_USE_REG_INTVAL', true);

phpseclib/phpseclib/phpseclib/Crypt/Hash.php

@@ -866,7 +866,7 @@ function _add()
             $result+= $argument < 0 ? ($argument & 0x7FFFFFFF) + 0x80000000 : $argument;
         }
 
-        if ((php_uname('m') & "\xDF\xDF\xDF") != 'ARM') {
+        if (function_exists('php_uname') && is_string(php_uname('m')) && (php_uname('m') & "\xDF\xDF\xDF") != 'ARM') {
             return fmod($result, $mod);
         }
 

phpseclib/phpseclib/phpseclib/Crypt/RSA.php

@@ -570,6 +570,7 @@ function createKey($bits = 1024, $timeout = false, $partial = array())
             $publickey = call_user_func_array(array($this, '_convertPublicKey'), array_values($this->_parseKey($publickey, self::PUBLIC_FORMAT_PKCS1)));
 
             // clear the buffer of error strings stemming from a minimalistic openssl.cnf
+            // https://github.com/php/php-src/issues/11054 talks about other errors this'll pick up
             while (openssl_error_string() !== false) {
             }
 

phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php

@@ -814,7 +814,6 @@ function _setupInlineCrypt()
 
             // Generating encrypt code:
             $init_encrypt.= '
-                static $tables;
                 if (empty($tables)) {
                     $tables = &$self->_getTables();
                 }
@@ -871,7 +870,6 @@ function _setupInlineCrypt()
 
             // Generating decrypt code:
             $init_decrypt.= '
-                static $invtables;
                 if (empty($invtables)) {
                     $invtables = &$self->_getInvTables();
                 }
@@ -928,7 +926,7 @@ function _setupInlineCrypt()
 
             $lambda_functions[$code_hash] = $this->_createInlineCryptFunction(
                 array(
-                   'init_crypt'    => '',
+                   'init_crypt'    => 'static $tables; static $invtables;',
                    'init_encrypt'  => $init_encrypt,
                    'init_decrypt'  => $init_decrypt,
                    'encrypt_block' => $encrypt_block,

phpseclib/phpseclib/phpseclib/File/ASN1.php

@@ -1176,6 +1176,11 @@ function _decodeOID($content)
         $oid = array();
         $pos = 0;
         $len = strlen($content);
+        // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+        if ($len > 4096) {
+            //user_error('Object Identifier size is limited to 4096 bytes');
+            return false;
+        }
 
         if (ord($content[$len - 1]) & 0x80) {
             return false;

phpseclib/phpseclib/phpseclib/File/X509.php

@@ -2070,7 +2070,8 @@ function validateURL($url)
         if ($names = $this->getExtension('id-ce-subjectAltName')) {
             foreach ($names as $name) {
                 foreach ($name as $key => $value) {
-                    $value = str_replace(array('.', '*'), array('\.', '[^.]*'), $value);
+                    $value = preg_quote($value);
+                    $value = str_replace('\*', '[^.]*', $value);
                     switch ($key) {
                         case 'dNSName':
                             /* From RFC2818 "HTTP over TLS":

phpseclib/phpseclib/phpseclib/Math/BigInteger.php

@@ -163,23 +163,23 @@ class BigInteger
      *
      * @see __construct()
      */
-    protected static $base;
-    protected static $baseFull;
-    protected static $maxDigit;
-    protected static $msb;
+    static $base;
+    static $baseFull;
+    static $maxDigit;
+    static $msb;
 
     /**
      * $max10 in greatest $max10Len satisfying
      * $max10 = 10**$max10Len <= 2**$base.
      */
-    protected static $max10;
+    static $max10;
 
     /**
      * $max10Len in greatest $max10Len satisfying
      * $max10 = 10**$max10Len <= 2**$base.
      */
-    protected static $max10Len;
-    protected static $maxDigit2;
+    static $max10Len;
+    static $maxDigit2;
     /**#@-*/
 
     /**
@@ -729,6 +729,33 @@ function toString()
         return $result;
     }
 
+    /**
+     * Return the size of a BigInteger in bits
+     *
+     * @return int
+     */
+    function getLength()
+    {
+        if (MATH_BIGINTEGER_MODE != self::MODE_INTERNAL) {
+            return strlen($this->toBits());
+        }
+
+        $max = count($this->value) - 1;
+        return $max != -1 ?
+            $max * self::$base + intval(ceil(log($this->value[$max] + 1, 2))) :
+            0;
+    }
+
+    /**
+     * Return the size of a BigInteger in bytes
+     *
+     * @return int
+     */
+    function getLengthInBytes()
+    {
+        return (int) ceil($this->getLength() / 8);
+    }
+
     /**
      * Copy an object
      *
@@ -3237,6 +3264,11 @@ function randomPrime($arg1, $arg2 = false, $timeout = false)
             $min = $temp;
         }
 
+        $length = $max->getLength();
+        if ($length > 8196) {
+            user_error('Generation of random prime numbers larger than 8196 has been disabled');
+        }
+
         static $one, $two;
         if (!isset($one)) {
             $one = new static(1);
@@ -3344,7 +3376,14 @@ function _make_odd()
      */
     function isPrime($t = false)
     {
-        $length = strlen($this->toBytes());
+        $length = $this->getLength();
+        // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is
+        // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is
+        // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest
+        // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on
+        if ($length > 8196) {
+            user_error('Primality testing is not supported for numbers larger than 8196 bits');
+        }
 
         if (!$t) {
             // see HAC 4.49 "Note (controlling the error probability)"

phpseclib/phpseclib/phpseclib/Net/SFTP.php

@@ -3640,6 +3640,7 @@ function _reset_connection($reason)
         $this->use_request_id = false;
         $this->pwd = false;
         $this->requestBuffer = array();
+        $this->partial_init = false;
     }
 
     /**
@@ -3788,7 +3789,7 @@ function getSFTPLog()
     }
 
     /**
-     * Returns all errors
+     * Returns all errors on the SFTP layer
      *
      * @return array
      * @access public
@@ -3799,7 +3800,7 @@ function getSFTPErrors()
     }
 
     /**
-     * Returns the last error
+     * Returns the last error on the SFTP layer
      *
      * @return string
      * @access public